Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/mpl/bind/dist --- 9.14.7 released ---
details: https://anonhg.NetBSD.org/src/rev/4511c2332131
branches: trunk
changeset: 845823:4511c2332131
user: christos <christos%NetBSD.org@localhost>
date: Thu Oct 17 16:25:39 2019 +0000
description:
--- 9.14.7 released ---
5299. [security] A flaw in DNSSEC verification when transferring
mirror zones could allow data to be incorrectly
marked valid. (CVE-2019-6475) [GL #16P]
5298. [security] Named could assert if a forwarder returned a
referral, rather than resolving the query, when QNAME
minimization was enabled. (CVE-2019-6476) [GL #1051]
5297. [bug] Check whether a previous QNAME minimization fetch
is still running before starting a new one; return
SERVFAIL and log an error if so. [GL #1191]
5294. [func] Fallback to ACE name on output in locale, which does not
support converting it to unicode. [GL #846]
5293. [bug] On Windows, named crashed upon any attempt to fetch XML
statistics from it. [GL #1245]
5292. [bug] Queue 'rndc nsec3param' requests while signing inline
zone changes. [GL #1205]
--- 9.14.6 released ---
5289. [bug] Address NULL pointer dereference in rpz.c:rpz_detach.
[GL #1210]
5286. [contrib] Address potential NULL pointer dereferences in
dlz_mysqldyn_mod.c. [GL #1207]
5285. [port] win32: implement "-T maxudpXXX". [GL #837]
5283. [bug] When a response-policy zone expires, ensure that
its policies are removed from the RPZ summary
database. [GL #1146]
5282. [bug] Fixed a bug in searching for possible wildcard matches
for query names in the RPZ summary database. [GL #1146]
5281. [cleanup] Don't escape commas when reporting named's command
line. [GL #1189]
5280. [protocol] Add support for displaying EDNS option LLQ. [GL #1201]
5279. [bug] When loading, reject zones containing CDS or CDNSKEY
RRsets at the zone apex if they would cause DNSSEC
validation failures if published in the parent zone
as the DS RRset. [GL #1187]
diffstat:
external/mpl/bind/dist/CHANGES | 52 +-
external/mpl/bind/dist/README | 70 +-
external/mpl/bind/dist/README.md | 89 +-
external/mpl/bind/dist/bin/check/win32/checkconf.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/check/win32/checktool.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/check/win32/checkzone.vcxproj.in | 17 +-
external/mpl/bind/dist/bin/confgen/win32/confgentool.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/delv/win32/delv.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dig/win32/dig.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dig/win32/dighost.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dig/win32/host.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dig/win32/nslookup.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/cds.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/dnssectool.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/dsfromkey.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/importkey.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/keyfromlabel.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/keygen.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/revoke.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/settime.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/signzone.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/dnssec/win32/verify.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/named/win32/named.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/nsupdate/win32/nsupdate.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/pkcs11/win32/pk11tokens.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/rndc/win32/rndc.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/rndc/win32/rndcutil.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/checkzone/zones/bad-cdnskey.db | 4 +
external/mpl/bind/dist/bin/tests/system/checkzone/zones/bad-cds.db | 6 +
external/mpl/bind/dist/bin/tests/system/checkzone/zones/good-cdnskey.db | 4 +
external/mpl/bind/dist/bin/tests/system/checkzone/zones/good-cds.db | 4 +
external/mpl/bind/dist/bin/tests/system/conf.sh.common | 1 +
external/mpl/bind/dist/bin/tests/system/conf.sh.win32 | 2 +-
external/mpl/bind/dist/bin/tests/system/digdelv/tests.sh | 8 +
external/mpl/bind/dist/bin/tests/system/dnssec/ns2/sign.sh | 12 +-
external/mpl/bind/dist/bin/tests/system/dnssec/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/forward/ns1/named.conf.in | 5 +
external/mpl/bind/dist/bin/tests/system/forward/ns1/sld.tld.db | 11 +
external/mpl/bind/dist/bin/tests/system/forward/ns2/named.conf.in | 5 +
external/mpl/bind/dist/bin/tests/system/forward/ns2/tld.db | 12 +
external/mpl/bind/dist/bin/tests/system/forward/ns8/named.conf.in | 28 +
external/mpl/bind/dist/bin/tests/system/forward/ns8/root.db | 11 +
external/mpl/bind/dist/bin/tests/system/forward/setup.sh | 1 +
external/mpl/bind/dist/bin/tests/system/forward/tests.sh | 7 +
external/mpl/bind/dist/bin/tests/system/glue/clean.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/glue/ns1/named.conf.in | 7 -
external/mpl/bind/dist/bin/tests/system/glue/ns1/root.db | 16 -
external/mpl/bind/dist/bin/tests/system/glue/setup.sh | 2 -
external/mpl/bind/dist/bin/tests/system/idna/tests.sh | 19 +
external/mpl/bind/dist/bin/tests/system/keymgr/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns6/delegation-only.db | 2 +-
external/mpl/bind/dist/bin/tests/system/resolver/tests.sh | 17 +-
external/mpl/bind/dist/bin/tests/system/rpz/clean.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/rpz/ns3/named.conf.in | 10 +
external/mpl/bind/dist/bin/tests/system/rpz/ns5/expire.conf.in | 17 +
external/mpl/bind/dist/bin/tests/system/rpz/ns5/fast-expire.db.in | 16 +
external/mpl/bind/dist/bin/tests/system/rpz/ns5/named.conf.in | 2 +
external/mpl/bind/dist/bin/tests/system/rpz/setup.sh | 4 +
external/mpl/bind/dist/bin/tests/system/rpz/tests.sh | 11 +
external/mpl/bind/dist/bin/tests/system/runall.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/statschannel/tests.sh | 1 +
external/mpl/bind/dist/bin/tests/system/win32/bigkey.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/win32/feature-test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/win32/gencheck.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/win32/keycreate.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/win32/keydelete.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/win32/pipequeries.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/system/xfer/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/win32/backtrace_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/inter_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/makejournal.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/rwlock_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/shutdown_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/sock_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/task_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tests/win32/timer_test.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tools/win32/arpaname.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tools/win32/journalprint.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tools/win32/mdig.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/tools/win32/rrchecker.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/win32/BINDInstall/AccountInfo.cpp | 23 +-
external/mpl/bind/dist/bin/win32/BINDInstall/BINDInstall.rc | 1 +
external/mpl/bind/dist/bin/win32/BINDInstall/BINDInstall.vcxproj.in | 5 +-
external/mpl/bind/dist/bin/win32/BINDInstall/BINDInstallDlg.cpp | 41 +-
external/mpl/bind/dist/bin/win32/BINDInstall/DirBrowse.cpp | 1 +
external/mpl/bind/dist/bin/win32/BINDInstall/VersionInfo.cpp | 2 -
external/mpl/bind/dist/configure.ac | 32 +-
external/mpl/bind/dist/doc/arm/Bv9ARM-book.xml | 29 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch01.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch02.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch03.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch05.html | 31 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch08.html | 473 +++++----
external/mpl/bind/dist/doc/arm/Bv9ARM.ch09.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch10.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch11.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch12.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.html | 6 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/mpl/bind/dist/doc/arm/Makefile.in | 15 +-
external/mpl/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/mpl/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.delv.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dig.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-cds.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-keygen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-keymgr.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnstap-read.html | 2 +-
external/mpl/bind/dist/doc/arm/man.filter-aaaa.html | 2 +-
external/mpl/bind/dist/doc/arm/man.host.html | 2 +-
external/mpl/bind/dist/doc/arm/man.mdig.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-nzd2nzf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named.conf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named.html | 2 +-
external/mpl/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/mpl/bind/dist/doc/arm/man.nslookup.html | 2 +-
external/mpl/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-destroy.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-keygen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-list.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-tokens.html | 2 +-
external/mpl/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.rndc.html | 2 +-
external/mpl/bind/dist/doc/arm/notes-bug-fixes.xml | 81 +
external/mpl/bind/dist/doc/arm/notes-download.xml | 20 +
external/mpl/bind/dist/doc/arm/notes-eol.xml | 21 +
external/mpl/bind/dist/doc/arm/notes-intro.xml | 22 +
external/mpl/bind/dist/doc/arm/notes-license.xml | 34 +
external/mpl/bind/dist/doc/arm/notes-new-features.xml | 78 +
external/mpl/bind/dist/doc/arm/notes-numbering.xml | 20 +
external/mpl/bind/dist/doc/arm/notes-platforms.xml | 44 +
external/mpl/bind/dist/doc/arm/notes-sec-fixes.xml | 37 +
external/mpl/bind/dist/doc/arm/notes-thankyou.xml | 19 +
external/mpl/bind/dist/doc/arm/notes.html | 469 +++++----
external/mpl/bind/dist/doc/arm/notes.pdf | Bin
external/mpl/bind/dist/doc/arm/notes.txt | 33 +-
external/mpl/bind/dist/doc/arm/notes.xml | 263 +-----
external/mpl/bind/dist/lib/bind9/win32/libbind9.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/dns/api | 2 +-
external/mpl/bind/dist/lib/dns/tests/Kyuafile | 1 -
external/mpl/bind/dist/lib/dns/tests/Makefile.in | 11 -
external/mpl/bind/dist/lib/dns/win32/gen.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/dns/win32/libdns.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/irs/win32/libirs.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/isc/api | 2 +-
external/mpl/bind/dist/lib/isc/win32/libisc.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/isccc/win32/libisccc.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/isccfg/api | 2 +-
external/mpl/bind/dist/lib/isccfg/win32/libisccfg.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/ns/api | 2 +-
external/mpl/bind/dist/lib/ns/win32/libns.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/samples/win32/async.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/samples/win32/gai.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/samples/win32/nsprobe.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/samples/win32/request.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/samples/win32/resolve.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/samples/win32/update.vcxproj.in | 5 +-
external/mpl/bind/dist/lib/win32/bindevt/bindevt.vcxproj.in | 5 +-
external/mpl/bind/dist/srcid | 2 +-
external/mpl/bind/dist/unit/unittest.sh.in | 2 +-
external/mpl/bind/dist/version | 2 +-
external/mpl/bind/dist/win32utils/Configure | 23 +-
external/mpl/bind/dist/win32utils/bind9.sln.in | 5 +
external/mpl/bind/dist/win32utils/build.txt | 123 +-
external/mpl/bind/dist/win32utils/readme1st.txt | 64 +-
188 files changed, 1730 insertions(+), 1208 deletions(-)
diffs (truncated from 6480 to 300 lines):
diff -r b7ebd164244e -r 4511c2332131 external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES Thu Oct 17 16:21:02 2019 +0000
+++ b/external/mpl/bind/dist/CHANGES Thu Oct 17 16:25:39 2019 +0000
@@ -1,3 +1,53 @@
+ --- 9.14.7 released ---
+
+5299. [security] A flaw in DNSSEC verification when transferring
+ mirror zones could allow data to be incorrectly
+ marked valid. (CVE-2019-6475) [GL #16P]
+
+5298. [security] Named could assert if a forwarder returned a
+ referral, rather than resolving the query, when QNAME
+ minimization was enabled. (CVE-2019-6476) [GL #1051]
+
+5297. [bug] Check whether a previous QNAME minimization fetch
+ is still running before starting a new one; return
+ SERVFAIL and log an error if so. [GL #1191]
+
+5294. [func] Fallback to ACE name on output in locale, which does not
+ support converting it to unicode. [GL #846]
+
+5293. [bug] On Windows, named crashed upon any attempt to fetch XML
+ statistics from it. [GL #1245]
+
+5292. [bug] Queue 'rndc nsec3param' requests while signing inline
+ zone changes. [GL #1205]
+
+ --- 9.14.6 released ---
+
+5289. [bug] Address NULL pointer dereference in rpz.c:rpz_detach.
+ [GL #1210]
+
+5286. [contrib] Address potential NULL pointer dereferences in
+ dlz_mysqldyn_mod.c. [GL #1207]
+
+5285. [port] win32: implement "-T maxudpXXX". [GL #837]
+
+5283. [bug] When a response-policy zone expires, ensure that
+ its policies are removed from the RPZ summary
+ database. [GL #1146]
+
+5282. [bug] Fixed a bug in searching for possible wildcard matches
+ for query names in the RPZ summary database. [GL #1146]
+
+5281. [cleanup] Don't escape commas when reporting named's command
+ line. [GL #1189]
+
+5280. [protocol] Add support for displaying EDNS option LLQ. [GL #1201]
+
+5279. [bug] When loading, reject zones containing CDS or CDNSKEY
+ RRsets at the zone apex if they would cause DNSSEC
+ validation failures if published in the parent zone
+ as the DS RRset. [GL #1187]
+
--- 9.14.5 released ---
5277. [bug] Cache DB statistics could underflow when serve-stale
@@ -95,7 +145,7 @@
code in a high-load cold-cache resolver scenario.
[GL #943]
-5242. [bug] In relaxed qname minimizatiom mode, fall back to
+5242. [bug] In relaxed qname minimization mode, fall back to
normal resolution when encountering a lame
delegation, and use _.domain/A queries rather
than domain/NS. [GL #1055]
diff -r b7ebd164244e -r 4511c2332131 external/mpl/bind/dist/README
--- a/external/mpl/bind/dist/README Thu Oct 17 16:21:02 2019 +0000
+++ b/external/mpl/bind/dist/README Thu Oct 17 16:25:39 2019 +0000
@@ -71,6 +71,9 @@
assertion failure or other crash in named, please do NOT use GitLab to
report it. Instead, please send mail to security-officer%isc.org@localhost.
+For a general overview of ISC security policies, read the Knowledge Base
+article at https://kb.isc.org/docs/aa-00861.
+
Professional support and training for BIND are available from ISC at
https://www.isc.org/support.
@@ -90,7 +93,7 @@
General information: CONTRIBUTING.md - BIND 9 code style: doc/dev/style.md
- BIND architecture and developer guide: doc/dev/dev.md
-Patches for BIND may be submitted as Merge Requests in the ISC GitLab
+Patches for BIND may be submitted as merge requests in the ISC GitLab
server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
By default, external contributors don't have ability to fork BIND in the
@@ -164,13 +167,27 @@
BIND 9.14.4 is a maintenance release, and also adds support for the new
MaxMind GeoIP2 geolocation API when built with configure --with-geoip2.
+BIND 9.14.5
+
+BIND 9.14.5 is a maintenance release.
+
+BIND 9.14.6
+
+BIND 9.14.6 is a maintenance release.
+
+BIND 9.14.7
+
+BIND 9.14.7 is a maintenance release, and also addresses the security
+vulnerabilities disclosed in CVE-2019-6475 and CVE-2019-6476.
+
Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
basic POSIX support, and a 64-bit integer type. Successful builds have
-been observed on many versions of Linux and UNIX, including RedHat,
-Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
-X, Solaris, HP-UX, and OpenWRT.
+been observed on many versions of Linux and UNIX, including RHEL/CentOS,
+Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware, Alpine, FreeBSD,
+NetBSD, OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE, HP-UX, and
+OpenWRT.
BIND requires a cryptography provider library such as OpenSSL or a
hardware service module supporting PKCS#11. On Linux, BIND requires the
@@ -179,8 +196,8 @@
Compile-time options below for details on other libraries that may be
required to support optional features.
-BIND is also available for Windows 2008 and higher. See win32utils/
-readme1st.txt for details on building for Windows systems.
+BIND is also available for Windows Server 2008 and higher. See win32utils/
+build.txt for details on building for Windows systems.
To build on a UNIX or Linux system, use:
@@ -208,25 +225,23 @@
LDFLAGS Linker flags. Defaults to empty string.
BUILD_CC Needed when cross-compiling: the native C compiler to use
when building for the target system.
-BUILD_CFLAGS Optional, used for cross-compiling
-BUILD_CPPFLAGS
-BUILD_LDFLAGS
-BUILD_LIBS
+BUILD_CFLAGS CFLAGS for the target system during cross-compiling.
+BUILD_CPPFLAGS CPPFLAGS for the target system during cross-compiling.
+BUILD_LDFLAGS LDFLAGS for the target system during cross-compiling.
+BUILD_LIBS LIBS for the target system during cross-compiling.
macOS
Building on macOS assumes that the "Command Tools for Xcode" is installed.
This can be downloaded from https://developer.apple.com/download/more/ or
-if you have Xcode already installed you can run "xcode-select --install".
-This will add /usr/include to the system and install the compiler and
-other tools so that they can be easily found.
+if you have Xcode already installed you can run xcode-select --install.
Dependencies
Portions of BIND that are written in Python, including dnssec-keymgr,
dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-'argparse' and 'ply' modules to be available. 'argparse' is a standard
-module as of Python 2.7 and Python 3.2. 'ply' is available from https://
+argparse and ply modules to be available. argparse is a standard module as
+of Python 2.7 and Python 3.2. ply is available from https://
pypi.python.org/pypi/ply.
Compile-time options
@@ -245,9 +260,12 @@
--with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
To support the HTTP statistics channel, the server must be linked with at
-least one of the following: libxml2 http://xmlsoft.org or json-c https://
-github.com/json-c. If these are installed at a nonstandard location,
-specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
+least one of the following libraries: libxml2 http://xmlsoft.org or json-c
+https://github.com/json-c/json-c. If these are installed at a nonstandard
+location, then:
+
+ * for libxml2, specify the prefix using --with-libxml2=/prefix,
+ * for json-c, adjust PKG_CONFIG_PATH.
To support compression on the HTTP statistics channel, the server must be
linked against libzlib. If this is installed in a nonstandard location,
@@ -276,8 +294,8 @@
On Linux, process capabilities are managed in user space using the libcap
library, which can be installed on most Linux systems via the libcap-dev
-or libcap-devel module. Process capability support can also be disabled by
-configuring with --disable-linux-caps.
+or libcap-devel package. Process capability support can also be disabled
+by configuring with --disable-linux-caps.
On some platforms it is necessary to explicitly request large file support
to handle files bigger than 2GB. This can be done by using
@@ -314,7 +332,7 @@
Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
and will be skipped if these are not available. Some tests require Python
-and the 'dnspython' module and will be skipped if these are not available.
+and the dnspython module and will be skipped if these are not available.
See bin/tests/system/README for further details.
Unit tests are implemented using the CMocka unit testing framework. To
@@ -325,7 +343,7 @@
Documentation
The BIND 9 Administrator Reference Manual is included with the source
-distribution, in DocBook XML, HTML and PDF format, in the doc/arm
+distribution, in DocBook XML, HTML, and PDF format, in the doc/arm
directory.
Some of the programs in the BIND 9 distribution have man pages in their
@@ -380,16 +398,16 @@
referred to entries in the "bind9-bugs" RT database, which was not open to
the public. More recent entries use the form [GL #NNN] or, less often, [GL
!NNN], which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publicly readable, unless they include
-information which is confidential or security senstive.
+GitLab database. Most of these are publicly readable, unless they include
+information which is confidential or security sensitive.
-To look up a Gitlab issue by its number, use the URL https://
+To look up a GitLab issue by its number, use the URL https://
gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
In rare cases, an issue or merge request number may be followed with the
letter "P". This indicates that the information is in the private ISC
-Gitlab instance, which is not visible to the public.
+GitLab instance, which is not visible to the public.
Acknowledgments
diff -r b7ebd164244e -r 4511c2332131 external/mpl/bind/dist/README.md
--- a/external/mpl/bind/dist/README.md Thu Oct 17 16:21:02 2019 +0000
+++ b/external/mpl/bind/dist/README.md Thu Oct 17 16:25:39 2019 +0000
@@ -82,6 +82,9 @@
report it. Instead, please send mail to
[security-officer%isc.org@localhost](mailto:security-officer%isc.org@localhost).
+For a general overview of ISC security policies, read the Knowledge Base
+article at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
+
Professional support and training for BIND are available from
ISC at [https://www.isc.org/support](https://www.isc.org/support).
@@ -103,7 +106,7 @@
- BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
Patches for BIND may be submitted as
-[Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
+[merge requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
in the [ISC GitLab server](https://gitlab.isc.org) at
at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
@@ -180,13 +183,26 @@
the new MaxMind GeoIP2 geolocation API when built with
`configure --with-geoip2`.
+#### BIND 9.14.5
+
+BIND 9.14.5 is a maintenance release.
+
+#### BIND 9.14.6
+
+BIND 9.14.6 is a maintenance release.
+
+#### BIND 9.14.7
+
+BIND 9.14.7 is a maintenance release, and also addresses the security
+vulnerabilities disclosed in CVE-2019-6475 and CVE-2019-6476.
+
### <a name="build"/> Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
basic POSIX support, and a 64-bit integer type. Successful builds have been
-observed on many versions of Linux and UNIX, including RedHat, Fedora,
-Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
-Solaris, HP-UX, and OpenWRT.
+observed on many versions of Linux and UNIX, including RHEL/CentOS, Fedora,
+Debian, Ubuntu, SLES, openSUSE, Slackware, Alpine, FreeBSD, NetBSD,
+OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE, HP-UX, and OpenWRT.
BIND requires a cryptography provider library such as OpenSSL or a
hardware service module supporting PKCS#11. On Linux, BIND requires
@@ -195,8 +211,8 @@
See [Compile-time options](#opts) below for details on other libraries
that may be required to support optional features.
-BIND is also available for Windows 2008 and higher. See
-`win32utils/readme1st.txt` for details on building for Windows
+BIND is also available for Windows Server 2008 and higher. See
+`win32utils/build.txt` for details on building for Windows
systems.
To build on a UNIX or Linux system, use:
@@ -218,26 +234,24 @@
|`STD_CDEFINES`|Any additional preprocessor symbols you want defined. Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
|`LDFLAGS`|Linker flags. Defaults to empty string.|
|`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
-|`BUILD_CFLAGS`|Optional, used for cross-compiling|
-|`BUILD_CPPFLAGS`||
-|`BUILD_LDFLAGS`||
-|`BUILD_LIBS`||
Home |
Main Index |
Thread Index |
Old Index