Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/mpl/bind/dist --- 9.16.5 released ---



details:   https://anonhg.NetBSD.org/src/rev/acc3169347d1
branches:  trunk
changeset: 936972:acc3169347d1
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Aug 03 17:07:01 2020 +0000

description:
--- 9.16.5 released ---

5458.   [bug]           Prevent a theoretically possible NULL dereference caused
                        by a data race between zone_maintenance() and
                        dns_zone_setview_helper(). [GL #1627]

5455.   [bug]           named could crash when cleaning dead nodes in
                        lib/dns/rbtdb.c that were being reused. [GL #1968]

5454.   [bug]           Address a startup crash that occurred when the server
                        was under load and the root zone had not yet been
                        loaded. [GL #1862]

5453.   [bug]           named crashed on shutdown when a new rndc connection was
                        received during shutdown. [GL #1747]

5452.   [bug]           The "blackhole" ACL was accidentally disabled for client
                        queries. [GL #1936]

5451.   [func]          Add 'rndc dnssec -status' command. [GL #1612]

5449.   [bug]           Fix a socket shutdown race in netmgr udp. [GL #1938]

5448.   [bug]           Fix a race condition in isc__nm_tcpdns_send().
                        [GL #1937]

5447.   [bug]           IPv6 addresses ending in "::" could break YAML
                        parsing. A "0" is now appended to such addresses
                        in YAML output from dig, mdig, delv, and dnstap-read.
                        [GL #1952]

5446.   [bug]           The validator could fail to accept a properly signed
                        RRset if an unsupported algorithm appeared earlier in
                        the DNSKEY RRset than a supported algorithm. It could
                        also stop if it detected a malformed public key.
                        [GL #1689]

5444.   [bug]           'rndc dnstap -roll <value>' did not limit the number of
                        saved files to <value>. [GL !3728]

5443.   [bug]           The "primary" and "secondary" keywords, when used
                        as parameters for "check-names", were not
                        processed correctly and were being ignored. [GL #1949]

5441.   [bug]           ${LMDB_CFLAGS} was missing from make/includes.in.
                        [GL #1955]

5440.   [test]          Properly handle missing kyua. [GL #1950]

5439.   [bug]           The DS RRset returned by dns_keynode_dsset() was used in
                        a non-thread-safe manner. [GL #1926]

        --- 9.16.4 released ---

5438.   [bug]           Fix a race in TCP accepting code. [GL #1930]

5437.   [bug]           Fix a data race in lib/dns/resolver.c:log_formerr().
                        [GL #1808]

5436.   [security]      It was possible to trigger an INSIST when determining
                        whether a record would fit into a TCP message buffer.
                        (CVE-2020-8618) [GL #1850]

5435.   [tests]         Add RFC 4592 responses examples to the wildcard system
                        test. [GL #1718]

5434.   [security]      It was possible to trigger an INSIST in
                        lib/dns/rbtdb.c:new_reference() with a particular zone
                        content and query patterns. (CVE-2020-8619) [GL #1111]
                        [GL #1718]

5431.   [func]          Reject DS records at the zone apex when loading
                        master files. Log but otherwise ignore attempts to
                        add DS records at the zone apex via UPDATE. [GL #1798]

5430.   [doc]           Update docs - with netmgr, a separate listening socket
                        is created for each IPv6 interface (just as with IPv4).
                        [GL #1782]

5428.   [bug]           Clean up GSSAPI resources in nsupdate only after taskmgr
                        has been destroyed. Thanks to Petr Menšík. [GL !3316]

5426.   [bug]           Don't abort() when setting SO_INCOMING_CPU on the socket
                        fails. [GL #1911]

5425.   [func]          The default value of "max-stale-ttl" has been changed
                        from 1 week to 12 hours. [GL #1877]

5424.   [bug]           With KASP, when creating a successor key, the "goal"
                        state of the current active key (predecessor) was not
                        changed and thus never removed from the zone. [GL #1846]

5423.   [bug]           Fix a bug in keymgr_key_has_successor(): it incorrectly
                        returned true if any other key in the keyring had a
                        successor. [GL #1845]

5422.   [bug]           When using dnssec-policy, print correct key timing
                        metadata. [GL #1843]

5421.   [bug]           Fix a race that could cause named to crash when looking
                        up the nodename of an RBT node if the tree was modified.
                        [GL #1857]

5420.   [bug]           Add missing isc_{mutex,conditional}_destroy() calls
                        that caused a memory leak on FreeBSD. [GL #1893]

5418.   [bug]           delv failed to parse deprecated trusted-keys-style
                        trust anchors. [GL #1860]

5416.   [bug]           Fix a lock order inversion in lib/isc/unix/socket.c.
                        [GL #1859]

5415.   [test]          Address race in dnssec system test that led to
                        test failures. [GL #1852]

5414.   [test]          Adjust time allowed for journal truncation to occur
                        in nsupdate system test to avoid test failure.
                        [GL #1855]

5413.   [test]          Address race in autosign system test that led to
                        test failures. [GL #1852]

5412.   [bug]           'provide-ixfr no;' failed to return up-to-date responses
                        when the serial was greater than or equal to the
                        current serial. [GL #1714]

5411.   [cleanup]       TCP accept code has been refactored to use a single
                        accept() and pass the accepted socket to child threads
                        for processing. [GL !3320]

5409.   [performance]   When looking up NSEC3 data in a zone database, skip the
                        check for empty non-terminal nodes; the NSEC3 tree does
                        not have any. [GL #1834]

5408.   [protocol]      Print Extended DNS Errors if present in OPT record.
                        [GL #1835]

5407.   [func]          Zone timers are now exported via statistics channel.
                        Thanks to Paul Frieden, Verizon Media. [GL #1232]

5405.   [bug]           'named-checkconf -p' could include spurious text in
                        server-addresses statements due to an uninitialized DSCP
                        value. [GL #1812]

diffstat:

 external/mpl/bind/dist/CHANGES                                                      |   144 +
 external/mpl/bind/dist/CONTRIBUTING.md                                              |    74 +-
 external/mpl/bind/dist/PLATFORMS                                                    |     6 +-
 external/mpl/bind/dist/PLATFORMS.md                                                 |    12 +-
 external/mpl/bind/dist/bin/check/Makefile.in                                        |    22 +-
 external/mpl/bind/dist/bin/check/named-checkconf.rst                                |   105 +
 external/mpl/bind/dist/bin/check/named-checkzone.rst                                |   214 +
 external/mpl/bind/dist/bin/confgen/Makefile.in                                      |    24 +-
 external/mpl/bind/dist/bin/confgen/ddns-confgen.rst                                 |   103 +
 external/mpl/bind/dist/bin/confgen/rndc-confgen.rst                                 |   120 +
 external/mpl/bind/dist/bin/delv/Makefile.in                                         |    20 +-
 external/mpl/bind/dist/bin/delv/delv.rst                                            |   336 +
 external/mpl/bind/dist/bin/dig/Makefile.in                                          |    24 +-
 external/mpl/bind/dist/bin/dig/dig.rst                                              |   634 +
 external/mpl/bind/dist/bin/dig/host.rst                                             |   181 +
 external/mpl/bind/dist/bin/dig/nslookup.rst                                         |   226 +
 external/mpl/bind/dist/bin/dnssec/Makefile.in                                       |    25 +-
 external/mpl/bind/dist/bin/dnssec/dnssec-cds.rst                                    |   212 +
 external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.rst                              |   150 +
 external/mpl/bind/dist/bin/dnssec/dnssec-importkey.rst                              |   123 +
 external/mpl/bind/dist/bin/dnssec/dnssec-keyfromlabel.rst                           |   276 +
 external/mpl/bind/dist/bin/dnssec/dnssec-keygen.rst                                 |   328 +
 external/mpl/bind/dist/bin/dnssec/dnssec-revoke.rst                                 |    81 +
 external/mpl/bind/dist/bin/dnssec/dnssec-settime.rst                                |   230 +
 external/mpl/bind/dist/bin/dnssec/dnssec-signzone.rst                               |   392 +
 external/mpl/bind/dist/bin/dnssec/dnssec-verify.rst                                 |   108 +
 external/mpl/bind/dist/bin/named/Makefile.in                                        |    33 +-
 external/mpl/bind/dist/bin/named/bind9.xsl                                          |     7 +-
 external/mpl/bind/dist/bin/named/named.conf.rst                                     |  1019 +
 external/mpl/bind/dist/bin/named/named.rst                                          |   234 +
 external/mpl/bind/dist/bin/nsupdate/Makefile.in                                     |    23 +-
 external/mpl/bind/dist/bin/nsupdate/nsupdate.rst                                    |   365 +
 external/mpl/bind/dist/bin/pkcs11/Makefile.in                                       |    23 +-
 external/mpl/bind/dist/bin/pkcs11/pkcs11-destroy.rst                                |    71 +
 external/mpl/bind/dist/bin/pkcs11/pkcs11-keygen.rst                                 |    90 +
 external/mpl/bind/dist/bin/pkcs11/pkcs11-list.rst                                   |    66 +
 external/mpl/bind/dist/bin/pkcs11/pkcs11-tokens.rst                                 |    53 +
 external/mpl/bind/dist/bin/plugins/Makefile.in                                      |    18 +-
 external/mpl/bind/dist/bin/plugins/filter-aaaa.rst                                  |    99 +
 external/mpl/bind/dist/bin/python/Makefile.in                                       |    16 -
 external/mpl/bind/dist/bin/python/dnssec-checkds.rst                                |    67 +
 external/mpl/bind/dist/bin/python/dnssec-coverage.rst                               |   151 +
 external/mpl/bind/dist/bin/python/dnssec-keymgr.rst                                 |   224 +
 external/mpl/bind/dist/bin/rndc/Makefile.in                                         |    23 +-
 external/mpl/bind/dist/bin/rndc/rndc.conf.rst                                       |   166 +
 external/mpl/bind/dist/bin/rndc/rndc.rst                                            |   583 +
 external/mpl/bind/dist/bin/tests/Makefile.in                                        |     6 +-
 external/mpl/bind/dist/bin/tests/optional/Makefile.in                               |     6 +-
 external/mpl/bind/dist/bin/tests/pkcs11/Makefile.in                                 |     2 +-
 external/mpl/bind/dist/bin/tests/pkcs11/benchmarks/Makefile.in                      |     2 +-
 external/mpl/bind/dist/bin/tests/system/Makefile.in                                 |     4 +-
 external/mpl/bind/dist/bin/tests/system/acl/ns2/named5.conf.in                      |     1 +
 external/mpl/bind/dist/bin/tests/system/acl/tests.sh                                |    20 +
 external/mpl/bind/dist/bin/tests/system/autosign/tests.sh                           |    24 +-
 external/mpl/bind/dist/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf |    15 +
 external/mpl/bind/dist/bin/tests/system/checkconf/bad-checknames-primary-dup.conf   |    15 +
 external/mpl/bind/dist/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf |    15 +
 external/mpl/bind/dist/bin/tests/system/checkconf/good.conf                         |     8 +
 external/mpl/bind/dist/bin/tests/system/checkconf/good.zonelist                     |     1 +
 external/mpl/bind/dist/bin/tests/system/checkconf/tests.sh                          |     2 +-
 external/mpl/bind/dist/bin/tests/system/checknames/ns4/named.conf.in                |     2 +-
 external/mpl/bind/dist/bin/tests/system/checknames/tests.sh                         |     2 +-
 external/mpl/bind/dist/bin/tests/system/checkzone/zones/bad-ds.db                   |     4 +
 external/mpl/bind/dist/bin/tests/system/conf.sh.common                              |    27 +-
 external/mpl/bind/dist/bin/tests/system/conf.sh.in                                  |     3 +-
 external/mpl/bind/dist/bin/tests/system/conf.sh.win32                               |     1 +
 external/mpl/bind/dist/bin/tests/system/digdelv/clean.sh                            |    10 +-
 external/mpl/bind/dist/bin/tests/system/digdelv/ns2/example.db.in                   |     2 +
 external/mpl/bind/dist/bin/tests/system/digdelv/tests.sh                            |   123 +-
 external/mpl/bind/dist/bin/tests/system/digdelv/yamlget.py                          |    10 +-
 external/mpl/bind/dist/bin/tests/system/dnssec/ns1/sign.sh                          |     2 +
 external/mpl/bind/dist/bin/tests/system/dnssec/tests.sh                             |    29 +-
 external/mpl/bind/dist/bin/tests/system/dnstap/clean.sh                             |     6 +-
 external/mpl/bind/dist/bin/tests/system/dnstap/tests.sh                             |    25 +-
 external/mpl/bind/dist/bin/tests/system/dnstap/ydump.py                             |     4 +-
 external/mpl/bind/dist/bin/tests/system/dyndb/driver/Makefile.in                    |     4 +-
 external/mpl/bind/dist/bin/tests/system/ixfr/ns3/mytest2.db                         |     2 +-
 external/mpl/bind/dist/bin/tests/system/ixfr/tests.sh                               |    37 +-
 external/mpl/bind/dist/bin/tests/system/kasp/clean.sh                               |     5 +-
 external/mpl/bind/dist/bin/tests/system/kasp/ns3/setup.sh                           |  1112 +-
 external/mpl/bind/dist/bin/tests/system/kasp/ns4/named.conf.in                      |     9 +
 external/mpl/bind/dist/bin/tests/system/kasp/ns5/named.conf.in                      |     9 +
 external/mpl/bind/dist/bin/tests/system/kasp/ns6/setup.sh                           |   223 +-
 external/mpl/bind/dist/bin/tests/system/kasp/tests.sh                               |  1866 ++-
 external/mpl/bind/dist/bin/tests/system/nsupdate/tests.sh                           |    32 +-
 external/mpl/bind/dist/bin/tests/system/pipelined/Makefile.in                       |     4 +-
 external/mpl/bind/dist/bin/tests/system/rndc/Makefile.in                            |     2 +-
 external/mpl/bind/dist/bin/tests/system/rpz/Makefile.in                             |     4 +-
 external/mpl/bind/dist/bin/tests/system/rsabigexponent/Makefile.in                  |     6 +-
 external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/sign.sh                  |     2 +-
 external/mpl/bind/dist/bin/tests/system/run.sh                                      |    18 +-
 external/mpl/bind/dist/bin/tests/system/serve-stale/tests.sh                        |     8 +-
 external/mpl/bind/dist/bin/tests/system/shutdown/clean.sh                           |    18 +
 external/mpl/bind/dist/bin/tests/system/shutdown/conftest.py                        |    58 +
 external/mpl/bind/dist/bin/tests/system/shutdown/ns1/named.conf.in                  |    29 +
 external/mpl/bind/dist/bin/tests/system/shutdown/ns1/root.db                        |    23 +
 external/mpl/bind/dist/bin/tests/system/shutdown/ns2/named.conf.in                  |    27 +
 external/mpl/bind/dist/bin/tests/system/shutdown/ns2/test.db                        |     7 +
 external/mpl/bind/dist/bin/tests/system/shutdown/prereq.sh                          |    36 +
 external/mpl/bind/dist/bin/tests/system/shutdown/resolver/named.conf.in             |    26 +
 external/mpl/bind/dist/bin/tests/system/shutdown/resolver/root.db                   |    19 +
 external/mpl/bind/dist/bin/tests/system/shutdown/setup.sh                           |    21 +
 external/mpl/bind/dist/bin/tests/system/shutdown/tests-shutdown.py                  |   193 +
 external/mpl/bind/dist/bin/tests/system/statschannel/clean.sh                       |    10 +-
 external/mpl/bind/dist/bin/tests/system/statschannel/conftest.py                    |   107 +
 external/mpl/bind/dist/bin/tests/system/statschannel/generic.py                     |    95 +
 external/mpl/bind/dist/bin/tests/system/statschannel/helper.py                      |   153 +
 external/mpl/bind/dist/bin/tests/system/statschannel/ns1/example.db                 |    47 +
 external/mpl/bind/dist/bin/tests/system/statschannel/ns1/named.conf.in              |    41 +
 external/mpl/bind/dist/bin/tests/system/statschannel/ns2/manykeys.db.in             |    26 +
 external/mpl/bind/dist/bin/tests/system/statschannel/ns2/named.conf.in              |     2 +-
 external/mpl/bind/dist/bin/tests/system/statschannel/ns3/named.conf.in              |    41 +
 external/mpl/bind/dist/bin/tests/system/statschannel/setup.sh                       |     9 +-
 external/mpl/bind/dist/bin/tests/system/statschannel/tests-json.py                  |   100 +
 external/mpl/bind/dist/bin/tests/system/statschannel/tests-xml.py                   |   130 +
 external/mpl/bind/dist/bin/tests/system/statschannel/tests.sh                       |   109 -
 external/mpl/bind/dist/bin/tests/system/tkey/Makefile.in                            |     4 +-
 external/mpl/bind/dist/bin/tests/system/wildcard/ns1/example.db.in                  |    12 +
 external/mpl/bind/dist/bin/tests/system/wildcard/ns1/named.conf.in                  |     4 +
 external/mpl/bind/dist/bin/tests/system/wildcard/ns1/sign.sh                        |     3 +
 external/mpl/bind/dist/bin/tests/system/wildcard/tests.sh                           |    88 +
 external/mpl/bind/dist/bin/tools/Makefile.in                                        |    45 +-
 external/mpl/bind/dist/bin/tools/arpaname.rst                                       |    43 +
 external/mpl/bind/dist/bin/tools/dnstap-read.rst                                    |    62 +
 external/mpl/bind/dist/bin/tools/mdig.rst                                           |   318 +
 external/mpl/bind/dist/bin/tools/named-journalprint.rst                             |    56 +
 external/mpl/bind/dist/bin/tools/named-nzd2nzf.rst                                  |    52 +
 external/mpl/bind/dist/bin/tools/named-rrchecker.rst                                |    57 +
 external/mpl/bind/dist/bin/tools/nsec3hash.rst                                      |    73 +
 external/mpl/bind/dist/configure.ac                                                 |   257 +-
 external/mpl/bind/dist/contrib/dlz/bin/dlzbdb/Makefile.in                           |    14 +-
 external/mpl/bind/dist/dangerfile.py                                                |   199 +
 external/mpl/bind/dist/doc/Makefile.in                                              |     2 +-
 external/mpl/bind/dist/doc/arm/Makefile.in                                          |   110 +-
 external/mpl/bind/dist/doc/arm/advanced.rst                                         |   855 +
 external/mpl/bind/dist/doc/arm/catz.rst                                             |   251 +
 external/mpl/bind/dist/doc/arm/conf.py                                              |    86 +
 external/mpl/bind/dist/doc/arm/configuration.rst                                    |   347 +
 external/mpl/bind/dist/doc/arm/dlz.rst                                              |   140 +
 external/mpl/bind/dist/doc/arm/dnssec.rst                                           |   274 +
 external/mpl/bind/dist/doc/arm/dyndb.rst                                            |    98 +
 external/mpl/bind/dist/doc/arm/general.rst                                          |   620 +
 external/mpl/bind/dist/doc/arm/history.rst                                          |    84 +
 external/mpl/bind/dist/doc/arm/index.rst                                            |    35 +
 external/mpl/bind/dist/doc/arm/introduction.rst                                     |   320 +
 external/mpl/bind/dist/doc/arm/logging-categories.rst                               |   126 +
 external/mpl/bind/dist/doc/arm/managed-keys.rst                                     |   101 +
 external/mpl/bind/dist/doc/arm/manpages.rst                                         |    51 +
 external/mpl/bind/dist/doc/arm/notes.rst                                            |   102 +
 external/mpl/bind/dist/doc/arm/pkcs11.rst                                           |   521 +
 external/mpl/bind/dist/doc/arm/plugins.rst                                          |    91 +
 external/mpl/bind/dist/doc/arm/reference.rst                                        |  6636 ++++++++++
 external/mpl/bind/dist/doc/arm/requirements.rst                                     |    90 +
 external/mpl/bind/dist/doc/arm/security.rst                                         |   237 +
 external/mpl/bind/dist/doc/arm/troubleshooting.rst                                  |   106 +
 external/mpl/bind/dist/doc/doxygen/Doxyfile.in                                      |     4 +-
 external/mpl/bind/dist/doc/man/Makefile.in                                          |   269 +
 external/mpl/bind/dist/doc/man/arpaname.1in                                         |    48 +
 external/mpl/bind/dist/doc/man/arpaname.rst                                         |    13 +
 external/mpl/bind/dist/doc/man/conf.py                                              |    99 +
 external/mpl/bind/dist/doc/man/ddns-confgen.8in                                     |   109 +
 external/mpl/bind/dist/doc/man/ddns-confgen.rst                                     |    13 +
 external/mpl/bind/dist/doc/man/delv.1in                                             |   345 +
 external/mpl/bind/dist/doc/man/delv.rst                                             |    13 +
 external/mpl/bind/dist/doc/man/dig.1in                                              |   649 +
 external/mpl/bind/dist/doc/man/dig.rst                                              |    13 +
 external/mpl/bind/dist/doc/man/dnssec-cds.8in                                       |   225 +
 external/mpl/bind/dist/doc/man/dnssec-cds.rst                                       |    13 +
 external/mpl/bind/dist/doc/man/dnssec-checkds.8in                                   |    96 +
 external/mpl/bind/dist/doc/man/dnssec-checkds.rst                                   |    13 +
 external/mpl/bind/dist/doc/man/dnssec-coverage.8in                                  |   192 +
 external/mpl/bind/dist/doc/man/dnssec-coverage.rst                                  |    13 +
 external/mpl/bind/dist/doc/man/dnssec-dsfromkey.8in                                 |   149 +
 external/mpl/bind/dist/doc/man/dnssec-dsfromkey.rst                                 |    13 +
 external/mpl/bind/dist/doc/man/dnssec-importkey.8in                                 |   126 +
 external/mpl/bind/dist/doc/man/dnssec-importkey.rst                                 |    13 +
 external/mpl/bind/dist/doc/man/dnssec-keyfromlabel.8in                              |   281 +
 external/mpl/bind/dist/doc/man/dnssec-keyfromlabel.rst                              |    13 +
 external/mpl/bind/dist/doc/man/dnssec-keygen.8in                                    |   331 +
 external/mpl/bind/dist/doc/man/dnssec-keygen.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/dnssec-keymgr.8in                                    |   299 +
 external/mpl/bind/dist/doc/man/dnssec-keymgr.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/dnssec-revoke.8in                                    |    86 +
 external/mpl/bind/dist/doc/man/dnssec-revoke.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/dnssec-settime.8in                                   |   238 +
 external/mpl/bind/dist/doc/man/dnssec-settime.rst                                   |    13 +
 external/mpl/bind/dist/doc/man/dnssec-signzone.8in                                  |   412 +
 external/mpl/bind/dist/doc/man/dnssec-signzone.rst                                  |    13 +
 external/mpl/bind/dist/doc/man/dnssec-verify.8in                                    |   113 +
 external/mpl/bind/dist/doc/man/dnssec-verify.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/dnstap-read.1in                                      |    67 +
 external/mpl/bind/dist/doc/man/dnstap-read.rst                                      |    13 +
 external/mpl/bind/dist/doc/man/filter-aaaa.8in                                      |   110 +
 external/mpl/bind/dist/doc/man/filter-aaaa.rst                                      |    13 +
 external/mpl/bind/dist/doc/man/host.1in                                             |   182 +
 external/mpl/bind/dist/doc/man/host.rst                                             |    13 +
 external/mpl/bind/dist/doc/man/index.rst                                            |     9 +
 external/mpl/bind/dist/doc/man/mdig.1in                                             |   321 +
 external/mpl/bind/dist/doc/man/mdig.rst                                             |    13 +
 external/mpl/bind/dist/doc/man/named-checkconf.8in                                  |   108 +
 external/mpl/bind/dist/doc/man/named-checkconf.rst                                  |    13 +
 external/mpl/bind/dist/doc/man/named-checkzone.8in                                  |   217 +
 external/mpl/bind/dist/doc/man/named-checkzone.rst                                  |    13 +
 external/mpl/bind/dist/doc/man/named-journalprint.8in                               |    61 +
 external/mpl/bind/dist/doc/man/named-journalprint.rst                               |    13 +
 external/mpl/bind/dist/doc/man/named-nzd2nzf.8in                                    |    57 +
 external/mpl/bind/dist/doc/man/named-nzd2nzf.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/named-rrchecker.1in                                  |    62 +
 external/mpl/bind/dist/doc/man/named-rrchecker.rst                                  |    13 +
 external/mpl/bind/dist/doc/man/named.8in                                            |   260 +
 external/mpl/bind/dist/doc/man/named.conf.5in                                       |  1105 +
 external/mpl/bind/dist/doc/man/named.conf.rst                                       |    13 +
 external/mpl/bind/dist/doc/man/named.rst                                            |    13 +
 external/mpl/bind/dist/doc/man/nsec3hash.8in                                        |    78 +
 external/mpl/bind/dist/doc/man/nsec3hash.rst                                        |    13 +
 external/mpl/bind/dist/doc/man/nslookup.1in                                         |   237 +
 external/mpl/bind/dist/doc/man/nslookup.rst                                         |    13 +
 external/mpl/bind/dist/doc/man/nsupdate.1in                                         |   378 +
 external/mpl/bind/dist/doc/man/nsupdate.rst                                         |    13 +
 external/mpl/bind/dist/doc/man/pkcs11-destroy.8in                                   |    74 +
 external/mpl/bind/dist/doc/man/pkcs11-destroy.rst                                   |    13 +
 external/mpl/bind/dist/doc/man/pkcs11-keygen.8in                                    |    95 +
 external/mpl/bind/dist/doc/man/pkcs11-keygen.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/pkcs11-list.8in                                      |    73 +
 external/mpl/bind/dist/doc/man/pkcs11-list.rst                                      |    13 +
 external/mpl/bind/dist/doc/man/pkcs11-tokens.8in                                    |    58 +
 external/mpl/bind/dist/doc/man/pkcs11-tokens.rst                                    |    13 +
 external/mpl/bind/dist/doc/man/rndc-confgen.8in                                     |   123 +
 external/mpl/bind/dist/doc/man/rndc-confgen.rst                                     |    13 +
 external/mpl/bind/dist/doc/man/rndc.8in                                             |   588 +
 external/mpl/bind/dist/doc/man/rndc.conf.5in                                        |   196 +
 external/mpl/bind/dist/doc/man/rndc.conf.rst                                        |    13 +
 external/mpl/bind/dist/doc/man/rndc.rst                                             |    13 +
 external/mpl/bind/dist/doc/misc/Makefile.in                                         |    46 +-
 external/mpl/bind/dist/doc/misc/acl.grammar.rst                                     |     3 +
 external/mpl/bind/dist/doc/misc/controls.grammar.rst                                |    13 +
 external/mpl/bind/dist/doc/misc/delegation-only.zoneopt.rst                         |     5 +
 external/mpl/bind/dist/doc/misc/dnssec-policy.grammar.rst                           |    17 +
 external/mpl/bind/dist/doc/misc/forward.zoneopt.rst                                 |     8 +
 external/mpl/bind/dist/doc/misc/hint.zoneopt.rst                                    |     8 +
 external/mpl/bind/dist/doc/misc/in-view.zoneopt.rst                                 |     5 +
 external/mpl/bind/dist/doc/misc/key.grammar.rst                                     |     6 +
 external/mpl/bind/dist/doc/misc/logging.grammar.rst                                 |    17 +
 external/mpl/bind/dist/doc/misc/managed-keys.grammar.rst                            |     6 +
 external/mpl/bind/dist/doc/misc/master.zoneopt.rst                                  |    59 +
 external/mpl/bind/dist/doc/misc/masters.grammar.rst                                 |     6 +
 external/mpl/bind/dist/doc/misc/mirror.zoneopt.rst                                  |    44 +
 external/mpl/bind/dist/doc/misc/named.conf.rst                                      |  1025 +
 external/mpl/bind/dist/doc/misc/options                                             |     6 +-
 external/mpl/bind/dist/doc/misc/options.active                                      |     6 +-
 external/mpl/bind/dist/doc/misc/options.grammar.rst                                 |   296 +
 external/mpl/bind/dist/doc/misc/redirect.zoneopt.rst                                |    15 +
 external/mpl/bind/dist/doc/misc/rst-grammars.pl                                     |    65 +
 external/mpl/bind/dist/doc/misc/rst-options.pl                                      |   119 +
 external/mpl/bind/dist/doc/misc/rst-zoneopt.pl                                      |    43 +
 external/mpl/bind/dist/doc/misc/server.grammar.rst                                  |    34 +
 external/mpl/bind/dist/doc/misc/slave.zoneopt.rst                                   |    62 +
 external/mpl/bind/dist/doc/misc/static-stub.zoneopt.rst                             |    13 +
 external/mpl/bind/dist/doc/misc/statistics-channels.grammar.rst                     |     8 +
 external/mpl/bind/dist/doc/misc/stub.zoneopt.rst                                    |    29 +
 external/mpl/bind/dist/doc/misc/trust-anchors.grammar.rst                           |     6 +
 external/mpl/bind/dist/doc/misc/trusted-keys.grammar.rst                            |     5 +
 external/mpl/bind/dist/doc/notes/notes-9.16.0.rst                                   |   148 +
 external/mpl/bind/dist/doc/notes/notes-9.16.1.rst                                   |    44 +
 external/mpl/bind/dist/doc/notes/notes-9.16.2.rst                                   |    55 +
 external/mpl/bind/dist/doc/notes/notes-9.16.3.rst                                   |    77 +
 external/mpl/bind/dist/doc/notes/notes-9.16.4.rst                                   |   111 +
 external/mpl/bind/dist/doc/notes/notes-9.16.5.rst                                   |    64 +
 external/mpl/bind/dist/fuzz/Makefile.in                                             |     4 +-
 external/mpl/bind/dist/lib/bind9/Makefile.in                                        |     4 +-
 external/mpl/bind/dist/lib/bind9/api                                                |     2 +-
 external/mpl/bind/dist/lib/dns/Makefile.in                                          |     7 +-
 external/mpl/bind/dist/lib/dns/api                                                  |     2 +-
 external/mpl/bind/dist/lib/dns/include/dns/Makefile.in                              |     2 +-
 external/mpl/bind/dist/lib/dns/include/dns/lmdb.h                                   |    31 +
 external/mpl/bind/dist/lib/dns/tests/Makefile.in                                    |     8 +-
 external/mpl/bind/dist/lib/dns/win32/libdns.def.in                                  |     1 +
 external/mpl/bind/dist/lib/irs/Makefile.in                                          |    18 +-
 external/mpl/bind/dist/lib/irs/tests/Makefile.in                                    |     4 +-
 external/mpl/bind/dist/lib/isc/Makefile.in                                          |     6 +-
 external/mpl/bind/dist/lib/isc/api                                                  |     2 +-
 external/mpl/bind/dist/lib/isc/include/isc/Makefile.in                              |     2 +-
 external/mpl/bind/dist/lib/isc/include/isc/utf8.h                                   |    43 +
 external/mpl/bind/dist/lib/isc/netmgr/Makefile.in                                   |     1 +
 external/mpl/bind/dist/lib/isc/tests/Makefile.in                                    |     9 +-
 external/mpl/bind/dist/lib/isc/utf8.c                                               |    88 +
 external/mpl/bind/dist/lib/isc/win32/libisc.def.in                                  |     3 +
 external/mpl/bind/dist/lib/isc/win32/libisc.vcxproj.filters.in                      |     6 +
 external/mpl/bind/dist/lib/isc/win32/libisc.vcxproj.in                              |    56 +-
 external/mpl/bind/dist/lib/isccc/Makefile.in                                        |     2 +-
 external/mpl/bind/dist/lib/isccc/tests/Makefile.in                                  |     2 +-
 external/mpl/bind/dist/lib/isccfg/Makefile.in                                       |     4 +-
 external/mpl/bind/dist/lib/isccfg/api                                               |     2 +-
 external/mpl/bind/dist/lib/isccfg/tests/Makefile.in                                 |     4 +-
 external/mpl/bind/dist/lib/ns/api                                                   |     2 +-
 external/mpl/bind/dist/lib/ns/tests/Makefile.in                                     |     4 +-
 external/mpl/bind/dist/lib/ns/win32/libns.def                                       |     1 +
 external/mpl/bind/dist/lib/samples/Makefile.in                                      |    15 +-
 external/mpl/bind/dist/make/includes.in                                             |     4 +-
 external/mpl/bind/dist/make/rules.in                                                |    45 +-
 external/mpl/bind/dist/srcid                                                        |     2 +-
 external/mpl/bind/dist/unit/unittest.sh.in                                          |   112 +-
 external/mpl/bind/dist/version                                                      |     2 +-
 303 files changed, 35468 insertions(+), 1629 deletions(-)

diffs (truncated from 41727 to 300 lines):

diff -r 0814aef28e08 -r acc3169347d1 external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES    Mon Aug 03 16:45:23 2020 +0000
+++ b/external/mpl/bind/dist/CHANGES    Mon Aug 03 17:07:01 2020 +0000
@@ -1,3 +1,147 @@
+       --- 9.16.5 released ---
+
+5458.  [bug]           Prevent a theoretically possible NULL dereference caused
+                       by a data race between zone_maintenance() and
+                       dns_zone_setview_helper(). [GL #1627]
+
+5455.  [bug]           named could crash when cleaning dead nodes in
+                       lib/dns/rbtdb.c that were being reused. [GL #1968]
+
+5454.  [bug]           Address a startup crash that occurred when the server
+                       was under load and the root zone had not yet been
+                       loaded. [GL #1862]
+
+5453.  [bug]           named crashed on shutdown when a new rndc connection was
+                       received during shutdown. [GL #1747]
+
+5452.  [bug]           The "blackhole" ACL was accidentally disabled for client
+                       queries. [GL #1936]
+
+5451.  [func]          Add 'rndc dnssec -status' command. [GL #1612]
+
+5449.  [bug]           Fix a socket shutdown race in netmgr udp. [GL #1938]
+
+5448.  [bug]           Fix a race condition in isc__nm_tcpdns_send().
+                       [GL #1937]
+
+5447.  [bug]           IPv6 addresses ending in "::" could break YAML
+                       parsing. A "0" is now appended to such addresses
+                       in YAML output from dig, mdig, delv, and dnstap-read.
+                       [GL #1952]
+
+5446.  [bug]           The validator could fail to accept a properly signed
+                       RRset if an unsupported algorithm appeared earlier in
+                       the DNSKEY RRset than a supported algorithm. It could
+                       also stop if it detected a malformed public key.
+                       [GL #1689]
+
+5444.  [bug]           'rndc dnstap -roll <value>' did not limit the number of
+                       saved files to <value>. [GL !3728]
+
+5443.  [bug]           The "primary" and "secondary" keywords, when used
+                       as parameters for "check-names", were not
+                       processed correctly and were being ignored. [GL #1949]
+
+5441.  [bug]           ${LMDB_CFLAGS} was missing from make/includes.in.
+                       [GL #1955]
+
+5440.  [test]          Properly handle missing kyua. [GL #1950]
+
+5439.  [bug]           The DS RRset returned by dns_keynode_dsset() was used in
+                       a non-thread-safe manner. [GL #1926]
+
+       --- 9.16.4 released ---
+
+5438.  [bug]           Fix a race in TCP accepting code. [GL #1930]
+
+5437.  [bug]           Fix a data race in lib/dns/resolver.c:log_formerr().
+                       [GL #1808]
+
+5436.  [security]      It was possible to trigger an INSIST when determining
+                       whether a record would fit into a TCP message buffer.
+                       (CVE-2020-8618) [GL #1850]
+
+5435.  [tests]         Add RFC 4592 responses examples to the wildcard system
+                       test. [GL #1718]
+
+5434.  [security]      It was possible to trigger an INSIST in
+                       lib/dns/rbtdb.c:new_reference() with a particular zone
+                       content and query patterns. (CVE-2020-8619) [GL #1111]
+                       [GL #1718]
+
+5431.  [func]          Reject DS records at the zone apex when loading
+                       master files. Log but otherwise ignore attempts to
+                       add DS records at the zone apex via UPDATE. [GL #1798]
+
+5430.  [doc]           Update docs - with netmgr, a separate listening socket
+                       is created for each IPv6 interface (just as with IPv4).
+                       [GL #1782]
+
+5428.  [bug]           Clean up GSSAPI resources in nsupdate only after taskmgr
+                       has been destroyed. Thanks to Petr Menšík. [GL !3316]
+
+5426.  [bug]           Don't abort() when setting SO_INCOMING_CPU on the socket
+                       fails. [GL #1911]
+
+5425.  [func]          The default value of "max-stale-ttl" has been changed
+                       from 1 week to 12 hours. [GL #1877]
+
+5424.  [bug]           With KASP, when creating a successor key, the "goal"
+                       state of the current active key (predecessor) was not
+                       changed and thus never removed from the zone. [GL #1846]
+
+5423.  [bug]           Fix a bug in keymgr_key_has_successor(): it incorrectly
+                       returned true if any other key in the keyring had a
+                       successor. [GL #1845]
+
+5422.  [bug]           When using dnssec-policy, print correct key timing
+                       metadata. [GL #1843]
+
+5421.  [bug]           Fix a race that could cause named to crash when looking
+                       up the nodename of an RBT node if the tree was modified.
+                       [GL #1857]
+
+5420.  [bug]           Add missing isc_{mutex,conditional}_destroy() calls
+                       that caused a memory leak on FreeBSD. [GL #1893]
+
+5418.  [bug]           delv failed to parse deprecated trusted-keys-style
+                       trust anchors. [GL #1860]
+
+5416.  [bug]           Fix a lock order inversion in lib/isc/unix/socket.c.
+                       [GL #1859]
+
+5415.  [test]          Address race in dnssec system test that led to
+                       test failures. [GL #1852]
+
+5414.  [test]          Adjust time allowed for journal truncation to occur
+                       in nsupdate system test to avoid test failure.
+                       [GL #1855]
+
+5413.  [test]          Address race in autosign system test that led to
+                       test failures. [GL #1852]
+
+5412.  [bug]           'provide-ixfr no;' failed to return up-to-date responses
+                       when the serial was greater than or equal to the
+                       current serial. [GL #1714]
+
+5411.  [cleanup]       TCP accept code has been refactored to use a single
+                       accept() and pass the accepted socket to child threads
+                       for processing. [GL !3320]
+
+5409.  [performance]   When looking up NSEC3 data in a zone database, skip the
+                       check for empty non-terminal nodes; the NSEC3 tree does
+                       not have any. [GL #1834]
+
+5408.  [protocol]      Print Extended DNS Errors if present in OPT record.
+                       [GL #1835]
+
+5407.  [func]          Zone timers are now exported via statistics channel.
+                       Thanks to Paul Frieden, Verizon Media. [GL #1232]
+
+5405.  [bug]           'named-checkconf -p' could include spurious text in
+                       server-addresses statements due to an uninitialized DSCP
+                       value. [GL #1812]
+
        --- 9.16.3 released ---
 
 5404.  [bug]           'named-checkconf -z' could incorrectly indicate
diff -r 0814aef28e08 -r acc3169347d1 external/mpl/bind/dist/CONTRIBUTING.md
--- a/external/mpl/bind/dist/CONTRIBUTING.md    Mon Aug 03 16:45:23 2020 +0000
+++ b/external/mpl/bind/dist/CONTRIBUTING.md    Mon Aug 03 17:07:01 2020 +0000
@@ -8,8 +8,8 @@
  - See the COPYRIGHT file distributed with this work for additional
  - information regarding copyright ownership.
 -->
-## BIND Source Access and Contributor Guidelines
-*Feb 22, 2018*
+## BIND 9 Source Access and Contributor Guidelines
+*May 28, 2020*
 
 ### Contents
 
@@ -19,12 +19,12 @@
 
 ### Introduction
 
-Thank you for using BIND!
+Thank you for using BIND 9!
 
 BIND is open source software that implements the Domain Name System (DNS)
 protocols for the Internet. It is a reference implementation of those
 protocols, but it is also production-grade software, suitable for use in
-high-volume and high-reliability applications.  It is by far the most
+high-volume and high-reliability applications.  It is very
 widely used DNS software, providing a robust and stable platform on top of
 which organizations can build distributed computing systems with the
 knowledge that those systems are fully compliant with published DNS
@@ -33,20 +33,20 @@
 BIND is and will always remain free and openly available.  It can be
 used and modified in any way by anyone.
 
-BIND is maintained by the [Internet Systems Consortium](https://www.isc.org),
+BIND is maintained by [Internet Systems Consortium](https://www.isc.org),
 a public-benefit 501(c)(3) nonprofit, using a "managed open source" approach:
 anyone can see the source, but only ISC employees have commit access.
-Until recently, the source could only be seen once ISC had published
-a release: read access to the source repository was restricted just
-as commit access was.  That's now changing, with the opening of a
+In the past, the source could only be seen once ISC had published
+a release; read access to the source repository was restricted just
+as commit access was.  That has changed, as ISC now provides a
 public git mirror to the BIND source tree (see below).
 
-At [Internet Systems Consortium](https://www.isc.org), we're committed to
-building communities that are welcoming and inclusive; environments where people
+At ISC, we're committed to
+building communities that are welcoming and inclusive: environments where people
 are encouraged to share ideas, treat each other with respect, and collaborate
-towards the best solutions. To reinforce our commitment, the [Internet Systems
-Consortium](https://www.isc.org) has adopted the Contributor Covenant version
-1.4 as our Code of Conduct for BIND 9 project, as well as for the conduct of our
+towards the best solutions. To reinforce our commitment, ISC
+has adopted a slightly modified version of the Django
+[Code of Conduct](https://gitlab.isc.org/isc-projects/bind9/-/blob/master/CODE_OF_CONDUCT.md) for the BIND 9 project, as well as for the conduct of our
 developers throughout the industry.
 
 ### <a name="access"></a>Access to source code
@@ -76,7 +76,7 @@
 
 >       $ git checkout v9_12
 
-Whenever a branch is ready for publication, a tag will be placed of the
+Whenever a branch is ready for publication, a tag is placed of the
 form `v9_X_Y`.  The 9.12.0 release, for instance, is tagged as `v9_12_0`.
 
 The branch in which the next major release is being developed is called
@@ -86,16 +86,16 @@
 
 Reports of flaws in the BIND package, including software bugs, errors
 in the documentation, missing files in the tarball, suggested changes
-or requests for new features, etc, can be filed using
+or requests for new features, etc., can be filed using
 [https://gitlab.isc.org/isc-projects/bind9/issues](https://gitlab.isc.org/isc-projects/bind9/issues).
 
 Due to a large ticket backlog, we are sometimes slow to respond,
 especially if a bug is cosmetic or if a feature request is vague or
-low in priority, but we will try at least to acknowledge legitimate
+low in priority, but we try at least to acknowledge legitimate
 bug reports within a week.
 
-ISC's ticketing system is publicly readable; however, you must have
-an account to file a new issue. You can either register locally or
+ISC's GitLab system is publicly readable; however, you must have
+an account to create a new issue. You can either register locally or
 use credentials from an existing account at GitHub, GitLab, Google,
 Twitter, or Facebook.
 
@@ -105,26 +105,26 @@
 report it immediately by emailing to security-officer%isc.org@localhost. Plain-text
 e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
-using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
+using the [ISC Security Officer public key](https://www.isc.org/pgpkey/).
 
 Do not discuss undisclosed security vulnerabilities on any public mailing list.
 ISC has a long history of handling reported vulnerabilities promptly and
 effectively and we respect and acknowledge responsible reporters.
 
-ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/article/AA-00861/0](https://kb.isc.org/article/AA-00861/0).
+ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
 
 If you have a crash, you may want to consult
-[‘What to do if your BIND or DHCP server has crashed.’](https://kb.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html)
+["What to do if your BIND or DHCP server has crashed."](https://kb.isc.org/docs/aa-00340)
 
 ### <a name="contrib"></a>Contributing code
 
 BIND is licensed under the
-[Mozilla Public License 2.0](http://www.isc.org/downloads/software-support-policy/isc-license/).
-Earier versions (BIND 9.10 and earlier) were licensed under the [ISC License](http://www.isc.org/downloads/software-support-policy/isc-license/)
+[Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/).
+Earlier versions (BIND 9.10 and earlier) were licensed under the [ISC License](https://www.isc.org/licenses/)
 
 ISC does not require an explicit copyright assignment for patch
 contributions.  However, by submitting a patch to ISC, you implicitly
-certify that you are the author of the code, that you intend to reliquish
+certify that you are the author of the code, that you intend to relinquish
 exclusive copyright, and that you grant permission to publish your work
 under the open source license used for the BIND version(s) to which your
 patch will be applied.
@@ -132,7 +132,7 @@
 #### <a name="bind"></a>BIND code
 
 Patches for BIND may be submitted directly via merge requests in
-[ISC's Gitlab](https://gitlab.isc.org/isc-projects/bind9/) source
+[ISC's GitLab](https://gitlab.isc.org/isc-projects/bind9/) source
 repository for BIND.
 
 Patches can also be submitted as diffs against a specific version of
@@ -142,10 +142,9 @@
 Those wanting to write code for BIND may be interested in the
 [developer information](doc/dev/dev.md) page, which includes information
 about BIND design and coding practices, including discussion of internal
-APIs and overall system architecture.  (This is a work in progress, and
-still quite preliminary.)
+APIs and overall system architecture.
 
-Every patch submitted will be reviewed by ISC engineers following our
+Every patch submitted is reviewed by ISC engineers following our
 [code review process](doc/dev/dev.md#reviews) before it is merged.
 
 It may take considerable time to review patch submissions, especially if
@@ -156,7 +155,7 @@
 To ensure your patch is acted on as promptly as possible, please:
 
 * Try to adhere to the [BIND 9 coding style](doc/dev/style.md).
-* Run `make` `check` to ensure your change hasn't caused any


Home | Main Index | Thread Index | Old Index