Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7-0]: src Pull up following revision(s) (requested by spz in tick...
details: https://anonhg.NetBSD.org/src/rev/9a9144383034
branches: netbsd-7-0
changeset: 801311:9a9144383034
user: snj <snj%NetBSD.org@localhost>
date: Fri Apr 21 05:16:38 2017 +0000
description:
Pull up following revision(s) (requested by spz in ticket #1404):
doc/3RDPARTY: 1.1430 via patch
external/bsd/bind/dist/CHANGES: up to 1.26
external/bsd/bind/dist/COPYRIGHT: up to 1.1.1.11
external/bsd/bind/dist/README: up to 1.14
external/bsd/bind/dist/bin/named/query.c: up to 1.24
external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl: up to 1.1.1.2
external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db: up to 1.1.1.4
external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db: up to 1.1.1.4
external/bsd/bind/dist/bin/tests/system/dname/tests.sh: up to 1.1.1.6
external/bsd/bind/dist/bin/tests/system/rndc/tests.sh: up to 1.1.1.9
external/bsd/bind/dist/bin/tests/system/rpz/tests.sh: up to 1.1.1.13
external/bsd/bind/dist/bind.keys: up to 1.1.1.6
external/bsd/bind/dist/bind.keys.h: up to 1.1.1.4
external/bsd/bind/dist/configure: up to 1.7
external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html: up to 1.1.1.24
external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html: up to 1.1.1.21
external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html: up to 1.1.1.26
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html: up to 1.14
external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html: up to 1.1.1.27
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html: up to 1.14
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html: up to 1.14
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html: up to 1.14
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html: up to 1.14
external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html: up to 1.1.1.23
external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html: up to 1.1.1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html: up to 1.1.1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html: up to 1.1.1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.html: up to 1.14
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf: up to 1.19
external/bsd/bind/dist/doc/arm/man.arpaname.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.delv.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dig.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.genrandom.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.host.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.lwresd.html: up to 1.1.1.6
external/bsd/bind/dist/doc/arm/man.named-checkconf.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.named-checkzone.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.named-journalprint.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.named.conf.html: up to 1.1.1.6
external/bsd/bind/dist/doc/arm/man.named.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.nsec3hash.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.nsupdate.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.rndc.conf.html: up to 1.14
external/bsd/bind/dist/doc/arm/man.rndc.html: up to 1.14
external/bsd/bind/dist/doc/arm/notes.html: up to 1.1.1.12
external/bsd/bind/dist/doc/arm/notes.pdf: up to 1.1.1.12
external/bsd/bind/dist/doc/arm/notes.xml: up to 1.1.1.12
external/bsd/bind/dist/lib/dns/api: up to 1.14
external/bsd/bind/dist/lib/dns/rdataset.c: up to 1.10
external/bsd/bind/dist/lib/dns/resolver.c: up to 1.30
external/bsd/bind/dist/lib/isc/include/isc/lex.h: up to 1.5
external/bsd/bind/dist/lib/isc/lex.c: up to 1.8
external/bsd/bind/dist/srcid: up to 1.20
external/bsd/bind/dist/version: up to 1.24
Update BIND to 9.10.4-P8.
diffstat:
doc/3RDPARTY | 6 +-
external/bsd/bind/dist/CHANGES | 22 +-
external/bsd/bind/dist/COPYRIGHT | 2 +-
external/bsd/bind/dist/README | 5 +
external/bsd/bind/dist/bin/named/query.c | 5 +-
external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl | 16 +-
external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db | 2 +-
external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db | 3 +-
external/bsd/bind/dist/bin/tests/system/dname/tests.sh | 17 +-
external/bsd/bind/dist/bin/tests/system/rndc/tests.sh | 8 +
external/bsd/bind/dist/bin/tests/system/rpz/tests.sh | 4 +-
external/bsd/bind/dist/bind.keys | 65 +-
external/bsd/bind/dist/bind.keys.h | 132 +-
external/bsd/bind/dist/configure | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 55 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 7 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 2 +-
external/bsd/bind/dist/doc/arm/man.host.html | 2 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 2 +-
external/bsd/bind/dist/doc/arm/man.lwresd.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 2 +-
external/bsd/bind/dist/doc/arm/notes.html | 50 +-
external/bsd/bind/dist/doc/arm/notes.pdf | Bin
external/bsd/bind/dist/doc/arm/notes.xml | 56 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/rdataset.c | 4 +-
external/bsd/bind/dist/lib/dns/resolver.c | 870 ++++------
external/bsd/bind/dist/lib/isc/include/isc/lex.h | 4 +-
external/bsd/bind/dist/lib/isc/lex.c | 7 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
68 files changed, 747 insertions(+), 683 deletions(-)
diffs (truncated from 2317 to 300 lines):
diff -r 7f9bcbcd6114 -r 9a9144383034 doc/3RDPARTY
--- a/doc/3RDPARTY Thu Apr 20 06:43:48 2017 +0000
+++ b/doc/3RDPARTY Fri Apr 21 05:16:38 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.18 2017/04/20 06:42:09 snj Exp $
+# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.19 2017/04/21 05:16:38 snj Exp $
#
# This file contains a list of the software that has been integrated into
# NetBSD where we are not the primary maintainer.
@@ -113,8 +113,8 @@
bc includes dc, both of which are in the NetBSD tree.
Package: bind [named and utils]
-Version: 9.10.4-P6
-Current Vers: 9.10.4-P6
+Version: 9.10.4-P8
+Current Vers: 9.10.4-P8
Maintainer: Paul Vixie <vixie%vix.com@localhost>
Archive Site: ftp://ftp.isc.org/isc/bind9/
Home Page: http://www.isc.org/software/bind/
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Fri Apr 21 05:16:38 2017 +0000
@@ -1,7 +1,27 @@
+ --- 9.10.4-P8 released ---
+
+4582. [security] 'rndc ""' could trigger a assertion failure in named.
+ (CVE-2017-3138) [RT #44924]
+
+4580. [bug] 4578 introduced a regression when handling CNAME to
+ referral below the current domain. [RT #44850]
+
+ --- 9.10.4-P7 released ---
+
+4578. [security] Some chaining (CNAME or DNAME) responses to upstream
+ queries could trigger assertion failures.
+ (CVE-2017-3137) [RT #44734]
+
+4575. [security] DNS64 with "break-dnssec yes;" can result in an
+ assertion failure. (CVE-2017-3136) [RT #44653]
+
+4564. [maint] Update the built in managed keys to include the
+ upcoming root KSK. [RT #44579]
+
--- 9.10.4-P6 released ---
4558. [bug] Synthesised CNAME before matching DNAME was still
- being cached when it should have been. [RT #44318]
+ being cached when it should not have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/COPYRIGHT
--- a/external/bsd/bind/dist/COPYRIGHT Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/COPYRIGHT Fri Apr 21 05:16:38 2017 +0000
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/README Fri Apr 21 05:16:38 2017 +0000
@@ -51,6 +51,11 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P7
+
+ This version contains fixes for CVE-2017-3136 and CVE-2017-3137,
+ and updates the built in trusted keys for the root zone.
+
BIND 9.10.4-P6
This version contains a fix for CVE-2017-3135, and a bug fix
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c Fri Apr 21 05:16:38 2017 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: query.c,v 1.16.2.3.2.3 2017/02/20 16:27:13 sborrill Exp $ */
+/* $NetBSD: query.c,v 1.16.2.3.2.4 2017/04/21 05:16:39 snj Exp $ */
/*
- * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -8221,6 +8221,7 @@
result = query_dns64(client, &fname, rdataset,
sigrdataset, dbuf,
DNS_SECTION_ANSWER);
+ noqname = NULL;
dns_rdataset_disassociate(rdataset);
dns_message_puttemprdataset(client->message, &rdataset);
if (result == ISC_R_NOMORE) {
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl
--- a/external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl Fri Apr 21 05:16:38 2017 +0000
@@ -1,10 +1,18 @@
#!/usr/bin/env perl
#
-# Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
use strict;
use warnings;
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db
--- a/external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db Fri Apr 21 05:16:38 2017 +0000
@@ -1,4 +1,4 @@
-; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2011, 2017 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db
--- a/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db Fri Apr 21 05:16:38 2017 +0000
@@ -1,4 +1,4 @@
-; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2011, 2017 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
@@ -29,6 +29,7 @@
short-dname DNAME short
a.longlonglonglonglonglonglonglonglonglonglonglonglong A 10.0.0.2
long-dname DNAME longlonglonglonglonglonglonglonglonglonglonglonglong
+toolong-dname DNAME longlonglonglonglonglonglonglonglonglonglonglonglong
cname CNAME a.cnamedname
cnamedname DNAME target
a.target A 10.0.0.3
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/tests/system/dname/tests.sh
--- a/external/bsd/bind/dist/bin/tests/system/dname/tests.sh Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dname/tests.sh Fri Apr 21 05:16:38 2017 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2011, 2012, 2017 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -57,10 +57,19 @@
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
-echo "I:checking (too) long dname from recursive"
+echo "I:checking (too) long dname from recursive with cached DNAME"
+ret=0
+$DIG
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example
@10.53.0.4 a -p 5300 > dig.out.ns4.cachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
+grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking (too) long dname from recursive without cached DNAME"
ret=0
-$DIG
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example
@10.53.0.4 a -p 5300 > dig.out.ns4.toolong || ret=1
-grep "status: YXDOMAIN" dig.out.ns4.toolong > /dev/null || ret=1
+$DIG
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example
@10.53.0.4 a -p 5300 > dig.out.ns4.uncachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
+grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/tests/system/rndc/tests.sh
--- a/external/bsd/bind/dist/bin/tests/system/rndc/tests.sh Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/rndc/tests.sh Fri Apr 21 05:16:38 2017 +0000
@@ -393,5 +393,13 @@
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo "I:check 'rndc \"\"' is handled ($n)"
+ret=0
+$RNDCCMD "" > rndc.out.test$n 2>&1 && ret=1
+grep "rndc: '' failed: failure" rndc.out.test$n > /dev/null
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bin/tests/system/rpz/tests.sh
--- a/external/bsd/bind/dist/bin/tests/system/rpz/tests.sh Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/rpz/tests.sh Fri Apr 21 05:16:38 2017 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 2011-2016 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2011-2017 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -383,7 +383,7 @@
drop a3-8.tld2 any @$ns6 # 20 drop
end_group
-ckstatsrange $ns3 test1 ns3 22 25
+ckstatsrange $ns3 test1 ns3 22 28
ckstats $ns5 test1 ns5 0
ckstats $ns6 test1 ns6 0
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bind.keys
--- a/external/bsd/bind/dist/bind.keys Thu Apr 20 06:43:48 2017 +0000
+++ b/external/bsd/bind/dist/bind.keys Fri Apr 21 05:16:38 2017 +0000
@@ -15,32 +15,55 @@
#
# This file is NOT expected to be user-configured.
#
-# These keys are current as of January 2011. If any key fails to
+# These keys are current as of Feburary 2017. If any key fails to
# initialize correctly, it may have expired. In that event you should
# replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys {
- # ISC DLV: See https://www.isc.org/solutions/dlv for details.
- # NOTE: This key is activated by setting "dnssec-lookaside auto;"
- # in named.conf.
- dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
- brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
- 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
- ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
- Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
- QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
- TDN0YUuWrBNh";
+ # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+ #
+ # NOTE: The ISC DLV zone is being phased out as of February 2017;
+ # the key will remain in place but the zone will be otherwise empty.
+ # Configuring "dnssec-lookaside auto;" to activate this key is
+ # harmless, but is no longer useful and is not recommended.
+ dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+ ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+ Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+ QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+ TDN0YUuWrBNh";
- # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
- # for current trust anchor information.
- # NOTE: This key is activated by setting "dnssec-validation auto;"
+ # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+ # for current trust anchor information.
+ #
+ # These keys are activated by setting "dnssec-validation auto;"
# in named.conf.
- . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
- FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
- bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
- X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
- W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
- Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
- QxA+Uk1ihz0=";
+ #
+ # This key (19036) is to be phased out starting in 2017. It will
+ # remain in the root zone for some time after its successor key
+ # has been added. It will remain this file until it is removed from
+ # the root zone.
+ . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+ FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+ bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+ X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+ W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+ Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+ QxA+Uk1ihz0=";
+
+ # This key (20326) is to be published in the root zone in 2017.
+ # Servers which were already using the old key should roll to the
+ # new # one seamlessly. Servers being set up for the first time
+ # can use either of the keys in this file to verify the root keys
+ # for the first time; thereafter the keys in the zone will be
+ # trusted and maintained automatically.
+ . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+ +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+ ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+ 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+ oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+ RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+ R1AkUTV74bU=";
};
diff -r 7f9bcbcd6114 -r 9a9144383034 external/bsd/bind/dist/bind.keys.h
--- a/external/bsd/bind/dist/bind.keys.h Thu Apr 20 06:43:48 2017 +0000
Home |
Main Index |
Thread Index |
Old Index