Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6-1]: src/external/bsd/bind/dist Apply patch (requested by mrg in...
details: https://anonhg.NetBSD.org/src/rev/f622338c9f65
branches: netbsd-6-1
changeset: 776259:f622338c9f65
user: snj <snj%NetBSD.org@localhost>
date: Mon Aug 28 06:30:35 2017 +0000
description:
Apply patch (requested by mrg in ticket #1491):
Update BIND to 9.9.11.
diffstat:
external/bsd/bind/dist/CHANGES | 476 +++++++++++++-
external/bsd/bind/dist/FAQ | 890 ---------------------------
external/bsd/bind/dist/FAQ.xml | 22 +-
external/bsd/bind/dist/HISTORY | 551 ++++++----------
external/bsd/bind/dist/HISTORY.md | 246 +++++++
external/bsd/bind/dist/Makefile.in | 29 +-
external/bsd/bind/dist/OPTIONS | 25 +
external/bsd/bind/dist/OPTIONS.md | 32 +
external/bsd/bind/dist/README | 781 ++++++++++------------
external/bsd/bind/dist/README.md | 438 +++++++++++++
external/bsd/bind/dist/acconfig.h | 8 +-
external/bsd/bind/dist/bind.keys | 13 +-
external/bsd/bind/dist/config.h.in | 42 +-
external/bsd/bind/dist/configure | 887 ++++++++++++++++++--------
external/bsd/bind/dist/configure.in | 549 ++++++++++------
external/bsd/bind/dist/isc-config.sh.1 | 6 +-
external/bsd/bind/dist/isc-config.sh.docbook | 5 +-
external/bsd/bind/dist/isc-config.sh.html | 94 ++-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 6 +-
20 files changed, 2866 insertions(+), 2236 deletions(-)
diffs (truncated from 6466 to 300 lines):
diff -r a42cb3b14263 -r f622338c9f65 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Sat Aug 26 16:37:36 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Mon Aug 28 06:30:35 2017 +0000
@@ -1,4 +1,152 @@
- --- 9.9.9-P8 released ---
+ --- 9.9.11 released ---
+
+ --- 9.9.11rc2 released ---
+
+4653. [bug] Reorder includes to move @DST_OPENSSL_INC@ and
+ @ISC_OPENSSL_INC@ after shipped include directories.
+ [RT #45581]
+
+ --- 9.9.11rc1 released ---
+
+4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
+ will not fit into a single IPv4 encapsulated IPv6
+ UDP packet when transmitted over a Ethernet link.
+ [RT #42871]
+
+4647. [bug] Change 4643 broke verification of TSIG signed TCP
+ message sequences where not all the messages contain
+ TSIG records. These may be used in AXFR and IXFR
+ responses. [RT #45509]
+
+4646. [bug] Install lib/export libraries with ${INSTALL_LIBRARY}.
+ [RT #45497]
+
+ --- 9.9.11b1 released ---
+
+4643. [security] An error in TSIG handling could permit unauthorized
+ zone transfers or zone updates. (CVE-2017-3142)
+ (CVE-2017-3143) [RT #45383]
+
+4642. [cleanup] Add more logging of RFC 5011 events affecting the
+ status of managed keys: newly observed keys,
+ deletion of revoked keys, etc. [RT #45354]
+
+4641. [cleanup] Parallel builds (make -j) could fail with --with-atf /
+ --enable-developer. [RT #45373]
+
+4640. [bug] If query_findversion failed in query_getdb due to
+ memory failure the error status was incorrectly
+ discarded. [RT #45331]
+
+4636. [bug] Normalize rpz policy zone names when checking for
+ existence. [RT #45358]
+
+4634. [contrib] check5011.pl needs to handle optional space before
+ semi-colon in +multi-line output. [RT #45352]
+
+4633. [maint] Updated AAAA (2001:500:200::b) for B.ROOT-SERVERS.NET.
+
+4632. [security] The BIND installer on Windows used an unquoted
+ service path, which can enable privilege escalation.
+ (CVE-2017-3141) [RT #45229]
+
+4631. [security] Some RPZ configurations could go into an infinite
+ query loop when encountering responses with TTL=0.
+ (CVE-2017-3140) [RT #45181]
+
+4629. [bug] dns_client_startupdate could not be called with a
+ running client. [RT #45277]
+
+4628. [bug] Fixed a potential reference leak in query_getdb().
+ [RT #45247]
+
+4626. [test] Added more tests for handling of different record
+ ordering in CNAME and DNAME responses. [QA #430]
+
+4624. [bug] Check isc_mem_strdup results in dns_view_setnewzones.
+ [RT #45210]
+
+4622. [bug] Remove unnecessary escaping of semicolon in CAA and
+ URI records. [RT #45216]
+
+4621. [port] Force alignment of oid arrays to silence loader
+ warnings. [RT #45131]
+
+4620. [port] Handle EPFNOSUPPORT being returned when probing
+ to see if a socket type is supported. [RT #45214]
+
+4617. [test] Update rndc system test to be more delay tolerant.
+ [RT #45177]
+
+4615. [bug] AD could be set on truncated answer with no records
+ present in the answer and authority sections.
+ [RT #45140]
+
+4614. [test] Fixed an error in the sockaddr unit test. [RT #45146]
+
+4612. [bug] Silence 'may be use uninitalised' warning and simplify
+ the code in lwres/getaddinfo:process_answer.
+ [RT #45158]
+
+4609. [cleanup] Rearrange makefiles to enable parallel execution
+ (i.e. "make -j"). [RT #45078]
+
+4608. [func] DiG now warns about .local queries which are reserved
+ for Multicast DNS. [RT #44783]
+
+4604. [bug] Don't use ERR_load_crypto_strings() when building
+ with OpenSSL 1.1.0. [RT #45117]
+
+4603. [doc] Automatically generate named.conf(5) man page
+ from doc/misc/options. Thanks to Tony Finch.
+ [RT #43525]
+
+4602. [func] Threads are now set to human-readable
+ names to assist debugging, when supported by
+ the OS. [RT #43234]
+
+4601. [bug] Reject incorrect RSA key lengths during key
+ generation and and sign/verify context
+ creation. [RT #45043]
+
+4599. [bug] Fix inconsistencies in inline signing time
+ comparison that were introduced with the
+ introduction of rdatasetheader->resign_lsb.
+ [RT #42112]
+
+4597. [bug] The validator now ignores SHA-1 DS digest type
+ when a DS record with SHA-384 digest type is
+ present and is a supported digest type.
+ [RT #45017]
+
+4596. [bug] Validate glue before adding it to the additional
+ section. This also fixes incorrect TTL capping
+ when the RRSIG expired earlier than the TTL.
+ [RT #45062]
+
+4593. [doc] Update README using markdown, remove outdated FAQ
+ file in favor of the knowledge base.
+
+4592. [bug] A race condition on shutdown could trigger an
+ assertion failure in dispatch.c. [RT #43822]
+
+4591. [port] Addressed some python 3 compatibility issues.
+ Thanks to Ville Skytta. [RT #44955] [RT #44956]
+
+4589. [cleanup] "configure -q" is now silent. [RT #44829]
+
+4588. [bug] nsupdate could send queries for TKEY to the wrong
+ server when using GSSAPI. Thanks to Tomas Hozza.
+ [RT #39893]
+
+4587. [bug] named-checkzone failed to handle occulted data below
+ DNAMEs correctly. [RT #44877]
+
+4585. [port] win32: Set CompileAS value. [RT #42474]
+
+ --- 9.9.10 released ---
+
+ --- 9.9.10rc3 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
@@ -6,7 +154,7 @@
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
- --- 9.9.9-P7 released ---
+ --- 9.9.10rc2 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
@@ -15,18 +163,81 @@
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
+ --- 9.9.10rc1 released ---
+
+4571. [bug] Out-of-tree builds of backtrace_test failed.
+
+4570. [cleanup] named did not correctly fall back to the built-in
+ initializing keys if the bind.keys file was present
+ but empty. [RT #44531]
+
+4568. [contrib] Added a --with-bind option to the dnsperf configure
+ script to specify BIND prefix path.
+
+4567. [port] Call getprotobyname and getservbyname prior to calling
+ chroot so that shared libraries get loaded. [RT #44537]
+
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
- --- 9.9.9-P6 released ---
+4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
+
+4560. [bug] mdig: add -m option to enable memory debugging rather
+ than having it on all the time. [RT #44509]
+
+4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
+ was turned off. [RT #44509]
4558. [bug] Synthesised CNAME before matching DNAME was still
- being cached when it should not have been. [RT #44318]
+ being cached when it should not have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
- --- 9.9.9-P5 released ---
+4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
+ [RT #44336]
+
+4553. [bug] Named could deadlock there were multiple changes to
+ NSEC/NSEC3 parameters for a zone being processed at
+ the same time. [RT #42770]
+
+4552. [bug] Named could trigger a assertion when sending notify
+ messages. [RT #44019]
+
+4551. [test] Add system tests for integrity checks of MX and
+ SRV records. [RT #43953]
+
+4550. [cleanup] Increased the number of available master file
+ output style flags from 32 to 64. [RT #44043]
+
+ --- 9.9.10b1 released ---
+
+4543. [bug] dns_client_startupdate now delays sending the update
+ request until isc_app_ctxrun has been called.
+ [RT #43976]
+
+4541. [bug] rndc addzone should properly reject non master/slave
+ zones. [RT #43665]
+
+4539. [bug] Referencing a nonexistent zone with RPZ could lead
+ to a assertion failure when configuring. [RT #43787]
+
+4538. [bug] Call dns_client_startresolve from client->task.
+ [RT #43896]
+
+4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
+
+4535. [bug] Address race condition in setting / testing of
+ DNS_REQUEST_F_SENDING. [RT #43889]
+
+4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
+
+4533. [bug] dns_client_update should terminate on prerequisite
+ failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
+ and also on BADZONE. [RT #43865]
+
+4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
+ [RT #43836]
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
@@ -35,34 +246,198 @@
4528. [bug] Only set the flag bits for the i/o we are waiting
for on EPOLLERR or EPOLLHUP. [RT #43617]
+4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
+
+4526. [doc] Corrected errors and improved formatting of
+ grammar definitions in the ARM. [RT #43739]
+
+4525. [doc] Fixed outdated documentation on managed-keys.
+ [RT #43810]
+
+4524. [bug] The net zero test was broken causing IPv4 servers
+ with addresses ending in .0 to be rejected. [RT #43776]
+
+4523. [doc] Expand config doc for <querysource4> and
+ <querysource6>. [RT #43768]
+
+4522. [bug] Handle big gaps in log file version numbers better.
+ [RT #38688]
+
+4521. [cleanup] Log it as an error if an entropy source is not
+ found and there is no fallback available. [RT #43659]
+
+4520. [cleanup] Alphabetize more of the grammar when printing it
+ out. [RT #43755]
+
4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
(CVE-2016-9444) [RT # 43632]
+4515. [port] FreeBSD: Find readline headers when they are in
+ edit/readline/ instead of readline/. [RT #43658]
+
+4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
+ [RT #43566]
+
4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
[RT #43548]
+4509. [test] Make the rrl system test more reliable on slower
+ machines by using mdig instead of dig. [RT #43280]
+
4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
Home |
Main Index |
Thread Index |
Old Index