From owner-svn-src-head@FreeBSD.ORG Tue Dec 23 22:47:56 2008 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 862A91065689; Tue, 23 Dec 2008 22:47:56 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 700E88FC22; Tue, 23 Dec 2008 22:47:56 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBNMluBi015701; Tue, 23 Dec 2008 22:47:56 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBNMluxs015699; Tue, 23 Dec 2008 22:47:56 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <200812232247.mBNMluxs015699@svn.freebsd.org> From: Doug Barton Date: Tue, 23 Dec 2008 22:47:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186462 - in head/contrib/bind9: . bin/check bin/dig bin/dnssec bin/named bin/named/include/named bin/named/unix bin/named/unix/include/named bin/nsupdate bin/rndc doc/arm doc/misc doc/... X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2008 22:47:56 -0000 Author: dougb Date: Tue Dec 23 22:47:56 2008 New Revision: 186462 URL: http://svn.freebsd.org/changeset/base/186462 Log: Merge from vendor/bind9/dist as of the 9.4.3 import Added: head/contrib/bind9/aclocal.m4 - copied unchanged from r186452, vendor/bind9/dist/aclocal.m4 head/contrib/bind9/bin/nsupdate/nsupdate.1 - copied unchanged from r186452, vendor/bind9/dist/bin/nsupdate/nsupdate.1 head/contrib/bind9/config.h.in - copied unchanged from r186452, vendor/bind9/dist/config.h.in head/contrib/bind9/doc/misc/sort-options.pl - copied unchanged from r186452, vendor/bind9/dist/doc/misc/sort-options.pl head/contrib/bind9/doc/rfc/rfc4648.txt - copied unchanged from r186452, vendor/bind9/dist/doc/rfc/rfc4648.txt head/contrib/bind9/doc/rfc/rfc4701.txt - copied unchanged from r186452, vendor/bind9/dist/doc/rfc/rfc4701.txt head/contrib/bind9/doc/rfc/rfc5155.txt - copied unchanged from r186452, vendor/bind9/dist/doc/rfc/rfc5155.txt head/contrib/bind9/lib/bind/aclocal.m4 - copied unchanged from r186452, vendor/bind9/dist/lib/bind/aclocal.m4 head/contrib/bind9/lib/bind/config.h.in - copied unchanged from r186452, vendor/bind9/dist/lib/bind/config.h.in head/contrib/bind9/lib/bind/include/isc/platform.h.in - copied unchanged from r186452, vendor/bind9/dist/lib/bind/include/isc/platform.h.in head/contrib/bind9/lib/isc/include/isc/portset.h - copied unchanged from r186452, vendor/bind9/dist/lib/isc/include/isc/portset.h head/contrib/bind9/lib/isc/portset.c - copied unchanged from r186452, vendor/bind9/dist/lib/isc/portset.c Deleted: head/contrib/bind9/bin/nsupdate/nsupdate.8 Modified: head/contrib/bind9/ (props changed) head/contrib/bind9/CHANGES head/contrib/bind9/COPYRIGHT head/contrib/bind9/FAQ head/contrib/bind9/FAQ.xml head/contrib/bind9/README head/contrib/bind9/bin/check/check-tool.c head/contrib/bind9/bin/check/named-checkconf.c head/contrib/bind9/bin/check/named-checkzone.c head/contrib/bind9/bin/dig/dig.1 head/contrib/bind9/bin/dig/dig.c head/contrib/bind9/bin/dig/dig.docbook head/contrib/bind9/bin/dig/dig.html head/contrib/bind9/bin/dig/dighost.c head/contrib/bind9/bin/dig/host.1 head/contrib/bind9/bin/dig/host.docbook head/contrib/bind9/bin/dig/host.html head/contrib/bind9/bin/dnssec/dnssec-keygen.8 head/contrib/bind9/bin/dnssec/dnssec-keygen.docbook head/contrib/bind9/bin/dnssec/dnssec-keygen.html head/contrib/bind9/bin/dnssec/dnssec-signzone.8 head/contrib/bind9/bin/dnssec/dnssec-signzone.c head/contrib/bind9/bin/dnssec/dnssec-signzone.docbook head/contrib/bind9/bin/dnssec/dnssec-signzone.html head/contrib/bind9/bin/named/client.c head/contrib/bind9/bin/named/config.c head/contrib/bind9/bin/named/controlconf.c head/contrib/bind9/bin/named/include/named/globals.h head/contrib/bind9/bin/named/interfacemgr.c head/contrib/bind9/bin/named/lwaddr.c head/contrib/bind9/bin/named/lwdgnba.c head/contrib/bind9/bin/named/lwdnoop.c head/contrib/bind9/bin/named/lwresd.8 head/contrib/bind9/bin/named/lwresd.c head/contrib/bind9/bin/named/lwresd.docbook head/contrib/bind9/bin/named/lwresd.html head/contrib/bind9/bin/named/main.c head/contrib/bind9/bin/named/named.8 head/contrib/bind9/bin/named/named.conf.5 head/contrib/bind9/bin/named/named.conf.docbook head/contrib/bind9/bin/named/named.conf.html head/contrib/bind9/bin/named/named.docbook head/contrib/bind9/bin/named/named.html head/contrib/bind9/bin/named/query.c head/contrib/bind9/bin/named/server.c head/contrib/bind9/bin/named/unix/include/named/os.h head/contrib/bind9/bin/named/unix/os.c head/contrib/bind9/bin/named/update.c head/contrib/bind9/bin/nsupdate/Makefile.in head/contrib/bind9/bin/nsupdate/nsupdate.c head/contrib/bind9/bin/nsupdate/nsupdate.docbook head/contrib/bind9/bin/nsupdate/nsupdate.html head/contrib/bind9/bin/rndc/rndc-confgen.c head/contrib/bind9/bin/rndc/rndc.8 head/contrib/bind9/bin/rndc/rndc.c head/contrib/bind9/bin/rndc/rndc.docbook head/contrib/bind9/bin/rndc/rndc.html head/contrib/bind9/configure.in head/contrib/bind9/doc/arm/Bv9ARM-book.xml head/contrib/bind9/doc/arm/Bv9ARM.ch01.html head/contrib/bind9/doc/arm/Bv9ARM.ch02.html head/contrib/bind9/doc/arm/Bv9ARM.ch03.html head/contrib/bind9/doc/arm/Bv9ARM.ch04.html head/contrib/bind9/doc/arm/Bv9ARM.ch05.html head/contrib/bind9/doc/arm/Bv9ARM.ch06.html head/contrib/bind9/doc/arm/Bv9ARM.ch07.html head/contrib/bind9/doc/arm/Bv9ARM.ch08.html head/contrib/bind9/doc/arm/Bv9ARM.ch09.html head/contrib/bind9/doc/arm/Bv9ARM.ch10.html head/contrib/bind9/doc/arm/Bv9ARM.html head/contrib/bind9/doc/arm/Bv9ARM.pdf head/contrib/bind9/doc/arm/man.dig.html head/contrib/bind9/doc/arm/man.dnssec-keygen.html head/contrib/bind9/doc/arm/man.dnssec-signzone.html head/contrib/bind9/doc/arm/man.host.html head/contrib/bind9/doc/arm/man.named-checkconf.html head/contrib/bind9/doc/arm/man.named-checkzone.html head/contrib/bind9/doc/arm/man.named.html head/contrib/bind9/doc/arm/man.rndc-confgen.html head/contrib/bind9/doc/arm/man.rndc.conf.html head/contrib/bind9/doc/arm/man.rndc.html head/contrib/bind9/doc/misc/Makefile.in head/contrib/bind9/doc/misc/format-options.pl head/contrib/bind9/doc/misc/migration head/contrib/bind9/doc/misc/options head/contrib/bind9/doc/rfc/index head/contrib/bind9/lib/bind/api head/contrib/bind9/lib/bind/bsd/Makefile.in head/contrib/bind9/lib/bind/bsd/strerror.c head/contrib/bind9/lib/bind/bsd/strtoul.c head/contrib/bind9/lib/bind/configure.in head/contrib/bind9/lib/bind/dst/Makefile.in head/contrib/bind9/lib/bind/dst/dst_api.c head/contrib/bind9/lib/bind/dst/hmac_link.c head/contrib/bind9/lib/bind/dst/support.c head/contrib/bind9/lib/bind/include/Makefile.in head/contrib/bind9/lib/bind/include/arpa/nameser.h head/contrib/bind9/lib/bind/include/isc/assertions.h head/contrib/bind9/lib/bind/include/isc/eventlib.h head/contrib/bind9/lib/bind/include/isc/misc.h head/contrib/bind9/lib/bind/include/netdb.h head/contrib/bind9/lib/bind/include/resolv.h head/contrib/bind9/lib/bind/inet/Makefile.in head/contrib/bind9/lib/bind/inet/inet_net_pton.c head/contrib/bind9/lib/bind/inet/inet_network.c head/contrib/bind9/lib/bind/irs/Makefile.in head/contrib/bind9/lib/bind/irs/dns_ho.c head/contrib/bind9/lib/bind/irs/getnetgrent.c head/contrib/bind9/lib/bind/irs/getnetgrent_r.c head/contrib/bind9/lib/bind/irs/irp.c head/contrib/bind9/lib/bind/isc/Makefile.in head/contrib/bind9/lib/bind/isc/assertions.c head/contrib/bind9/lib/bind/isc/bitncmp.c head/contrib/bind9/lib/bind/isc/ctl_clnt.c head/contrib/bind9/lib/bind/isc/ctl_srvr.c head/contrib/bind9/lib/bind/isc/logging.c head/contrib/bind9/lib/bind/nameser/Makefile.in head/contrib/bind9/lib/bind/port_after.h.in head/contrib/bind9/lib/bind/port_before.h.in head/contrib/bind9/lib/bind/resolv/Makefile.in head/contrib/bind9/lib/bind/resolv/res_debug.c head/contrib/bind9/lib/bind/resolv/res_mkquery.c head/contrib/bind9/lib/bind/resolv/res_query.c head/contrib/bind9/lib/bind/resolv/res_send.c head/contrib/bind9/lib/bind9/api head/contrib/bind9/lib/bind9/check.c head/contrib/bind9/lib/dns/acache.c head/contrib/bind9/lib/dns/adb.c head/contrib/bind9/lib/dns/api head/contrib/bind9/lib/dns/cache.c head/contrib/bind9/lib/dns/dispatch.c head/contrib/bind9/lib/dns/dst_parse.c head/contrib/bind9/lib/dns/dst_parse.h head/contrib/bind9/lib/dns/include/dns/dispatch.h head/contrib/bind9/lib/dns/journal.c head/contrib/bind9/lib/dns/master.c head/contrib/bind9/lib/dns/masterdump.c head/contrib/bind9/lib/dns/message.c head/contrib/bind9/lib/dns/rbt.c head/contrib/bind9/lib/dns/rbtdb.c head/contrib/bind9/lib/dns/rdata/generic/nsec_47.c head/contrib/bind9/lib/dns/rdata/generic/nsec_47.h head/contrib/bind9/lib/dns/rdata/generic/txt_16.c head/contrib/bind9/lib/dns/rdata/in_1/apl_42.c head/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c head/contrib/bind9/lib/dns/request.c head/contrib/bind9/lib/dns/resolver.c head/contrib/bind9/lib/dns/rootns.c head/contrib/bind9/lib/dns/sdb.c head/contrib/bind9/lib/dns/tkey.c head/contrib/bind9/lib/dns/tsig.c head/contrib/bind9/lib/dns/validator.c head/contrib/bind9/lib/dns/view.c head/contrib/bind9/lib/dns/xfrin.c head/contrib/bind9/lib/dns/zone.c head/contrib/bind9/lib/isc/Makefile.in head/contrib/bind9/lib/isc/api head/contrib/bind9/lib/isc/assertions.c head/contrib/bind9/lib/isc/include/isc/assertions.h head/contrib/bind9/lib/isc/include/isc/lex.h head/contrib/bind9/lib/isc/include/isc/mem.h head/contrib/bind9/lib/isc/include/isc/msgs.h head/contrib/bind9/lib/isc/include/isc/platform.h.in head/contrib/bind9/lib/isc/include/isc/resource.h head/contrib/bind9/lib/isc/include/isc/socket.h head/contrib/bind9/lib/isc/include/isc/timer.h head/contrib/bind9/lib/isc/include/isc/types.h head/contrib/bind9/lib/isc/mem.c head/contrib/bind9/lib/isc/print.c head/contrib/bind9/lib/isc/pthreads/mutex.c head/contrib/bind9/lib/isc/timer.c head/contrib/bind9/lib/isc/unix/app.c head/contrib/bind9/lib/isc/unix/include/isc/net.h head/contrib/bind9/lib/isc/unix/net.c head/contrib/bind9/lib/isc/unix/resource.c head/contrib/bind9/lib/isc/unix/socket.c head/contrib/bind9/lib/isc/unix/socket_p.h head/contrib/bind9/lib/isc/unix/time.c head/contrib/bind9/lib/isccfg/api head/contrib/bind9/lib/isccfg/namedconf.c head/contrib/bind9/lib/lwres/api head/contrib/bind9/make/rules.in head/contrib/bind9/version Modified: head/contrib/bind9/CHANGES ============================================================================== --- head/contrib/bind9/CHANGES Tue Dec 23 22:20:59 2008 (r186461) +++ head/contrib/bind9/CHANGES Tue Dec 23 22:47:56 2008 (r186462) @@ -1,14 +1,158 @@ - --- 9.4.2-P2 released --- -2406. [bug] Some operating systems have FD_SETSIZE set to a - low value by default, which can cause resource - exhaustion when many simultaneous connections are - open. Linux in particular makes it difficult to - increase this value. To use more sockets with - select(), set ISC_SOCKET_FDSETSIZE. Example: - STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure - (This should not be necessary in most cases, and - never for an authoritative-only server.) [RT #18328] + --- 9.4.3 released --- + +2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO + is cleared when IPV6_V6ONLY is set. [RT #18785] + +2489. [port] solaris: Workaround Solaris's kernel bug about + /dev/poll: + http://bugs.opensolaris.org/view_bug.do?bug_id=6724237 + Define ISC_SOCKET_USE_POLLWATCH at build time to enable + this workaround. [RT #18870] + + --- 9.4.3rc1 released --- + +2473. [port] linux: raise the limit on open files to the possible + maximum value before spawning threads; 'files' + specified in named.conf doesn't seem to work with + threads as expected. [RT #18784] + +2472. [port] linux: check the number of available cpu's before + calling chroot as it depends on "/proc". [RT #16923] + +2471. [bug] named-checkzone was not reporting missing manditory + glue when sibling checks were disabled. [RT #18768] + +2469. [port] solaris: Work around Solaris's select() limitations. + [RT #18769] + +2468. [bug] Resolver could try unreachable servers multiple times. + [RT #18739] + +2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740] + +2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue. + [RT #18302] + +2465. [bug] Adb's handling of lame addresses was different + for IPv4 and IPv6. [RT #18738] + +2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket + API and glibc hides parts of the IPv6 Advanced Socket + API as a result. This is stupid as it breaks how the + two halves (Basic and Advanced) of the IPv6 Socket API were designed to be used but we have to live with it. + Define _GNU_SOURCE to pull in the IPv6 Advanced Socket + API. [RT #18388] + +2462. [doc] Document -m (enable memory usage debugging) + option for dig. [RT #18757] + +2461. [port] sunos: Change #2363 was not complete. [RT #17513] + +2458. [doc] ARM: update and correction for max-cache-size. + [RT #18294] + +2455. [bug] Stop metadata being transfered via axfr/ixfr. + [RT #18639] + +2453. [bug] Remove NULL pointer dereference in dns_journal_print(). + [RT #18316] + +2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort. + [RT #18044] + +2445. [doc] ARM out-of-date on empty reverse zones (list includes + RFC1918 address, but these are not yet compiled in). + [RT #18578] + +2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery + (clear DF) for UDP responses and requests. + + --- 9.4.3b3 released --- + +2443. [bug] win32: UDP connect() would not generate an event, + and so connected UDP sockets would never clean up. + Fix this by doing an immediate WSAConnect() rather + than an io completion port type for UDP. + +2438. [bug] Timeouts could be logged incorrectly under win32. + [RT #18617] + +2437. [bug] Sockets could be closed too early, leading to + inconsistent states in the socket module. [RT #18298] + +2436. [security] win32: UDP client handler can be shutdown. [RT #18576] + +2433. [tuning] Set initial timeout to 800ms. + +2432. [bug] More Windows socket handling improvements. Stop + using I/O events and use IO Completion Ports + throughout. Rewrite the receive path logic to make + it easier to support multiple simultaneous + requestrs in the future. Add stricter consistency + checking as a compile-time option (define + ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off). + +2430. [bug] win32: isc_interval_set() could round down to + zero if the input was less than NS_INTERVAL + nanoseconds. Round up instead. [RT #18549] + +2429. [doc] nsupdate should be in section 1 of the man pages. + [RT #18283] + +2426. [bug] libbind: inet_net_pton() can sometimes return the + wrong value if excessively large netmasks are + supplied. [RT #18512] + +2425. [bug] named didn't detect unavailable query source addresses + at load time. [RT #18536] + +2424. [port] configure now probes for a working epoll + implementation. Allow the use of kqueue, + epoll and /dev/poll to be selected at compile + time. [RT #18277] + +2422. [bug] Handle the special return value of a empty node as + if it was a NXRRSET in the validator. [RT #18447] + +2421. [func] Add new command line option '-S' for named to specify + the max number of sockets. [RT #18493] + Use caution: this option may not work for some + operating systems without rebuilding named. + +2420. [bug] Windows socket handling cleanup. Let the io + completion event send out cancelled read/write + done events, which keeps us from writing to memeory + we no longer have ownership of. Add debugging + socket_log() function. Rework TCP socket handling + to not leak sockets. + +2417. [bug] Connecting UDP sockets for outgoing queries could + unexpectedly fail with an 'address already in use' + error. [RT #18411] + +2416. [func] Log file descriptors that cause exceeding the + internal maximum. [RT #18460] + +2414. [bug] A masterdump context held the database lock too long, + causing various troubles such as dead lock and + recursive lock acquisition. [RT #18311, #18456] + +2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442] + +2412. [bug] win32: address a resourse leak. [RT #18374] + +2411. [bug] Allow using a larger number of sockets than FD_SETSIZE + for select(). To enable this, set ISC_SOCKET_MAXSOCKETS + at compilation time. [RT #18433] + +2410. [bug] Correctly delete m_versionInfo. [RT #18432] + +2408. [bug] A duplicate TCP dispatch event could be sent, which + could then trigger an assertion failure in + resquery_response(). [RT #18275] + +2407. [port] hpux: test for sys/dyntune.h. [RT #18421] 2404. [port] hpux: files unlimited support. @@ -39,15 +183,271 @@ 2392. [bug] remove 'grep -q' from acl test script, some platforms don't support it. [RT #18253] +2391 [port] hpux: cover additional recvmsg() error codes. + [RT #18301] + +2390 [bug] dispatch.c could make a false warning on 'odd socket'. + [RT #18301]. + +2389 [bug] Move the "working directory writable" check to after + the ns_os_changeuser() call. [RT #18326] + +2386. [func] Add warning about too small 'open files' limit. + [RT #18269] + + --- 9.4.3b2 released --- + +2385. [bug] A condition variable in socket.c could leak in + rare error handling [RT #17968]. + +2384. [security] Additional support for query port randomization (change + #2375) including performance improvement and port range + specification. [RT #17949, #18098] + +2383. [bug] named could double queries when they resulted in + SERVFAIL due to overkilling EDNS0 failure detection. + [RT #18182] + +2382. [doc] Add descriptions of IPSECKEY, SPF and SSHFP to ARM. + +2381. [port] dlz/mysql: support multiple install layouts for + mysql. /include/{,mysql/}mysql.h and + /lib/{,mysql/}. [RT #18152] + +2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET + proofs which, in turn, caused validation failures + for insecure zones immediately below a secure zone + the server was authoritative for. [RT #18112] + +2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant + TLDs and supported RRs with TTLs [RT #17972] + +2377. [bug] Address race condition in dnssec-signzone. [RT #18142] + +2376. [bug] Change #2144 was not complete. + +2375. [security] Fully randomize UDP query ports to improve + forgery resilience. [RT #17949] + +2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047] + +2369. [bug] libbind: Array bounds overrun on read in bitncmp(). + [RT #18054] + +2364. [bug] named could trigger a assertion when serving a + malformed signed zone. [RT #17828] + +2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;". + [RT #17513] + +2361. [bug] "recursion" statistics counter could be counted + multiple times for a single query. [RT #17990] + + --- 9.4.3b1 released --- + +2358. [doc] Update host's default query description. [RT #17934] + +2356. [bug] Built in mutex profiler was not scalable enough. + [RT #17436] + +2353. [func] libbind: nsid support. [RT #17091] + +2350. [port] win32: IPv6 support. [RT #17797] + +2347. [bug] Delete now traverses the RB tree in the canonical + order. [RT #17451] + +2345. [bug] named-checkconf failed to detect when forwarders + were set at both the options/view level and in + a root zone. [RT #17671] + +2344. [bug] Improve "logging{ file ...; };" documentation. + [RT #17888] + +2343. [bug] (Seemingly) duplicate IPv6 entries could be + created in ADB. [RT #17837] + +2341. [bug] libbind: add missing -I../include for off source + tree builds. [RT #17606] + +2340. [port] openbsd: interface configuration. [RT #17700] + +2339. [port] tru64: support for libbind. [RT #17589] + +2338. [bug] check_ds() could be called with a non DS rdataset. + [RT #17598] + +2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614] + +2335. [port] sunos: libbind and *printf() support for long long. + [RT #17513] + +2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one + bug in fromstruct_txt(). [RT #17609] + +2333. [bug] Fix off by one error in isc_time_nowplusinterval(). + [RT #17608] + +2332. [contrib] query-loc-0.4.0. [RT #17602] + +2331. [bug] Failure to regenerate any signatures was not being + reported nor being past back to the UPDATE client. + [RT #17570] + +2330. [bug] Remove potential race condition when handling + over memory events. [RT #17572] + + WARNING: API CHANGE: over memory callback + function now needs to call isc_mem_waterack(). + See for details. + +2329. [bug] Clearer help text for dig's '-x' and '-i' options. + +2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET, + F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET, + J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and + M.ROOT-SERVERS.NET. + +2326. [bug] It was possible to trigger a INSIST in the acache + processing. + +2325. [port] Linux: use capset() function if available. [RT #17557] + +2323. [port] tru64: namespace clash. [RT #17547] + 2322. [port] MacOS: work around the limitation of setrlimit() for RLIMIT_NOFILE. [RT #17526] - --- 9.4.2-P1 released --- +2319. [bug] Silence Coverity warnings in + lib/dns/rdata/in_1/apl_42.c. [RT #17469] -2375. [security] Fully randomize UDP query ports to improve - forgery resilience. [RT #17949] +2318. [port] sunos fixes for libbind. [RT #17514] + +2314. [bug] Uninitialized memory use on error path in + bin/named/lwdnoop.c. [RT #17476] + +2313. [cleanup] Silence Coverity warnings. Handle private stacks. + [RT #17447] [RT #17478] + +2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c. + [RT #17458] + +2311. [func] Update ACL regression test. [RT #17462] + +2310. [bug] dig, host, nslookup: flush stdout before emitting + debug/fatal messages. [RT #17501] + +2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c. + [RT #17495] + +2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496] + +2306. [bug] Remove potential race from lib/dns/resolver.c. + [RT #17470] + +2305. [security] inet_network() buffer overflow. CVE-2008-0122. + +2304. [bug] Check returns from all dns_rdata_tostruct() calls. + [RT #17460] + +2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c. + [RT #17471] + +2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472] + +2301. [bug] Remove resource leak and fix error messages in + bin/tests/system/lwresd/lwtest.c. [RT #17474] + +2300. [bug] Fixed failure to close open file in + bin/tests/names/t_names.c. [RT #17473] + +2299. [bug] Remove unnecessary NULL check in + bin/nsupdate/nsupdate.c. [RT #17475] + +2298. [bug] isc_mutex_lock() failure not caught in + bin/tests/timers/t_timers.c. [RT #17468] + +2297. [bug] isc_entropy_createfilesource() failure not caught in + bin/tests/dst/t_dst.c. [RT #17467] + +2296. [port] Allow docbook stylesheet location to be specified to + configure. [RT #17457] + +2295. [bug] Silence static overrun error in bin/named/lwaddr.c. + [RT #17459] + +2293. [func] Add ACL regression test. [RT #17375] + +2292. [bug] Log if the working directory is not writable. + [RT #17312] + +2291. [bug] PR_SET_DUMPABLE may be set too late. Also report + failure to set PR_SET_DUMPABLE. [RT #17312] + +2290. [bug] Let AD in the query signal that the client wants AD + set in the response. [RT #17301] + +2288. [port] win32: mark service as running when we have finished + loading. [RT #17441] + +2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413] + +2284. [bug] Memory leak in UPDATE prerequisite processing. + [RT #17377] + +2283. [bug] TSIG keys were not attaching to the memory + context. TSIG keys should use the rings + memory context rather than the clients memory + context. [RT #17377] + +2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available, + to protect applications from receiving spurious + SIGPIPE signals when using the resolver. + +2278. [bug] win32: handle the case where Windows returns no + search list or DNS suffix. [RT #17354] + +2277. [bug] Empty zone names were not correctly being caught at + in the post parse checks. [RT #17357] + +2273. [bug] Adjust log level to WARNING when saving inconsistent + stub/slave master and journal files. [RT# 17279] + +2272. [bug] Handle illegal dnssec-lookaside trust-anchor names. + [RT #17262] + +2270. [bug] dns_db_closeversion() version->writer could be reset + before it is tested. [RT #17290] + +2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232] + +2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones + list. + +2266. [bug] client.c:get_clientmctx() returned the same mctx + once the pool of mctx's was filled. [RT #17218] + +2265. [bug] Test that the memory context's basic_table is non NULL + before freeing. [RT #17265] + +2264. [bug] Server prefix length was being ignored. [RT #17308] + +2263. [bug] "named-checkconf -z" failed to set default value + for "check-integrity". [RT #17306] + +2262. [bug] Error status from all but the last view could be + lost. [RT #17292] + +2260. [bug] Reported wrong clients-per-query when increasing the + value. [RT #17236] + +2247. [doc] Sort doc/misc/options. [RT #17067] + +2246. [bug] Make the startup of test servers (ans.pl) more + robust. [RT #17147] --- 9.4.2 released --- + --- 9.4.2rc2 released --- 2259. [bug] Reverse incorrect LIBINTERFACE bump of libisc @@ -63,7 +463,7 @@ 2256. [bug] win32: Correctly register the installation location of bindevt.dll. [RT #17159] -2255. [bug] L.ROOT-SERVERS.NET is now 199.7.83.42. +2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42. 2254. [bug] timer.c:dispatch() failed to lock timer->lock when reading timer->idle allowing it to see @@ -76,16 +476,16 @@ reality. Note there is behaviour change for BIND 9.5. [RT #17113] -2249. [bug] Only set Authentic Data bit if client requested +2249. [bug] Only set Authentic Data bit if client requested DNSSEC, per RFC 3655 [RT #17175] -2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] +2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] 2245. [bug] Validating lack of DS records at trust anchors wasn't working. [RT #17151] 2238. [bug] It was possible to trigger a REQUIRE when a - validation was cancelled. [RT #17106] + validation was canceled. [RT #17106] 2237. [bug] libbind: res_init() was not thread aware. [RT #17123] @@ -94,8 +494,8 @@ 2235. [bug] was not being installed. [RT #17135] -2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134] - +2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134] + 2232. [bug] dns_adb_findaddrinfo() could fail and return ISC_R_SUCCESS. [RT #17137] @@ -110,7 +510,7 @@ 2227. [cleanup] Tidied up the FAQ. [RT #17121] 2225. [bug] More support for systems with no IPv4 addresses. - [RT #17111] + [RT #17111] 2224. [bug] Defer journal compaction if a xfrin is in progress. [RT #17119] @@ -124,15 +524,15 @@ 2220. [bug] win32: Address a race condition in final shutdown of the Windows socket code. [RT #17028] - -2219. [bug] Apply zone consistancy checks to additions, not + +2219. [bug] Apply zone consistency checks to additions, not removals, when updating. [RT #17049] 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create(). [RT #16976] 2216. [cleanup] Fix a number of errors reported by Coverity. - [RT #17094] + [RT #17094] 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094] @@ -175,13 +575,13 @@ localhost;) is used. [RT #16987] - + 2205. [bug] libbind: change #2119 broke thread support. [RT #16982] 2203. [security] Query id generation was cryptographically weak. [RT # 16915] -2202. [security] The default acls for allow-query-cache and +2202. [security] The default acls for allow-query-cache and allow-recursion were not being applied. [RT #16960] 2200. [bug] The search for cached NSEC records was stopping to @@ -216,7 +616,7 @@ 2187. [bug] query_addds(), query_addwildcardproof() and query_addnxrrsetnsec() should take a version - arguement. [RT #16368] + argument. [RT #16368] 2186. [port] cygwin: libbind: check for struct sockaddr_storage independently of IPv6. [RT #16482] @@ -243,7 +643,7 @@ debug level 10+. [RT #16798] 2176. [contrib] dbus update to handle race condition during - initialisation (Bugzilla 235809). [RT #16842] + initialization (Bugzilla 235809). [RT #16842] 2175. [bug] win32: windows broadcast condition variable support was broken. [RT #16592] @@ -274,7 +674,7 @@ a server address as a name to be looked up, causing unexpected output. [RT #16743] -2164. [bug] The code to determine how named-checkzone / +2164. [bug] The code to determine how named-checkzone / named-compilezone was called failed under windows. [RT #16764] @@ -288,7 +688,7 @@ 2159. [bug] Array bounds overrun in acache processing. [RT #16710] -2158. [bug] ns_client_isself() failed to initialise key +2158. [bug] ns_client_isself() failed to initialize key leading to a REQUIRE failure. [RT #16688] 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(), @@ -363,7 +763,7 @@ 2136. [bug] nslookup/host looped if there was no search list and the host didn't exist. [RT #16657] -2135. [bug] Uninitialised rdataset in sdlz.c. [RT# 16656] +2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656] 2133. [port] powerpc: Support both IBM and MacOS Power PC assembler syntaxes. [RT #16647] @@ -379,7 +779,7 @@ 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563] -2126. [security] Serialise validation of type ANY responses. [RT #16555] +2126. [security] Serialize validation of type ANY responses. [RT #16555] 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ was defined. [RT #16574] @@ -419,7 +819,7 @@ 2111. [bug] Fix a number of errors reported by Coverity. [RT #16507] -2110. [bug] "minimal-response yes;" interacted badly with BIND 8 +2110. [bug] "minimal-responses yes;" interacted badly with BIND 8 priming queries. [RT #16491] 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502] @@ -431,7 +831,7 @@ 2103. [port] Add /usr/sfw to list of locations for OpenSSL under Solaris. -2102. [port] Silence solaris 10 warnings. +2102. [port] Silence Solaris 10 warnings. --- 9.4.0b4 released --- @@ -441,7 +841,7 @@ 2100. [port] win32: copy libeay32.dll to Build\Debug. Copy Debug\named-checkzone to Debug\named-compilezone. -2099. [port] win32: more manifiest issues. +2099. [port] win32: more manifest issues. 2098. [bug] Race in rbtdb.c:no_references(), which occasionally triggered an INSIST failure about the node lock @@ -457,14 +857,14 @@ 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and net_cidr_ntop_ipv6(). [RT #16388] - + 2094. [contrib] Update named-bootconf. [RT# 16404] 2093. [bug] named-checkzone -s was broken. 2092. [bug] win32: dig, host, nslookup. Use registry config if resolv.conf does not exist or no nameservers - listed. [RT #15877] + listed. [RT #15877] 2091. [port] dighost.c: race condition on cleanup. [RT #16417] @@ -507,7 +907,7 @@ 2078. [bug] dnssec-checkzone output style "default" was badly named. It is now called "relative". [RT #16326] -2077. [bug] 'dnssec-signzone -O raw' wasn't outputing the +2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the complete signed zone. [RT #16326] 2076. [bug] Several files were missing #include @@ -592,7 +992,7 @@ [RT #16287] 2049. [bug] Restore SOA before AXFR when falling back from - a attempted IXFR when transfering in a zone. + a attempted IXFR when transferring in a zone. Allow a initial SOA query before attempting a AXFR to be requested. [RT #16156] @@ -601,7 +1001,7 @@ the OS always returned the same local port. [RT #16182] -2047. [bug] Failed to initialise the interface flags to zero. +2047. [bug] Failed to initialize the interface flags to zero. [RT #16245] 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate @@ -641,7 +1041,7 @@ 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] -2033. [bug] We wern't creating multiple client memory contexts +2033. [bug] We weren't creating multiple client memory contexts on demand as expected. [RT #16095] --- 9.4.0a6 released --- @@ -657,7 +1057,7 @@ 2029. [bug] host printed out the server multiple times when specified on the command line. [RT #15992] -2028. [port] linux: socket.c compatability for old systems. +2028. [port] linux: socket.c compatibility for old systems. [RT #16015] 2027. [port] libbind: Solaris x86 support. [RT #16020] @@ -667,7 +1067,7 @@ 2025. [func] Update "zone serial unchanged" message. [RT #16026] -2024. [bug] named emited spurious "zone serial unchanged" +2024. [bug] named emitted spurious "zone serial unchanged" messages on reload. [RT #16027] 2023. [bug] "make install" should create ${localstatedir}/run and @@ -695,7 +1095,7 @@ --- 9.4.0a5 released --- 2015. [cleanup] use-additional-cache is now acache-enable for - consistancy. Default acache-enable off in BIND 9.4 + consistency. Default acache-enable off in BIND 9.4 as it requires memory usage to be configured. It may be enabled by default in BIND 9.5 once we have more experience with it. @@ -715,9 +1115,9 @@ --- 9.4.0a4 released --- -2009. [bug] libbind: coverity fixes. [RT #15808] +2009. [bug] libbind: Coverity fixes. [RT #15808] -2008. [func] It is now posssible to enable/disable DNSSEC +2008. [func] It is now possible to enable/disable DNSSEC validation from rndc. This is useful for the mobile hosts where the current connection point breaks DNSSEC (firewall/proxy). [RT #15592] @@ -729,7 +1129,7 @@ be changed to yes in 9.5.0. [RT #15674] 2006. [security] Allow-query-cache and allow-recursion now default - to the builtin acls "localnets" and "localhost". + to the built in acls "localnets" and "localhost". This is being done to make caching servers less attractive as reflective amplifying targets for @@ -777,7 +1177,7 @@ 1994. [port] OpenSSL 0.9.8 support. [RT #15694] -1993. [bug] Log messsage, via syslog, were missing the space +1993. [bug] Log messages, via syslog, were missing the space after the timestamp if "print-time yes" was specified. [RT #15844] @@ -785,11 +1185,11 @@ view. [RT #15825] 1991. [cleanup] The configuration data, once read, should be treated - as readonly. Expand the use of const to enforce this + as read only. Expand the use of const to enforce this at compile time. [RT #15813] 1990. [bug] libbind: isc's override of broken gettimeofday() - implementions was not always effective. + implementations was not always effective. [RT #15709] 1989. [bug] win32: don't check the service password when @@ -811,7 +1211,7 @@ server for the zone. Also any zones that contain DLV records should be removed when upgrading a slave zone. You do not however have to upgrade all - servers for a zone with DLV records simultaniously. + servers for a zone with DLV records simultaneously. 1984. [func] dig, nslookup and host now advertise a 4096 byte EDNS UDP buffer size by default. [RT #15855] @@ -848,7 +1248,7 @@ 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and HMACSHA512 support. [RT #13606] -1972. [contrib] DBUS dynamic forwarders integation from +1972. [contrib] DBUS dynamic forwarders integration from Jason Vas Dias . 1971. [port] linux: make detection of missing IF_NAMESIZE more @@ -872,7 +1272,7 @@ 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723] -1963. [port] Tru64 4.0E doesn't support send() and recv(). +1963. [port] Tru64 4.0E doesn't support send() and recv(). [RT #15586] 1962. [bug] Named failed to clear old update-policy when it @@ -898,7 +1298,7 @@ by native compiler. See README for additional cross compile support information. [RT #15148] -1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] +1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998] 1954. [func] Named now falls back to advertising EDNS with a 512 byte receive buffer if the initial EDNS queries @@ -915,7 +1315,7 @@ 1951. [security] Drop queries from particular well known ports. Don't return FORMERR to queries from particular well known ports. [RT #15636] - + 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. This prevents the source address being set for TCP connections. [RT #15628] @@ -934,10 +1334,10 @@ 1946. [bug] resume_dslookup() could trigger a REQUIRE failure when using forwarders. [RT #15549] -1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended. +1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended. To generate a RSAMD5 key you must explicitly request RSAMD5. [RT #13780] - + 1944. [cleanup] isc_hash_create() does not need a read/write lock. [RT #15522] @@ -1028,15 +1428,15 @@ 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim when generating man pages. [RT #15385] -1916. [func] Integrate contibuted IDN code from JPNIC. [RT #15383] +1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383] 1915. [bug] dig +ndots was broken. [RT #15215] 1914. [protocol] DS is required to accept mnemonic algorithms (RFC 4034). Still emit numeric algorithms for - compatability with RFC 3658. [RT #15354] + compatibility with RFC 3658. [RT #15354] -1913. [func] Integrate contibuted DLZ code into named. [RT #11382] +1913. [func] Integrate contributed DLZ code into named. [RT #11382] 1912. [port] aix: atomic locking for powerpc. [RT #15020] @@ -1059,7 +1459,7 @@ [RT #15034] 1905. [bug] Strings returned from cfg_obj_asstring() should be - treated as read-only. The prototype for + treated as read-only. The prototype for cfg_obj_asstring() has been updated to reflect this. [RT #15256] @@ -1108,7 +1508,7 @@ 1891. [port] freebsd: pthread_mutex_init can fail if it runs out of memory. [RT #14995] -1890. [func] Raise the UDP recieve buffer size to 32k if it is +1890. [func] Raise the UDP receive buffer size to 32k if it is less than 32k. [RT #14953] 1889. [port] sunos: non blocking i/o support. [RT #14951] @@ -1148,7 +1548,7 @@ [RT #2471] 1877. [bug] Fix unreasonably low quantum on call to - dns_rbt_destroy2(). Remove unnecessay unhash_node() + dns_rbt_destroy2(). Remove unnecessary unhash_node() call. [RT #14919] 1876. [func] Additional memory debugging support to track size @@ -1189,10 +1589,10 @@ 1863. [bug] rrset-order "fixed" error messages not complete. 1862. [func] Add additional zone data constancy checks. - named-checkzone has extended checking of NS, MX and + named-checkzone has extended checking of NS, MX and SRV record and the hosts they reference. named has extended post zone load checks. - New zone options: check-mx and integrity-check. + New zone options: check-mx and integrity-check. [RT #4940] 1861. [bug] dig could trigger a INSIST on certain malformed @@ -1230,24 +1630,24 @@ 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] 1849. [doc] All forms of the man pages (docbook, man, html) should - have consistant copyright dates. + have consistent copyright dates. 1848. [bug] Improve SMF integration. [RT #13238] 1847. [bug] isc_ondestroy_init() is called too late in - dns_rbtdb_create()/dns_rbtdb64_create(). + dns_rbtdb_create()/dns_rbtdb64_create(). [RT #13661] - + 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer . -1845. [bug] Improve error reporting to distingish between +1845. [bug] Improve error reporting to distinguish between accept()/fcntl() and socket()/fcntl() errors. [RT #13745] 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits for each 16 bit piece of the IPv6 address. The text - representation of a IPv6 address has been tighted + representation of a IPv6 address has been tightened to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). [RT #5662] @@ -1475,7 +1875,7 @@ 1765. [bug] configure --with-openssl=auto failed. [RT #12937] 1764. [bug] dns_zone_replacedb failed to emit a error message - if there was no SOA record in the replacment db. + if there was no SOA record in the replacement db. [RT #13016] 1763. [func] Perform sanity checks on NS records which refer to @@ -1503,7 +1903,7 @@ 1755. [func] allow-update is now settable at the options / view level. [RT #6636] -1754. [bug] We wern't always attempting to query the parent +1754. [bug] We weren't always attempting to query the parent server for the DS records at the zone cut. [RT #12774] @@ -1523,8 +1923,8 @@ [RT #12866] 1748. [func] dig now returns the byte count for axfr/ixfr. - -1747. [bug] BIND 8 compatability: named/named-checkconf failed + +1747. [bug] BIND 8 compatibility: named/named-checkconf failed to parse "host-statistics-max" in named.conf. 1746. [func] Make public the function to read a key file, @@ -1541,7 +1941,7 @@ requested number of worker threads then destruction of the manager would trigger an INSIST() failure. [RT #12790] - + 1742. [bug] Deleting all records at a node then adding a previously existing record, in a single UPDATE transaction, failed to leave / regenerate the @@ -1552,7 +1952,7 @@ 1740. [bug] Replace rbt's hash algorithm as it performed badly with certain zones. [RT #12729] - + NOTE: a hash context now needs to be established via isc_hash_create() if the application was not already doing this. @@ -1567,7 +1967,7 @@ 1736. [bug] dst_key_fromnamedfile() could fail to read a public key. [RT #12687] - + 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure. [RE #12688] @@ -1607,7 +2007,7 @@ [RT #12519] 1721. [bug] Error message from the journal processing were not - always identifing the relevent journal. [RT #12519] + always identifying the relevant journal. [RT #12519] 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1 negative response. [RT #12506] @@ -1664,7 +2064,7 @@ 1703. [bug] named would loop sending NOTIFY messages when it failed to receive a response. [RT #12322] -1702. [bug] also-notify should not be applied to builtin zones. +1702. [bug] also-notify should not be applied to built in zones. [RT #12323] 1701. [doc] A minimal named.conf man page. @@ -1744,7 +2144,7 @@ 1675. [bug] named would sometimes add extra NSEC records to the authority section. - + 1674. [port] linux: increase buffer size used to scan /proc/net/if_inet6. @@ -1816,7 +2216,7 @@ 1648. [func] Update dnssec-lookaside named.conf syntax to support multiple dnssec-lookaside namespaces (not yet - implemented). + implemented). 1647. [bug] It was possible trigger a INSIST when chasing a DS record that required walking back over a empty node. @@ -1829,7 +2229,7 @@ masters with keys are specified. 1644. [bug] Update the journal modification time after a - sucessfull refresh query. [RT #11436] + successful refresh query. [RT #11436] 1643. [bug] dns_db_closeversion() could leak memory / node references. [RT #11163] @@ -1846,11 +2246,11 @@ 1638. [bug] "ixfr-from-differences" could generate a REQUIRE failure if the journal open failed. [RT #11347] - + 1637. [bug] Node reference leak on error in addnoqname(). 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if - a error had occured. The database version no longer + a error had occurred. The database version no longer matched the version of the database that was dumped. 1635. [bug] Memory leak on error in query_addds(). @@ -1940,21 +2340,21 @@ 1607. [bug] dig, host and nslookup were still using random() to generate query ids. [RT# 11013] *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***