Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/mpl/bind/dist --- 9.16.5 released ---
details: https://anonhg.NetBSD.org/src/rev/a621864ea2bc
branches: trunk
changeset: 936766:a621864ea2bc
user: christos <christos%NetBSD.org@localhost>
date: Mon Aug 03 17:07:01 2020 +0000
description:
--- 9.16.5 released ---
5458. [bug] Prevent a theoretically possible NULL dereference caused
by a data race between zone_maintenance() and
dns_zone_setview_helper(). [GL #1627]
5455. [bug] named could crash when cleaning dead nodes in
lib/dns/rbtdb.c that were being reused. [GL #1968]
5454. [bug] Address a startup crash that occurred when the server
was under load and the root zone had not yet been
loaded. [GL #1862]
5453. [bug] named crashed on shutdown when a new rndc connection was
received during shutdown. [GL #1747]
5452. [bug] The "blackhole" ACL was accidentally disabled for client
queries. [GL #1936]
5451. [func] Add 'rndc dnssec -status' command. [GL #1612]
5449. [bug] Fix a socket shutdown race in netmgr udp. [GL #1938]
5448. [bug] Fix a race condition in isc__nm_tcpdns_send().
[GL #1937]
5447. [bug] IPv6 addresses ending in "::" could break YAML
parsing. A "0" is now appended to such addresses
in YAML output from dig, mdig, delv, and dnstap-read.
[GL #1952]
5446. [bug] The validator could fail to accept a properly signed
RRset if an unsupported algorithm appeared earlier in
the DNSKEY RRset than a supported algorithm. It could
also stop if it detected a malformed public key.
[GL #1689]
5444. [bug] 'rndc dnstap -roll <value>' did not limit the number of
saved files to <value>. [GL !3728]
5443. [bug] The "primary" and "secondary" keywords, when used
as parameters for "check-names", were not
processed correctly and were being ignored. [GL #1949]
5441. [bug] ${LMDB_CFLAGS} was missing from make/includes.in.
[GL #1955]
5440. [test] Properly handle missing kyua. [GL #1950]
5439. [bug] The DS RRset returned by dns_keynode_dsset() was used in
a non-thread-safe manner. [GL #1926]
--- 9.16.4 released ---
5438. [bug] Fix a race in TCP accepting code. [GL #1930]
5437. [bug] Fix a data race in lib/dns/resolver.c:log_formerr().
[GL #1808]
5436. [security] It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer.
(CVE-2020-8618) [GL #1850]
5435. [tests] Add RFC 4592 responses examples to the wildcard system
test. [GL #1718]
5434. [security] It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone
content and query patterns. (CVE-2020-8619) [GL #1111]
[GL #1718]
5431. [func] Reject DS records at the zone apex when loading
master files. Log but otherwise ignore attempts to
add DS records at the zone apex via UPDATE. [GL #1798]
5430. [doc] Update docs - with netmgr, a separate listening socket
is created for each IPv6 interface (just as with IPv4).
[GL #1782]
5428. [bug] Clean up GSSAPI resources in nsupdate only after taskmgr
has been destroyed. Thanks to Petr Menšík. [GL !3316]
5426. [bug] Don't abort() when setting SO_INCOMING_CPU on the socket
fails. [GL #1911]
5425. [func] The default value of "max-stale-ttl" has been changed
from 1 week to 12 hours. [GL #1877]
5424. [bug] With KASP, when creating a successor key, the "goal"
state of the current active key (predecessor) was not
changed and thus never removed from the zone. [GL #1846]
5423. [bug] Fix a bug in keymgr_key_has_successor(): it incorrectly
returned true if any other key in the keyring had a
successor. [GL #1845]
5422. [bug] When using dnssec-policy, print correct key timing
metadata. [GL #1843]
5421. [bug] Fix a race that could cause named to crash when looking
up the nodename of an RBT node if the tree was modified.
[GL #1857]
5420. [bug] Add missing isc_{mutex,conditional}_destroy() calls
that caused a memory leak on FreeBSD. [GL #1893]
5418. [bug] delv failed to parse deprecated trusted-keys-style
trust anchors. [GL #1860]
5416. [bug] Fix a lock order inversion in lib/isc/unix/socket.c.
[GL #1859]
5415. [test] Address race in dnssec system test that led to
test failures. [GL #1852]
5414. [test] Adjust time allowed for journal truncation to occur
in nsupdate system test to avoid test failure.
[GL #1855]
5413. [test] Address race in autosign system test that led to
test failures. [GL #1852]
5412. [bug] 'provide-ixfr no;' failed to return up-to-date responses
when the serial was greater than or equal to the
current serial. [GL #1714]
5411. [cleanup] TCP accept code has been refactored to use a single
accept() and pass the accepted socket to child threads
for processing. [GL !3320]
5409. [performance] When looking up NSEC3 data in a zone database, skip the
check for empty non-terminal nodes; the NSEC3 tree does
not have any. [GL #1834]
5408. [protocol] Print Extended DNS Errors if present in OPT record.
[GL #1835]
5407. [func] Zone timers are now exported via statistics channel.
Thanks to Paul Frieden, Verizon Media. [GL #1232]
5405. [bug] 'named-checkconf -p' could include spurious text in
server-addresses statements due to an uninitialized DSCP
value. [GL #1812]
diffstat:
external/mpl/bind/dist/CHANGES | 144 +
external/mpl/bind/dist/CONTRIBUTING.md | 74 +-
external/mpl/bind/dist/PLATFORMS | 6 +-
external/mpl/bind/dist/PLATFORMS.md | 12 +-
external/mpl/bind/dist/bin/check/Makefile.in | 22 +-
external/mpl/bind/dist/bin/check/named-checkconf.rst | 105 +
external/mpl/bind/dist/bin/check/named-checkzone.rst | 214 +
external/mpl/bind/dist/bin/confgen/Makefile.in | 24 +-
external/mpl/bind/dist/bin/confgen/ddns-confgen.rst | 103 +
external/mpl/bind/dist/bin/confgen/rndc-confgen.rst | 120 +
external/mpl/bind/dist/bin/delv/Makefile.in | 20 +-
external/mpl/bind/dist/bin/delv/delv.rst | 336 +
external/mpl/bind/dist/bin/dig/Makefile.in | 24 +-
external/mpl/bind/dist/bin/dig/dig.rst | 634 +
external/mpl/bind/dist/bin/dig/host.rst | 181 +
external/mpl/bind/dist/bin/dig/nslookup.rst | 226 +
external/mpl/bind/dist/bin/dnssec/Makefile.in | 25 +-
external/mpl/bind/dist/bin/dnssec/dnssec-cds.rst | 212 +
external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.rst | 150 +
external/mpl/bind/dist/bin/dnssec/dnssec-importkey.rst | 123 +
external/mpl/bind/dist/bin/dnssec/dnssec-keyfromlabel.rst | 276 +
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.rst | 328 +
external/mpl/bind/dist/bin/dnssec/dnssec-revoke.rst | 81 +
external/mpl/bind/dist/bin/dnssec/dnssec-settime.rst | 230 +
external/mpl/bind/dist/bin/dnssec/dnssec-signzone.rst | 392 +
external/mpl/bind/dist/bin/dnssec/dnssec-verify.rst | 108 +
external/mpl/bind/dist/bin/named/Makefile.in | 33 +-
external/mpl/bind/dist/bin/named/bind9.xsl | 7 +-
external/mpl/bind/dist/bin/named/named.conf.rst | 1019 +
external/mpl/bind/dist/bin/named/named.rst | 234 +
external/mpl/bind/dist/bin/nsupdate/Makefile.in | 23 +-
external/mpl/bind/dist/bin/nsupdate/nsupdate.rst | 365 +
external/mpl/bind/dist/bin/pkcs11/Makefile.in | 23 +-
external/mpl/bind/dist/bin/pkcs11/pkcs11-destroy.rst | 71 +
external/mpl/bind/dist/bin/pkcs11/pkcs11-keygen.rst | 90 +
external/mpl/bind/dist/bin/pkcs11/pkcs11-list.rst | 66 +
external/mpl/bind/dist/bin/pkcs11/pkcs11-tokens.rst | 53 +
external/mpl/bind/dist/bin/plugins/Makefile.in | 18 +-
external/mpl/bind/dist/bin/plugins/filter-aaaa.rst | 99 +
external/mpl/bind/dist/bin/python/Makefile.in | 16 -
external/mpl/bind/dist/bin/python/dnssec-checkds.rst | 67 +
external/mpl/bind/dist/bin/python/dnssec-coverage.rst | 151 +
external/mpl/bind/dist/bin/python/dnssec-keymgr.rst | 224 +
external/mpl/bind/dist/bin/rndc/Makefile.in | 23 +-
external/mpl/bind/dist/bin/rndc/rndc.conf.rst | 166 +
external/mpl/bind/dist/bin/rndc/rndc.rst | 583 +
external/mpl/bind/dist/bin/tests/Makefile.in | 6 +-
external/mpl/bind/dist/bin/tests/optional/Makefile.in | 6 +-
external/mpl/bind/dist/bin/tests/pkcs11/Makefile.in | 2 +-
external/mpl/bind/dist/bin/tests/pkcs11/benchmarks/Makefile.in | 2 +-
external/mpl/bind/dist/bin/tests/system/Makefile.in | 4 +-
external/mpl/bind/dist/bin/tests/system/acl/ns2/named5.conf.in | 1 +
external/mpl/bind/dist/bin/tests/system/acl/tests.sh | 20 +
external/mpl/bind/dist/bin/tests/system/autosign/tests.sh | 24 +-
external/mpl/bind/dist/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf | 15 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-checknames-primary-dup.conf | 15 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf | 15 +
external/mpl/bind/dist/bin/tests/system/checkconf/good.conf | 8 +
external/mpl/bind/dist/bin/tests/system/checkconf/good.zonelist | 1 +
external/mpl/bind/dist/bin/tests/system/checkconf/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/checknames/ns4/named.conf.in | 2 +-
external/mpl/bind/dist/bin/tests/system/checknames/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/checkzone/zones/bad-ds.db | 4 +
external/mpl/bind/dist/bin/tests/system/conf.sh.common | 27 +-
external/mpl/bind/dist/bin/tests/system/conf.sh.in | 3 +-
external/mpl/bind/dist/bin/tests/system/conf.sh.win32 | 1 +
external/mpl/bind/dist/bin/tests/system/digdelv/clean.sh | 10 +-
external/mpl/bind/dist/bin/tests/system/digdelv/ns2/example.db.in | 2 +
external/mpl/bind/dist/bin/tests/system/digdelv/tests.sh | 123 +-
external/mpl/bind/dist/bin/tests/system/digdelv/yamlget.py | 10 +-
external/mpl/bind/dist/bin/tests/system/dnssec/ns1/sign.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dnssec/tests.sh | 29 +-
external/mpl/bind/dist/bin/tests/system/dnstap/clean.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/dnstap/tests.sh | 25 +-
external/mpl/bind/dist/bin/tests/system/dnstap/ydump.py | 4 +-
external/mpl/bind/dist/bin/tests/system/dyndb/driver/Makefile.in | 4 +-
external/mpl/bind/dist/bin/tests/system/ixfr/ns3/mytest2.db | 2 +-
external/mpl/bind/dist/bin/tests/system/ixfr/tests.sh | 37 +-
external/mpl/bind/dist/bin/tests/system/kasp/clean.sh | 5 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns3/setup.sh | 1112 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns4/named.conf.in | 9 +
external/mpl/bind/dist/bin/tests/system/kasp/ns5/named.conf.in | 9 +
external/mpl/bind/dist/bin/tests/system/kasp/ns6/setup.sh | 223 +-
external/mpl/bind/dist/bin/tests/system/kasp/tests.sh | 1866 ++-
external/mpl/bind/dist/bin/tests/system/nsupdate/tests.sh | 32 +-
external/mpl/bind/dist/bin/tests/system/pipelined/Makefile.in | 4 +-
external/mpl/bind/dist/bin/tests/system/rndc/Makefile.in | 2 +-
external/mpl/bind/dist/bin/tests/system/rpz/Makefile.in | 4 +-
external/mpl/bind/dist/bin/tests/system/rsabigexponent/Makefile.in | 6 +-
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/sign.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/run.sh | 18 +-
external/mpl/bind/dist/bin/tests/system/serve-stale/tests.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/shutdown/clean.sh | 18 +
external/mpl/bind/dist/bin/tests/system/shutdown/conftest.py | 58 +
external/mpl/bind/dist/bin/tests/system/shutdown/ns1/named.conf.in | 29 +
external/mpl/bind/dist/bin/tests/system/shutdown/ns1/root.db | 23 +
external/mpl/bind/dist/bin/tests/system/shutdown/ns2/named.conf.in | 27 +
external/mpl/bind/dist/bin/tests/system/shutdown/ns2/test.db | 7 +
external/mpl/bind/dist/bin/tests/system/shutdown/prereq.sh | 36 +
external/mpl/bind/dist/bin/tests/system/shutdown/resolver/named.conf.in | 26 +
external/mpl/bind/dist/bin/tests/system/shutdown/resolver/root.db | 19 +
external/mpl/bind/dist/bin/tests/system/shutdown/setup.sh | 21 +
external/mpl/bind/dist/bin/tests/system/shutdown/tests-shutdown.py | 193 +
external/mpl/bind/dist/bin/tests/system/statschannel/clean.sh | 10 +-
external/mpl/bind/dist/bin/tests/system/statschannel/conftest.py | 107 +
external/mpl/bind/dist/bin/tests/system/statschannel/generic.py | 95 +
external/mpl/bind/dist/bin/tests/system/statschannel/helper.py | 153 +
external/mpl/bind/dist/bin/tests/system/statschannel/ns1/example.db | 47 +
external/mpl/bind/dist/bin/tests/system/statschannel/ns1/named.conf.in | 41 +
external/mpl/bind/dist/bin/tests/system/statschannel/ns2/manykeys.db.in | 26 +
external/mpl/bind/dist/bin/tests/system/statschannel/ns2/named.conf.in | 2 +-
external/mpl/bind/dist/bin/tests/system/statschannel/ns3/named.conf.in | 41 +
external/mpl/bind/dist/bin/tests/system/statschannel/setup.sh | 9 +-
external/mpl/bind/dist/bin/tests/system/statschannel/tests-json.py | 100 +
external/mpl/bind/dist/bin/tests/system/statschannel/tests-xml.py | 130 +
external/mpl/bind/dist/bin/tests/system/statschannel/tests.sh | 109 -
external/mpl/bind/dist/bin/tests/system/tkey/Makefile.in | 4 +-
external/mpl/bind/dist/bin/tests/system/wildcard/ns1/example.db.in | 12 +
external/mpl/bind/dist/bin/tests/system/wildcard/ns1/named.conf.in | 4 +
external/mpl/bind/dist/bin/tests/system/wildcard/ns1/sign.sh | 3 +
external/mpl/bind/dist/bin/tests/system/wildcard/tests.sh | 88 +
external/mpl/bind/dist/bin/tools/Makefile.in | 45 +-
external/mpl/bind/dist/bin/tools/arpaname.rst | 43 +
external/mpl/bind/dist/bin/tools/dnstap-read.rst | 62 +
external/mpl/bind/dist/bin/tools/mdig.rst | 318 +
external/mpl/bind/dist/bin/tools/named-journalprint.rst | 56 +
external/mpl/bind/dist/bin/tools/named-nzd2nzf.rst | 52 +
external/mpl/bind/dist/bin/tools/named-rrchecker.rst | 57 +
external/mpl/bind/dist/bin/tools/nsec3hash.rst | 73 +
external/mpl/bind/dist/configure.ac | 257 +-
external/mpl/bind/dist/contrib/dlz/bin/dlzbdb/Makefile.in | 14 +-
external/mpl/bind/dist/dangerfile.py | 199 +
external/mpl/bind/dist/doc/Makefile.in | 2 +-
external/mpl/bind/dist/doc/arm/Makefile.in | 110 +-
external/mpl/bind/dist/doc/arm/advanced.rst | 855 +
external/mpl/bind/dist/doc/arm/catz.rst | 251 +
external/mpl/bind/dist/doc/arm/conf.py | 86 +
external/mpl/bind/dist/doc/arm/configuration.rst | 347 +
external/mpl/bind/dist/doc/arm/dlz.rst | 140 +
external/mpl/bind/dist/doc/arm/dnssec.rst | 274 +
external/mpl/bind/dist/doc/arm/dyndb.rst | 98 +
external/mpl/bind/dist/doc/arm/general.rst | 620 +
external/mpl/bind/dist/doc/arm/history.rst | 84 +
external/mpl/bind/dist/doc/arm/index.rst | 35 +
external/mpl/bind/dist/doc/arm/introduction.rst | 320 +
external/mpl/bind/dist/doc/arm/logging-categories.rst | 126 +
external/mpl/bind/dist/doc/arm/managed-keys.rst | 101 +
external/mpl/bind/dist/doc/arm/manpages.rst | 51 +
external/mpl/bind/dist/doc/arm/notes.rst | 102 +
external/mpl/bind/dist/doc/arm/pkcs11.rst | 521 +
external/mpl/bind/dist/doc/arm/plugins.rst | 91 +
external/mpl/bind/dist/doc/arm/reference.rst | 6636 ++++++++++
external/mpl/bind/dist/doc/arm/requirements.rst | 90 +
external/mpl/bind/dist/doc/arm/security.rst | 237 +
external/mpl/bind/dist/doc/arm/troubleshooting.rst | 106 +
external/mpl/bind/dist/doc/doxygen/Doxyfile.in | 4 +-
external/mpl/bind/dist/doc/man/Makefile.in | 269 +
external/mpl/bind/dist/doc/man/arpaname.1in | 48 +
external/mpl/bind/dist/doc/man/arpaname.rst | 13 +
external/mpl/bind/dist/doc/man/conf.py | 99 +
external/mpl/bind/dist/doc/man/ddns-confgen.8in | 109 +
external/mpl/bind/dist/doc/man/ddns-confgen.rst | 13 +
external/mpl/bind/dist/doc/man/delv.1in | 345 +
external/mpl/bind/dist/doc/man/delv.rst | 13 +
external/mpl/bind/dist/doc/man/dig.1in | 649 +
external/mpl/bind/dist/doc/man/dig.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-cds.8in | 225 +
external/mpl/bind/dist/doc/man/dnssec-cds.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-checkds.8in | 96 +
external/mpl/bind/dist/doc/man/dnssec-checkds.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-coverage.8in | 192 +
external/mpl/bind/dist/doc/man/dnssec-coverage.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-dsfromkey.8in | 149 +
external/mpl/bind/dist/doc/man/dnssec-dsfromkey.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-importkey.8in | 126 +
external/mpl/bind/dist/doc/man/dnssec-importkey.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-keyfromlabel.8in | 281 +
external/mpl/bind/dist/doc/man/dnssec-keyfromlabel.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-keygen.8in | 331 +
external/mpl/bind/dist/doc/man/dnssec-keygen.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-keymgr.8in | 299 +
external/mpl/bind/dist/doc/man/dnssec-keymgr.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-revoke.8in | 86 +
external/mpl/bind/dist/doc/man/dnssec-revoke.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-settime.8in | 238 +
external/mpl/bind/dist/doc/man/dnssec-settime.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-signzone.8in | 412 +
external/mpl/bind/dist/doc/man/dnssec-signzone.rst | 13 +
external/mpl/bind/dist/doc/man/dnssec-verify.8in | 113 +
external/mpl/bind/dist/doc/man/dnssec-verify.rst | 13 +
external/mpl/bind/dist/doc/man/dnstap-read.1in | 67 +
external/mpl/bind/dist/doc/man/dnstap-read.rst | 13 +
external/mpl/bind/dist/doc/man/filter-aaaa.8in | 110 +
external/mpl/bind/dist/doc/man/filter-aaaa.rst | 13 +
external/mpl/bind/dist/doc/man/host.1in | 182 +
external/mpl/bind/dist/doc/man/host.rst | 13 +
external/mpl/bind/dist/doc/man/index.rst | 9 +
external/mpl/bind/dist/doc/man/mdig.1in | 321 +
external/mpl/bind/dist/doc/man/mdig.rst | 13 +
external/mpl/bind/dist/doc/man/named-checkconf.8in | 108 +
external/mpl/bind/dist/doc/man/named-checkconf.rst | 13 +
external/mpl/bind/dist/doc/man/named-checkzone.8in | 217 +
external/mpl/bind/dist/doc/man/named-checkzone.rst | 13 +
external/mpl/bind/dist/doc/man/named-journalprint.8in | 61 +
external/mpl/bind/dist/doc/man/named-journalprint.rst | 13 +
external/mpl/bind/dist/doc/man/named-nzd2nzf.8in | 57 +
external/mpl/bind/dist/doc/man/named-nzd2nzf.rst | 13 +
external/mpl/bind/dist/doc/man/named-rrchecker.1in | 62 +
external/mpl/bind/dist/doc/man/named-rrchecker.rst | 13 +
external/mpl/bind/dist/doc/man/named.8in | 260 +
external/mpl/bind/dist/doc/man/named.conf.5in | 1105 +
external/mpl/bind/dist/doc/man/named.conf.rst | 13 +
external/mpl/bind/dist/doc/man/named.rst | 13 +
external/mpl/bind/dist/doc/man/nsec3hash.8in | 78 +
external/mpl/bind/dist/doc/man/nsec3hash.rst | 13 +
external/mpl/bind/dist/doc/man/nslookup.1in | 237 +
external/mpl/bind/dist/doc/man/nslookup.rst | 13 +
external/mpl/bind/dist/doc/man/nsupdate.1in | 378 +
external/mpl/bind/dist/doc/man/nsupdate.rst | 13 +
external/mpl/bind/dist/doc/man/pkcs11-destroy.8in | 74 +
external/mpl/bind/dist/doc/man/pkcs11-destroy.rst | 13 +
external/mpl/bind/dist/doc/man/pkcs11-keygen.8in | 95 +
external/mpl/bind/dist/doc/man/pkcs11-keygen.rst | 13 +
external/mpl/bind/dist/doc/man/pkcs11-list.8in | 73 +
external/mpl/bind/dist/doc/man/pkcs11-list.rst | 13 +
external/mpl/bind/dist/doc/man/pkcs11-tokens.8in | 58 +
external/mpl/bind/dist/doc/man/pkcs11-tokens.rst | 13 +
external/mpl/bind/dist/doc/man/rndc-confgen.8in | 123 +
external/mpl/bind/dist/doc/man/rndc-confgen.rst | 13 +
external/mpl/bind/dist/doc/man/rndc.8in | 588 +
external/mpl/bind/dist/doc/man/rndc.conf.5in | 196 +
external/mpl/bind/dist/doc/man/rndc.conf.rst | 13 +
external/mpl/bind/dist/doc/man/rndc.rst | 13 +
external/mpl/bind/dist/doc/misc/Makefile.in | 46 +-
external/mpl/bind/dist/doc/misc/acl.grammar.rst | 3 +
external/mpl/bind/dist/doc/misc/controls.grammar.rst | 13 +
external/mpl/bind/dist/doc/misc/delegation-only.zoneopt.rst | 5 +
external/mpl/bind/dist/doc/misc/dnssec-policy.grammar.rst | 17 +
external/mpl/bind/dist/doc/misc/forward.zoneopt.rst | 8 +
external/mpl/bind/dist/doc/misc/hint.zoneopt.rst | 8 +
external/mpl/bind/dist/doc/misc/in-view.zoneopt.rst | 5 +
external/mpl/bind/dist/doc/misc/key.grammar.rst | 6 +
external/mpl/bind/dist/doc/misc/logging.grammar.rst | 17 +
external/mpl/bind/dist/doc/misc/managed-keys.grammar.rst | 6 +
external/mpl/bind/dist/doc/misc/master.zoneopt.rst | 59 +
external/mpl/bind/dist/doc/misc/masters.grammar.rst | 6 +
external/mpl/bind/dist/doc/misc/mirror.zoneopt.rst | 44 +
external/mpl/bind/dist/doc/misc/named.conf.rst | 1025 +
external/mpl/bind/dist/doc/misc/options | 6 +-
external/mpl/bind/dist/doc/misc/options.active | 6 +-
external/mpl/bind/dist/doc/misc/options.grammar.rst | 296 +
external/mpl/bind/dist/doc/misc/redirect.zoneopt.rst | 15 +
external/mpl/bind/dist/doc/misc/rst-grammars.pl | 65 +
external/mpl/bind/dist/doc/misc/rst-options.pl | 119 +
external/mpl/bind/dist/doc/misc/rst-zoneopt.pl | 43 +
external/mpl/bind/dist/doc/misc/server.grammar.rst | 34 +
external/mpl/bind/dist/doc/misc/slave.zoneopt.rst | 62 +
external/mpl/bind/dist/doc/misc/static-stub.zoneopt.rst | 13 +
external/mpl/bind/dist/doc/misc/statistics-channels.grammar.rst | 8 +
external/mpl/bind/dist/doc/misc/stub.zoneopt.rst | 29 +
external/mpl/bind/dist/doc/misc/trust-anchors.grammar.rst | 6 +
external/mpl/bind/dist/doc/misc/trusted-keys.grammar.rst | 5 +
external/mpl/bind/dist/doc/notes/notes-9.16.0.rst | 148 +
external/mpl/bind/dist/doc/notes/notes-9.16.1.rst | 44 +
external/mpl/bind/dist/doc/notes/notes-9.16.2.rst | 55 +
external/mpl/bind/dist/doc/notes/notes-9.16.3.rst | 77 +
external/mpl/bind/dist/doc/notes/notes-9.16.4.rst | 111 +
external/mpl/bind/dist/doc/notes/notes-9.16.5.rst | 64 +
external/mpl/bind/dist/fuzz/Makefile.in | 4 +-
external/mpl/bind/dist/lib/bind9/Makefile.in | 4 +-
external/mpl/bind/dist/lib/bind9/api | 2 +-
external/mpl/bind/dist/lib/dns/Makefile.in | 7 +-
external/mpl/bind/dist/lib/dns/api | 2 +-
external/mpl/bind/dist/lib/dns/include/dns/Makefile.in | 2 +-
external/mpl/bind/dist/lib/dns/include/dns/lmdb.h | 31 +
external/mpl/bind/dist/lib/dns/tests/Makefile.in | 8 +-
external/mpl/bind/dist/lib/dns/win32/libdns.def.in | 1 +
external/mpl/bind/dist/lib/irs/Makefile.in | 18 +-
external/mpl/bind/dist/lib/irs/tests/Makefile.in | 4 +-
external/mpl/bind/dist/lib/isc/Makefile.in | 6 +-
external/mpl/bind/dist/lib/isc/api | 2 +-
external/mpl/bind/dist/lib/isc/include/isc/Makefile.in | 2 +-
external/mpl/bind/dist/lib/isc/include/isc/utf8.h | 43 +
external/mpl/bind/dist/lib/isc/netmgr/Makefile.in | 1 +
external/mpl/bind/dist/lib/isc/tests/Makefile.in | 9 +-
external/mpl/bind/dist/lib/isc/utf8.c | 88 +
external/mpl/bind/dist/lib/isc/win32/libisc.def.in | 3 +
external/mpl/bind/dist/lib/isc/win32/libisc.vcxproj.filters.in | 6 +
external/mpl/bind/dist/lib/isc/win32/libisc.vcxproj.in | 56 +-
external/mpl/bind/dist/lib/isccc/Makefile.in | 2 +-
external/mpl/bind/dist/lib/isccc/tests/Makefile.in | 2 +-
external/mpl/bind/dist/lib/isccfg/Makefile.in | 4 +-
external/mpl/bind/dist/lib/isccfg/api | 2 +-
external/mpl/bind/dist/lib/isccfg/tests/Makefile.in | 4 +-
external/mpl/bind/dist/lib/ns/api | 2 +-
external/mpl/bind/dist/lib/ns/tests/Makefile.in | 4 +-
external/mpl/bind/dist/lib/ns/win32/libns.def | 1 +
external/mpl/bind/dist/lib/samples/Makefile.in | 15 +-
external/mpl/bind/dist/make/includes.in | 4 +-
external/mpl/bind/dist/make/rules.in | 45 +-
external/mpl/bind/dist/srcid | 2 +-
external/mpl/bind/dist/unit/unittest.sh.in | 112 +-
external/mpl/bind/dist/version | 2 +-
303 files changed, 35468 insertions(+), 1629 deletions(-)
diffs (truncated from 41727 to 300 lines):
diff -r c0b786382864 -r a621864ea2bc external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES Mon Aug 03 16:45:23 2020 +0000
+++ b/external/mpl/bind/dist/CHANGES Mon Aug 03 17:07:01 2020 +0000
@@ -1,3 +1,147 @@
+ --- 9.16.5 released ---
+
+5458. [bug] Prevent a theoretically possible NULL dereference caused
+ by a data race between zone_maintenance() and
+ dns_zone_setview_helper(). [GL #1627]
+
+5455. [bug] named could crash when cleaning dead nodes in
+ lib/dns/rbtdb.c that were being reused. [GL #1968]
+
+5454. [bug] Address a startup crash that occurred when the server
+ was under load and the root zone had not yet been
+ loaded. [GL #1862]
+
+5453. [bug] named crashed on shutdown when a new rndc connection was
+ received during shutdown. [GL #1747]
+
+5452. [bug] The "blackhole" ACL was accidentally disabled for client
+ queries. [GL #1936]
+
+5451. [func] Add 'rndc dnssec -status' command. [GL #1612]
+
+5449. [bug] Fix a socket shutdown race in netmgr udp. [GL #1938]
+
+5448. [bug] Fix a race condition in isc__nm_tcpdns_send().
+ [GL #1937]
+
+5447. [bug] IPv6 addresses ending in "::" could break YAML
+ parsing. A "0" is now appended to such addresses
+ in YAML output from dig, mdig, delv, and dnstap-read.
+ [GL #1952]
+
+5446. [bug] The validator could fail to accept a properly signed
+ RRset if an unsupported algorithm appeared earlier in
+ the DNSKEY RRset than a supported algorithm. It could
+ also stop if it detected a malformed public key.
+ [GL #1689]
+
+5444. [bug] 'rndc dnstap -roll <value>' did not limit the number of
+ saved files to <value>. [GL !3728]
+
+5443. [bug] The "primary" and "secondary" keywords, when used
+ as parameters for "check-names", were not
+ processed correctly and were being ignored. [GL #1949]
+
+5441. [bug] ${LMDB_CFLAGS} was missing from make/includes.in.
+ [GL #1955]
+
+5440. [test] Properly handle missing kyua. [GL #1950]
+
+5439. [bug] The DS RRset returned by dns_keynode_dsset() was used in
+ a non-thread-safe manner. [GL #1926]
+
+ --- 9.16.4 released ---
+
+5438. [bug] Fix a race in TCP accepting code. [GL #1930]
+
+5437. [bug] Fix a data race in lib/dns/resolver.c:log_formerr().
+ [GL #1808]
+
+5436. [security] It was possible to trigger an INSIST when determining
+ whether a record would fit into a TCP message buffer.
+ (CVE-2020-8618) [GL #1850]
+
+5435. [tests] Add RFC 4592 responses examples to the wildcard system
+ test. [GL #1718]
+
+5434. [security] It was possible to trigger an INSIST in
+ lib/dns/rbtdb.c:new_reference() with a particular zone
+ content and query patterns. (CVE-2020-8619) [GL #1111]
+ [GL #1718]
+
+5431. [func] Reject DS records at the zone apex when loading
+ master files. Log but otherwise ignore attempts to
+ add DS records at the zone apex via UPDATE. [GL #1798]
+
+5430. [doc] Update docs - with netmgr, a separate listening socket
+ is created for each IPv6 interface (just as with IPv4).
+ [GL #1782]
+
+5428. [bug] Clean up GSSAPI resources in nsupdate only after taskmgr
+ has been destroyed. Thanks to Petr Menšík. [GL !3316]
+
+5426. [bug] Don't abort() when setting SO_INCOMING_CPU on the socket
+ fails. [GL #1911]
+
+5425. [func] The default value of "max-stale-ttl" has been changed
+ from 1 week to 12 hours. [GL #1877]
+
+5424. [bug] With KASP, when creating a successor key, the "goal"
+ state of the current active key (predecessor) was not
+ changed and thus never removed from the zone. [GL #1846]
+
+5423. [bug] Fix a bug in keymgr_key_has_successor(): it incorrectly
+ returned true if any other key in the keyring had a
+ successor. [GL #1845]
+
+5422. [bug] When using dnssec-policy, print correct key timing
+ metadata. [GL #1843]
+
+5421. [bug] Fix a race that could cause named to crash when looking
+ up the nodename of an RBT node if the tree was modified.
+ [GL #1857]
+
+5420. [bug] Add missing isc_{mutex,conditional}_destroy() calls
+ that caused a memory leak on FreeBSD. [GL #1893]
+
+5418. [bug] delv failed to parse deprecated trusted-keys-style
+ trust anchors. [GL #1860]
+
+5416. [bug] Fix a lock order inversion in lib/isc/unix/socket.c.
+ [GL #1859]
+
+5415. [test] Address race in dnssec system test that led to
+ test failures. [GL #1852]
+
+5414. [test] Adjust time allowed for journal truncation to occur
+ in nsupdate system test to avoid test failure.
+ [GL #1855]
+
+5413. [test] Address race in autosign system test that led to
+ test failures. [GL #1852]
+
+5412. [bug] 'provide-ixfr no;' failed to return up-to-date responses
+ when the serial was greater than or equal to the
+ current serial. [GL #1714]
+
+5411. [cleanup] TCP accept code has been refactored to use a single
+ accept() and pass the accepted socket to child threads
+ for processing. [GL !3320]
+
+5409. [performance] When looking up NSEC3 data in a zone database, skip the
+ check for empty non-terminal nodes; the NSEC3 tree does
+ not have any. [GL #1834]
+
+5408. [protocol] Print Extended DNS Errors if present in OPT record.
+ [GL #1835]
+
+5407. [func] Zone timers are now exported via statistics channel.
+ Thanks to Paul Frieden, Verizon Media. [GL #1232]
+
+5405. [bug] 'named-checkconf -p' could include spurious text in
+ server-addresses statements due to an uninitialized DSCP
+ value. [GL #1812]
+
--- 9.16.3 released ---
5404. [bug] 'named-checkconf -z' could incorrectly indicate
diff -r c0b786382864 -r a621864ea2bc external/mpl/bind/dist/CONTRIBUTING.md
--- a/external/mpl/bind/dist/CONTRIBUTING.md Mon Aug 03 16:45:23 2020 +0000
+++ b/external/mpl/bind/dist/CONTRIBUTING.md Mon Aug 03 17:07:01 2020 +0000
@@ -8,8 +8,8 @@
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
-## BIND Source Access and Contributor Guidelines
-*Feb 22, 2018*
+## BIND 9 Source Access and Contributor Guidelines
+*May 28, 2020*
### Contents
@@ -19,12 +19,12 @@
### Introduction
-Thank you for using BIND!
+Thank you for using BIND 9!
BIND is open source software that implements the Domain Name System (DNS)
protocols for the Internet. It is a reference implementation of those
protocols, but it is also production-grade software, suitable for use in
-high-volume and high-reliability applications. It is by far the most
+high-volume and high-reliability applications. It is very
widely used DNS software, providing a robust and stable platform on top of
which organizations can build distributed computing systems with the
knowledge that those systems are fully compliant with published DNS
@@ -33,20 +33,20 @@
BIND is and will always remain free and openly available. It can be
used and modified in any way by anyone.
-BIND is maintained by the [Internet Systems Consortium](https://www.isc.org),
+BIND is maintained by [Internet Systems Consortium](https://www.isc.org),
a public-benefit 501(c)(3) nonprofit, using a "managed open source" approach:
anyone can see the source, but only ISC employees have commit access.
-Until recently, the source could only be seen once ISC had published
-a release: read access to the source repository was restricted just
-as commit access was. That's now changing, with the opening of a
+In the past, the source could only be seen once ISC had published
+a release; read access to the source repository was restricted just
+as commit access was. That has changed, as ISC now provides a
public git mirror to the BIND source tree (see below).
-At [Internet Systems Consortium](https://www.isc.org), we're committed to
-building communities that are welcoming and inclusive; environments where people
+At ISC, we're committed to
+building communities that are welcoming and inclusive: environments where people
are encouraged to share ideas, treat each other with respect, and collaborate
-towards the best solutions. To reinforce our commitment, the [Internet Systems
-Consortium](https://www.isc.org) has adopted the Contributor Covenant version
-1.4 as our Code of Conduct for BIND 9 project, as well as for the conduct of our
+towards the best solutions. To reinforce our commitment, ISC
+has adopted a slightly modified version of the Django
+[Code of Conduct](https://gitlab.isc.org/isc-projects/bind9/-/blob/master/CODE_OF_CONDUCT.md) for the BIND 9 project, as well as for the conduct of our
developers throughout the industry.
### <a name="access"></a>Access to source code
@@ -76,7 +76,7 @@
> $ git checkout v9_12
-Whenever a branch is ready for publication, a tag will be placed of the
+Whenever a branch is ready for publication, a tag is placed of the
form `v9_X_Y`. The 9.12.0 release, for instance, is tagged as `v9_12_0`.
The branch in which the next major release is being developed is called
@@ -86,16 +86,16 @@
Reports of flaws in the BIND package, including software bugs, errors
in the documentation, missing files in the tarball, suggested changes
-or requests for new features, etc, can be filed using
+or requests for new features, etc., can be filed using
[https://gitlab.isc.org/isc-projects/bind9/issues](https://gitlab.isc.org/isc-projects/bind9/issues).
Due to a large ticket backlog, we are sometimes slow to respond,
especially if a bug is cosmetic or if a feature request is vague or
-low in priority, but we will try at least to acknowledge legitimate
+low in priority, but we try at least to acknowledge legitimate
bug reports within a week.
-ISC's ticketing system is publicly readable; however, you must have
-an account to file a new issue. You can either register locally or
+ISC's GitLab system is publicly readable; however, you must have
+an account to create a new issue. You can either register locally or
use credentials from an existing account at GitHub, GitLab, Google,
Twitter, or Facebook.
@@ -105,26 +105,26 @@
report it immediately by emailing to security-officer%isc.org@localhost. Plain-text
e-mail is not a secure choice for communications concerning undisclosed
security issues so please encrypt your communications to us if possible,
-using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
+using the [ISC Security Officer public key](https://www.isc.org/pgpkey/).
Do not discuss undisclosed security vulnerabilities on any public mailing list.
ISC has a long history of handling reported vulnerabilities promptly and
effectively and we respect and acknowledge responsible reporters.
-ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/article/AA-00861/0](https://kb.isc.org/article/AA-00861/0).
+ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
If you have a crash, you may want to consult
-[‘What to do if your BIND or DHCP server has crashed.’](https://kb.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html)
+["What to do if your BIND or DHCP server has crashed."](https://kb.isc.org/docs/aa-00340)
### <a name="contrib"></a>Contributing code
BIND is licensed under the
-[Mozilla Public License 2.0](http://www.isc.org/downloads/software-support-policy/isc-license/).
-Earier versions (BIND 9.10 and earlier) were licensed under the [ISC License](http://www.isc.org/downloads/software-support-policy/isc-license/)
+[Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/).
+Earlier versions (BIND 9.10 and earlier) were licensed under the [ISC License](https://www.isc.org/licenses/)
ISC does not require an explicit copyright assignment for patch
contributions. However, by submitting a patch to ISC, you implicitly
-certify that you are the author of the code, that you intend to reliquish
+certify that you are the author of the code, that you intend to relinquish
exclusive copyright, and that you grant permission to publish your work
under the open source license used for the BIND version(s) to which your
patch will be applied.
@@ -132,7 +132,7 @@
#### <a name="bind"></a>BIND code
Patches for BIND may be submitted directly via merge requests in
-[ISC's Gitlab](https://gitlab.isc.org/isc-projects/bind9/) source
+[ISC's GitLab](https://gitlab.isc.org/isc-projects/bind9/) source
repository for BIND.
Patches can also be submitted as diffs against a specific version of
@@ -142,10 +142,9 @@
Those wanting to write code for BIND may be interested in the
[developer information](doc/dev/dev.md) page, which includes information
about BIND design and coding practices, including discussion of internal
-APIs and overall system architecture. (This is a work in progress, and
-still quite preliminary.)
+APIs and overall system architecture.
-Every patch submitted will be reviewed by ISC engineers following our
+Every patch submitted is reviewed by ISC engineers following our
[code review process](doc/dev/dev.md#reviews) before it is merged.
It may take considerable time to review patch submissions, especially if
@@ -156,7 +155,7 @@
To ensure your patch is acted on as promptly as possible, please:
* Try to adhere to the [BIND 9 coding style](doc/dev/style.md).
-* Run `make` `check` to ensure your change hasn't caused any
Home |
Main Index |
Thread Index |
Old Index