Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src upgrade to BIND 8.2.3. the upgrade is critical (security fi...
details: https://anonhg.NetBSD.org/src/rev/399fcd4bfecc
branches: trunk
changeset: 502920:399fcd4bfecc
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Jan 27 07:21:56 2001 +0000
description:
upgrade to BIND 8.2.3. the upgrade is critical (security fixes).
please test.
diffstat:
dist/bind/README | 37 +-
dist/bind/bin/dig/dig.c | 140 ++-
dist/bind/bin/dnskeygen/dnskeygen.c | 2 +-
dist/bind/bin/dnsquery/dnsquery.c | 2 +-
dist/bind/bin/host/host.c | 146 ++-
dist/bind/bin/irpd/irpd.c | 2 +-
dist/bind/bin/mkservdb/mkservdb.c | 2 +-
dist/bind/bin/named-bootconf/named-bootconf.sh | 2 +-
dist/bind/bin/named-xfer/named-xfer.c | 875 +++++++++++++++-----
dist/bind/bin/named/db_defs.h | 2 +-
dist/bind/bin/named/db_dump.c | 72 +-
dist/bind/bin/named/db_func.h | 2 +-
dist/bind/bin/named/db_glob.h | 2 +-
dist/bind/bin/named/db_glue.c | 19 +-
dist/bind/bin/named/db_ixfr.c | 2 +-
dist/bind/bin/named/db_load.c | 142 ++-
dist/bind/bin/named/db_lookup.c | 2 +-
dist/bind/bin/named/db_save.c | 2 +-
dist/bind/bin/named/db_sec.c | 2 +-
dist/bind/bin/named/db_tsig.c | 2 +-
dist/bind/bin/named/db_update.c | 26 +-
dist/bind/bin/named/named.conf | 3 +-
dist/bind/bin/named/named.h | 2 +-
dist/bind/bin/named/ns_config.c | 154 ++-
dist/bind/bin/named/ns_ctl.c | 121 ++-
dist/bind/bin/named/ns_defs.h | 58 +-
dist/bind/bin/named/ns_forw.c | 134 +-
dist/bind/bin/named/ns_func.h | 344 ++++---
dist/bind/bin/named/ns_glob.h | 22 +-
dist/bind/bin/named/ns_glue.c | 41 +-
dist/bind/bin/named/ns_init.c | 2 +-
dist/bind/bin/named/ns_ixfr.c | 445 +++++----
dist/bind/bin/named/ns_lexer.c | 10 +-
dist/bind/bin/named/ns_lexer.h | 4 +-
dist/bind/bin/named/ns_main.c | 315 +++++--
dist/bind/bin/named/ns_maint.c | 441 ++++++++-
dist/bind/bin/named/ns_ncache.c | 2 +-
dist/bind/bin/named/ns_notify.c | 49 +-
dist/bind/bin/named/ns_parser.y | 67 +-
dist/bind/bin/named/ns_parseutil.c | 2 +-
dist/bind/bin/named/ns_parseutil.h | 2 +-
dist/bind/bin/named/ns_req.c | 251 +++--
dist/bind/bin/named/ns_resp.c | 192 ++-
dist/bind/bin/named/ns_signal.c | 2 +-
dist/bind/bin/named/ns_sort.c | 6 +-
dist/bind/bin/named/ns_stats.c | 75 +-
dist/bind/bin/named/ns_udp.c | 2 +-
dist/bind/bin/named/ns_update.c | 403 +++++----
dist/bind/bin/named/ns_xfr.c | 2 +-
dist/bind/bin/named/pathtemplate.h | 2 +-
dist/bind/bin/ndc/ndc.c | 49 +-
dist/bind/bin/nslookup/commands.l | 2 +-
dist/bind/bin/nslookup/debug.c | 15 +-
dist/bind/bin/nslookup/getinfo.c | 13 +-
dist/bind/bin/nslookup/list.c | 2 +-
dist/bind/bin/nslookup/main.c | 2 +-
dist/bind/bin/nslookup/nslookup.help | 3 +-
dist/bind/bin/nslookup/pathnames.h | 2 +-
dist/bind/bin/nslookup/res.h | 2 +-
dist/bind/bin/nslookup/send.c | 8 +-
dist/bind/bin/nslookup/subr.c | 2 +-
dist/bind/bin/nsupdate/nsupdate.c | 2 +-
dist/bind/include/arpa/nameser.h | 12 +-
dist/bind/include/irs.h | 2 +-
dist/bind/include/isc/assertions.h | 2 +-
dist/bind/include/isc/list.h | 2 +-
dist/bind/include/isc/logging.h | 6 +-
dist/bind/include/isc/misc.h | 2 +-
dist/bind/include/port_after.h | 7 +-
dist/bind/include/port_before.h | 6 +-
dist/bind/include/resolv.h | 22 +-
dist/bind/lib/dst/bsafe_link.c | 2 +-
dist/bind/lib/dst/cylink_link.c | 2 +-
dist/bind/lib/dst/dst_api.c | 13 +-
dist/bind/lib/dst/eay_dss_link.c | 2 +-
dist/bind/lib/dst/hmac_link.c | 2 +-
dist/bind/lib/dst/prandom.c | 2 +-
dist/bind/lib/dst/rsaref_link.c | 2 +-
dist/bind/lib/dst/support.c | 2 +-
dist/bind/lib/inet/inet_cidr_pton.c | 2 +-
dist/bind/lib/inet/inet_net_ntop.c | 2 +-
dist/bind/lib/inet/inet_ntop.c | 2 +-
dist/bind/lib/irs/dns.c | 2 +-
dist/bind/lib/irs/dns_ho.c | 2 +-
dist/bind/lib/irs/dns_sv.c | 2 +-
dist/bind/lib/irs/gen_gr.c | 2 +-
dist/bind/lib/irs/gethostent.c | 2 +-
dist/bind/lib/irs/gethostent_r.c | 2 +-
dist/bind/lib/irs/getnameinfo.c | 2 +-
dist/bind/lib/irs/getnetent.c | 2 +-
dist/bind/lib/irs/getpwent.c | 2 +-
dist/bind/lib/irs/hesiod.c | 2 +-
dist/bind/lib/irs/irp.c | 2 +-
dist/bind/lib/irs/irpmarshall.c | 2 +-
dist/bind/lib/irs/irs_data.c | 7 +-
dist/bind/lib/irs/lcl.c | 2 +-
dist/bind/lib/irs/nis.c | 2 +-
dist/bind/lib/irs/util.c | 2 +-
dist/bind/lib/isc/ctl_clnt.c | 8 +-
dist/bind/lib/isc/ctl_p.c | 2 +-
dist/bind/lib/isc/ctl_srvr.c | 16 +-
dist/bind/lib/isc/ev_connects.c | 2 +-
dist/bind/lib/isc/ev_timers.c | 6 +-
dist/bind/lib/isc/ev_waits.c | 13 +-
dist/bind/lib/isc/eventlib.c | 7 +-
dist/bind/lib/isc/eventlib_p.h | 22 +-
dist/bind/lib/isc/logging.c | 2 +-
dist/bind/lib/isc/logging_p.h | 2 +-
dist/bind/lib/nameser/ns_name.c | 73 +-
dist/bind/lib/nameser/ns_parse.c | 2 +-
dist/bind/lib/nameser/ns_print.c | 2 +-
dist/bind/lib/nameser/ns_sign.c | 2 +-
dist/bind/lib/nameser/ns_verify.c | 2 +-
dist/bind/lib/resolv/res_data.c | 5 +-
dist/bind/lib/resolv/res_debug.c | 26 +-
dist/bind/lib/resolv/res_debug.h | 2 +-
dist/bind/lib/resolv/res_findzonecut.c | 15 +-
dist/bind/lib/resolv/res_init.c | 2 +-
dist/bind/lib/resolv/res_mkupdate.c | 2 +-
dist/bind/lib/resolv/res_query.c | 2 +-
dist/bind/lib/resolv/res_send.c | 1003 +++++++++++------------
dist/bind/lib/resolv/res_sendsigned.c | 2 +-
dist/bind/lib/resolv/res_update.c | 5 +-
dist/bind/man/host.1 | 6 +-
dist/bind/man/named.8 | 4 +-
dist/bind/man/named.conf.5 | 39 +-
dist/bind/man/nsupdate.8 | 6 +-
usr.sbin/bind/lib/Makefile | 4 +-
128 files changed, 3868 insertions(+), 2285 deletions(-)
diffs (truncated from 12119 to 300 lines):
diff -r c666c5d695e2 -r 399fcd4bfecc dist/bind/README
--- a/dist/bind/README Sat Jan 27 07:21:43 2001 +0000
+++ b/dist/bind/README Sat Jan 27 07:21:56 2001 +0000
@@ -1,5 +1,5 @@
-This is the source portion of BIND version 8.2.2, Patchlevel 7. Its
-companions are "doc" and "contrib" so you are probably not missing anything.
+This is the source portion of BIND version 8. Its companions are "doc" and
+"contrib" so you are probably not missing anything.
See the CHANGES file for a detailed listing of all changes. See the INSTALL
file for information on building and installing BIND.
@@ -7,17 +7,19 @@
See the SUPPORT file for information on obtaining commercial support for ISC
artifacts including BIND, INN, and DHCP.
-SECURITY NOTE:
+Note that BIND 8 is in "end-of-life", having been replaced by BIND 9. See
+http://www.isc.org/ for more details.
+
+BIND 8.2.3 Highlights
- Solaris and other pre-4.4BSD kernels do not respect ownership or
- protections on UNIX-domain sockets. This means that the default
- path for the NDC control socket (/var/run/ndc) is such that any
- user (root or other) on such systems can issue any NDC command
- except "start" and "restart". The short term fix for this is to
- override the default path and put such control sockets into root-
- owned directories which do not permit non-root to r/w/x through them.
- The medium term fix is for BIND to enforce this requirement internally.
- The long term fix is for all kernels to upgrade to 4.4BSD semantics.
+ Improved support for Windows NT and Windows 2000.
+ Host stats are no longer required to track the source of a record.
+ IXFR improvements.
+ Forwarders track and use RTT to select fastest.
+ Unix domain sockets implementions that require the directory
+ to be secure, are now secured.
+ Many minor problems fixed.
+ Linux DoS removed.
BIND 8.2.2 patchlevel 5 Highlights
@@ -47,7 +49,6 @@
New global options for "transfer-source" and "also-notify".
$GENERATE now supports more record types, and options.
-
BIND 8.2.1 Highlights
Bug fixes, especially to DNSSEC, TSIG, IXFR, and selective forwarding.
@@ -72,7 +73,6 @@
Documentation improvements
Performance enhancements
-
BIND 8.1.2 Highlights
Security fixes for a number of problems including:
@@ -133,7 +133,6 @@
Experimental -u (set user id), -g (set group id), and -t (chroot)
command line options. See the INSTALL file for details.
-
BIND 8 Features
-> DNS Dynamic Updates (RFC 2136)
@@ -155,7 +154,6 @@
-> Many bug fixes
-
File and Directory Overview
CHANGES history of added features and
@@ -196,7 +194,6 @@
<URL:http://www.isc.org/bind.html> the BIND home page
<URL:mailto:bind-bugs%isc.org@localhost> bug reports
-
To Support the Effort
Note that BIND is supported by the Internet Software Consortium, and
@@ -208,6 +205,6 @@
The Internet Software Consortium has also commissioned a DHCP server
implementation, has taken over official support/release of the INN
- system, and supports the Kerberos Version 5 effort at MIT. You can
- learn more about the ISC's goals and accomplishments from the web page
- at <URL:http://www.isc.org/>.
+ system, and has supported the Kerberos Version 5 effort at MIT. You
+ can learn more about the ISC's goals and accomplishments from the web
+ page at <URL:http://www.isc.org/>.
diff -r c666c5d695e2 -r 399fcd4bfecc dist/bind/bin/dig/dig.c
--- a/dist/bind/bin/dig/dig.c Sat Jan 27 07:21:43 2001 +0000
+++ b/dist/bind/bin/dig/dig.c Sat Jan 27 07:21:56 2001 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: dig.c,v 1.2 2000/10/08 09:53:43 is Exp $ */
+/* $NetBSD: dig.c,v 1.3 2001/01/27 07:21:56 itojun Exp $ */
#ifndef lint
-static const char rcsid[] = "Id: dig.c,v 8.36 1999/11/05 05:05:14 vixie Exp";
+static const char rcsid[] = "Id: dig.c,v 8.44 2000/12/23 08:14:31 vixie Exp";
#endif
/*
@@ -169,6 +169,7 @@
#include <isc/dst.h>
+#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
@@ -186,8 +187,8 @@
/* Global. */
-#define VERSION 82
-#define VSTRING "8.2"
+#define VERSION 83
+#define VSTRING "8.3"
#define PRF_DEF 0x2ff9
#define PRF_MIN 0xA930
@@ -202,7 +203,6 @@
static int eecode = 0;
static FILE * qfp;
-static int sockFD;
static char *defsrv, *srvmsg;
static char defbuf[40] = "default -- ";
static char srvbuf[60];
@@ -229,7 +229,7 @@
/* Forward. */
static void Usage(void);
-static int SetOption(const char *);
+static int setopt(const char *);
static void res_re_init(void);
static int xstrtonum(char *);
static int printZone(ns_type, const char *,
@@ -272,19 +272,17 @@
ns_type xfr = ns_t_invalid;
int bytes_out, bytes_in;
- char cmd[256];
+ char cmd[512];
char domain[MAXDNAME];
- char msg[120], *msgptr;
- char **vtmp;
+ char msg[120], **vtmp;
char *args[DIG_MAXARGS];
char **ax;
int once = 1, dofile = 0; /* batch -vs- interactive control */
- char fileq[100];
+ char fileq[384];
int fp;
int wait=0, delay;
int envset=0, envsave=0;
struct __res_state res_x, res_t;
- char *pp;
ns_tsig_key key;
char *keyfile = NULL, *keyname = NULL;
@@ -350,6 +348,7 @@
res.id = 1;
gettimeofday(&tv1, NULL);
+ assert(tv1.tv_usec >= 0 && tv1.tv_usec < 1000000);
/*
* Main section: once if cmd-line query
@@ -359,8 +358,10 @@
while ((dofile && fgets(fileq, sizeof fileq, qfp) != NULL) ||
(!dofile && once--))
{
- if (*fileq == '\n' || *fileq == '#' || *fileq==';')
- continue; /* ignore blank lines & comments */
+ if (*fileq == '\n' || *fileq == '#' || *fileq==';') {
+ printf("%s", fileq); /* echo but otherwise ignore */
+ continue; /* blank lines and comments */
+ }
/*
* "Sticky" requests that before current parsing args
@@ -400,7 +401,7 @@
if (**argv == '%')
continue;
if (**argv == '+') {
- SetOption(*argv+1);
+ setopt(*argv+1);
continue;
}
if (**argv == '=') {
@@ -424,11 +425,16 @@
if (**argv == '-') {
switch (argv[0][1]) {
case 'T':
- wait = atoi(*++argv);
+ if (*++argv == NULL)
+ printf("; no arg for -T?\n");
+ else
+ wait = atoi(*argv);
break;
case 'c':
- if ((tmp = atoi(*++argv))
- || *argv[0]=='0') {
+ if(*++argv == NULL)
+ printf("; no arg for -c?\n");
+ else if ((tmp = atoi(*argv))
+ || *argv[0] == '0') {
queryClass = tmp;
} else if ((tmp = StringToClass(*argv,
0, NULL)
@@ -441,7 +447,9 @@
}
break;
case 't':
- if ((tmp = atoi(*++argv))
+ if (*++argv == NULL)
+ printf("; no arg for -t?\n");
+ else if ((tmp = atoi(*argv))
|| *argv[0]=='0') {
queryType = tmp;
qtypeSet++;
@@ -454,17 +462,15 @@
printf(
"; invalid type specified\n"
);
- }
+ }
break;
case 'x':
if (!qtypeSet) {
queryType = T_ANY;
qtypeSet++;
}
- if (!(addrc = *++argv)) {
- printf(
- "; no arg for -x?\n"
- );
+ if ((addrc = *++argv) == NULL) {
+ printf("; no arg for -x?\n");
break;
}
addrend = addrc + strlen(addrc);
@@ -482,8 +488,10 @@
case 'p':
if (argv[0][2] != '\0')
port = ntohs(atoi(argv[0]+2));
+ else if (*++argv == NULL)
+ printf("; no arg for -p?\n");
else
- port = htons(atoi(*++argv));
+ port = htons(atoi(*argv));
break;
case 'P':
if (argv[0][2] != '\0')
@@ -494,16 +502,21 @@
case 'n':
if (argv[0][2] != '\0')
res.ndots = atoi(argv[0]+2);
+ else if (*++argv == NULL)
+ printf("; no arg for -n?\n");
else
- res.ndots = atoi(*++argv);
+ res.ndots = atoi(*argv);
break;
case 'b': {
char *a, *p;
if (argv[0][2] != '\0')
a = argv[0]+2;
- else
- a = *++argv;
+ else if (*++argv == NULL) {
+ printf("; no arg for -b?\n");
+ break;
+ } else
+ a = *argv;
if ((p = strchr(a, ':')) != NULL) {
*p++ = '\0';
myaddress.sin_port =
@@ -514,14 +527,18 @@
";; bad -b addr\n");
exit(1);
}
- }
+ }
+ break;
case 'k':
/* -k keydir:keyname */
if (argv[0][2] != '\0')
keyfile = argv[0]+2;
- else
- keyfile = *++argv;
+ else if (*++argv == NULL) {
+ printf("; no arg for -k?\n");
+ break;
+ } else
Home |
Main Index |
Thread Index |
Old Index