Date: Wed, 24 Jul 2013 07:12:56 +0000 (UTC) From: Erwin Lansing <erwin@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r253592 - in vendor/bind9/dist: . bin bin/check bin/confgen bin/dig bin/dig/include/dig bin/dnssec bin/named bin/named/include/named bin/named/unix bin/nsupdate bin/rndc bin/tools doc/a... Message-ID: <201307240712.r6O7CuKL053097@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: erwin Date: Wed Jul 24 07:12:55 2013 New Revision: 253592 URL: http://svnweb.freebsd.org/changeset/base/253592 Log: Vendor import of Bind 9.8.5-P1 Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S Added: vendor/bind9/dist/lib/dns/rdata/generic/eui48_108.c vendor/bind9/dist/lib/dns/rdata/generic/eui48_108.h vendor/bind9/dist/lib/dns/rdata/generic/eui64_109.c vendor/bind9/dist/lib/dns/rdata/generic/eui64_109.h vendor/bind9/dist/lib/dns/rdata/generic/l32_105.c vendor/bind9/dist/lib/dns/rdata/generic/l32_105.h vendor/bind9/dist/lib/dns/rdata/generic/l64_106.c vendor/bind9/dist/lib/dns/rdata/generic/l64_106.h vendor/bind9/dist/lib/dns/rdata/generic/lp_107.c vendor/bind9/dist/lib/dns/rdata/generic/lp_107.h vendor/bind9/dist/lib/dns/rdata/generic/nid_104.c vendor/bind9/dist/lib/dns/rdata/generic/nid_104.h vendor/bind9/dist/lib/dns/rdata/generic/uri_256.c vendor/bind9/dist/lib/dns/rdata/generic/uri_256.h vendor/bind9/dist/lib/isc/include/isc/regex.h vendor/bind9/dist/lib/isc/regex.c vendor/bind9/dist/libtool.m4/libtool.m4 vendor/bind9/dist/libtool.m4/ltoptions.m4 vendor/bind9/dist/libtool.m4/ltsugar.m4 vendor/bind9/dist/libtool.m4/ltversion.m4 vendor/bind9/dist/libtool.m4/lt~obsolete.m4 Replaced: vendor/bind9/dist/libtool.m4/ Modified: vendor/bind9/dist/CHANGES vendor/bind9/dist/COPYRIGHT vendor/bind9/dist/FAQ vendor/bind9/dist/FAQ.xml vendor/bind9/dist/Makefile.in vendor/bind9/dist/README vendor/bind9/dist/aclocal.m4 vendor/bind9/dist/bin/Makefile.in vendor/bind9/dist/bin/check/check-tool.c vendor/bind9/dist/bin/check/named-checkconf.c vendor/bind9/dist/bin/check/named-checkzone.8 vendor/bind9/dist/bin/check/named-checkzone.c vendor/bind9/dist/bin/check/named-checkzone.docbook vendor/bind9/dist/bin/check/named-checkzone.html vendor/bind9/dist/bin/confgen/keygen.c vendor/bind9/dist/bin/confgen/rndc-confgen.c vendor/bind9/dist/bin/dig/dig.1 vendor/bind9/dist/bin/dig/dig.c vendor/bind9/dist/bin/dig/dig.docbook vendor/bind9/dist/bin/dig/dig.html vendor/bind9/dist/bin/dig/dighost.c vendor/bind9/dist/bin/dig/host.c vendor/bind9/dist/bin/dig/include/dig/dig.h vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.c vendor/bind9/dist/bin/dnssec/dnssec-keygen.c vendor/bind9/dist/bin/dnssec/dnssec-revoke.c vendor/bind9/dist/bin/dnssec/dnssec-settime.c vendor/bind9/dist/bin/dnssec/dnssec-signzone.c vendor/bind9/dist/bin/named/Makefile.in vendor/bind9/dist/bin/named/client.c vendor/bind9/dist/bin/named/config.c vendor/bind9/dist/bin/named/control.c vendor/bind9/dist/bin/named/controlconf.c vendor/bind9/dist/bin/named/include/named/client.h vendor/bind9/dist/bin/named/include/named/globals.h vendor/bind9/dist/bin/named/include/named/server.h vendor/bind9/dist/bin/named/interfacemgr.c vendor/bind9/dist/bin/named/log.c vendor/bind9/dist/bin/named/logconf.c vendor/bind9/dist/bin/named/lwresd.c vendor/bind9/dist/bin/named/main.c vendor/bind9/dist/bin/named/named.conf.5 vendor/bind9/dist/bin/named/named.conf.docbook vendor/bind9/dist/bin/named/named.conf.html vendor/bind9/dist/bin/named/query.c vendor/bind9/dist/bin/named/server.c vendor/bind9/dist/bin/named/statschannel.c vendor/bind9/dist/bin/named/tkeyconf.c vendor/bind9/dist/bin/named/tsigconf.c vendor/bind9/dist/bin/named/unix/dlz_dlopen_driver.c vendor/bind9/dist/bin/named/update.c vendor/bind9/dist/bin/named/xfrout.c vendor/bind9/dist/bin/named/zoneconf.c vendor/bind9/dist/bin/nsupdate/nsupdate.c vendor/bind9/dist/bin/rndc/rndc.c vendor/bind9/dist/bin/tools/genrandom.c vendor/bind9/dist/bin/tools/isc-hmac-fixup.8 vendor/bind9/dist/bin/tools/isc-hmac-fixup.docbook vendor/bind9/dist/bin/tools/isc-hmac-fixup.html vendor/bind9/dist/config.h.in vendor/bind9/dist/config.threads.in vendor/bind9/dist/configure.in vendor/bind9/dist/doc/arm/Bv9ARM-book.xml vendor/bind9/dist/doc/arm/Bv9ARM.ch01.html vendor/bind9/dist/doc/arm/Bv9ARM.ch02.html vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html vendor/bind9/dist/doc/arm/Bv9ARM.ch10.html vendor/bind9/dist/doc/arm/Bv9ARM.html vendor/bind9/dist/doc/arm/Bv9ARM.pdf vendor/bind9/dist/doc/arm/man.arpaname.html vendor/bind9/dist/doc/arm/man.ddns-confgen.html vendor/bind9/dist/doc/arm/man.dig.html vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html vendor/bind9/dist/doc/arm/man.dnssec-keygen.html vendor/bind9/dist/doc/arm/man.dnssec-revoke.html vendor/bind9/dist/doc/arm/man.dnssec-settime.html vendor/bind9/dist/doc/arm/man.dnssec-signzone.html vendor/bind9/dist/doc/arm/man.genrandom.html vendor/bind9/dist/doc/arm/man.host.html vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html vendor/bind9/dist/doc/arm/man.named-checkconf.html vendor/bind9/dist/doc/arm/man.named-checkzone.html vendor/bind9/dist/doc/arm/man.named-journalprint.html vendor/bind9/dist/doc/arm/man.named.html vendor/bind9/dist/doc/arm/man.nsec3hash.html vendor/bind9/dist/doc/arm/man.nsupdate.html vendor/bind9/dist/doc/arm/man.rndc-confgen.html vendor/bind9/dist/doc/arm/man.rndc.conf.html vendor/bind9/dist/doc/arm/man.rndc.html vendor/bind9/dist/doc/arm/pkcs11.xml vendor/bind9/dist/doc/misc/options vendor/bind9/dist/isc-config.sh.in vendor/bind9/dist/lib/Makefile.in vendor/bind9/dist/lib/bind9/Makefile.in vendor/bind9/dist/lib/bind9/api vendor/bind9/dist/lib/bind9/check.c vendor/bind9/dist/lib/dns/Makefile.in vendor/bind9/dist/lib/dns/acache.c vendor/bind9/dist/lib/dns/adb.c vendor/bind9/dist/lib/dns/api vendor/bind9/dist/lib/dns/cache.c vendor/bind9/dist/lib/dns/client.c vendor/bind9/dist/lib/dns/db.c vendor/bind9/dist/lib/dns/dispatch.c vendor/bind9/dist/lib/dns/dlz.c vendor/bind9/dist/lib/dns/dnssec.c vendor/bind9/dist/lib/dns/dst_api.c vendor/bind9/dist/lib/dns/dst_internal.h vendor/bind9/dist/lib/dns/dst_openssl.h vendor/bind9/dist/lib/dns/ecdb.c vendor/bind9/dist/lib/dns/gen.c vendor/bind9/dist/lib/dns/gssapictx.c vendor/bind9/dist/lib/dns/include/dns/acache.h vendor/bind9/dist/lib/dns/include/dns/db.h vendor/bind9/dist/lib/dns/include/dns/message.h vendor/bind9/dist/lib/dns/include/dns/name.h vendor/bind9/dist/lib/dns/include/dns/ncache.h vendor/bind9/dist/lib/dns/include/dns/nsec.h vendor/bind9/dist/lib/dns/include/dns/nsec3.h vendor/bind9/dist/lib/dns/include/dns/rdata.h vendor/bind9/dist/lib/dns/include/dns/result.h vendor/bind9/dist/lib/dns/include/dns/rpz.h vendor/bind9/dist/lib/dns/include/dns/types.h vendor/bind9/dist/lib/dns/include/dns/validator.h vendor/bind9/dist/lib/dns/include/dns/view.h vendor/bind9/dist/lib/dns/include/dns/zone.h vendor/bind9/dist/lib/dns/include/dst/dst.h vendor/bind9/dist/lib/dns/master.c vendor/bind9/dist/lib/dns/message.c vendor/bind9/dist/lib/dns/name.c vendor/bind9/dist/lib/dns/ncache.c vendor/bind9/dist/lib/dns/nsec.c vendor/bind9/dist/lib/dns/nsec3.c vendor/bind9/dist/lib/dns/openssl_link.c vendor/bind9/dist/lib/dns/openssldsa_link.c vendor/bind9/dist/lib/dns/opensslecdsa_link.c vendor/bind9/dist/lib/dns/opensslgost_link.c vendor/bind9/dist/lib/dns/opensslrsa_link.c vendor/bind9/dist/lib/dns/peer.c vendor/bind9/dist/lib/dns/rbt.c vendor/bind9/dist/lib/dns/rbtdb.c vendor/bind9/dist/lib/dns/rdata.c vendor/bind9/dist/lib/dns/rdata/any_255/tsig_250.c vendor/bind9/dist/lib/dns/rdata/generic/dlv_32769.c vendor/bind9/dist/lib/dns/rdata/generic/mx_15.c vendor/bind9/dist/lib/dns/rdata/generic/sshfp_44.c vendor/bind9/dist/lib/dns/rdata/generic/txt_16.c vendor/bind9/dist/lib/dns/rdata/in_1/naptr_35.c vendor/bind9/dist/lib/dns/rdata/in_1/nsap_22.c vendor/bind9/dist/lib/dns/request.c vendor/bind9/dist/lib/dns/resolver.c vendor/bind9/dist/lib/dns/result.c vendor/bind9/dist/lib/dns/rootns.c vendor/bind9/dist/lib/dns/rpz.c vendor/bind9/dist/lib/dns/sdb.c vendor/bind9/dist/lib/dns/sdlz.c vendor/bind9/dist/lib/dns/spnego.c vendor/bind9/dist/lib/dns/spnego_asn1.c vendor/bind9/dist/lib/dns/ssu.c vendor/bind9/dist/lib/dns/ssu_external.c vendor/bind9/dist/lib/dns/tkey.c vendor/bind9/dist/lib/dns/tsig.c vendor/bind9/dist/lib/dns/validator.c vendor/bind9/dist/lib/dns/view.c vendor/bind9/dist/lib/dns/xfrin.c vendor/bind9/dist/lib/dns/zone.c vendor/bind9/dist/lib/export/dns/Makefile.in vendor/bind9/dist/lib/export/irs/Makefile.in vendor/bind9/dist/lib/export/isc/Makefile.in vendor/bind9/dist/lib/export/isc/include/isc/Makefile.in vendor/bind9/dist/lib/export/isc/nls/Makefile.in vendor/bind9/dist/lib/export/isc/nothreads/Makefile.in vendor/bind9/dist/lib/export/isc/pthreads/Makefile.in vendor/bind9/dist/lib/export/isc/unix/Makefile.in vendor/bind9/dist/lib/export/isccfg/Makefile.in vendor/bind9/dist/lib/export/samples/Makefile.in vendor/bind9/dist/lib/export/samples/nsprobe.c vendor/bind9/dist/lib/export/samples/sample-async.c vendor/bind9/dist/lib/export/samples/sample-gai.c vendor/bind9/dist/lib/export/samples/sample-request.c vendor/bind9/dist/lib/export/samples/sample-update.c vendor/bind9/dist/lib/export/samples/sample.c vendor/bind9/dist/lib/irs/api vendor/bind9/dist/lib/irs/dnsconf.c vendor/bind9/dist/lib/irs/getaddrinfo.c vendor/bind9/dist/lib/irs/getnameinfo.c vendor/bind9/dist/lib/irs/resconf.c vendor/bind9/dist/lib/isc/Makefile.in vendor/bind9/dist/lib/isc/api vendor/bind9/dist/lib/isc/buffer.c vendor/bind9/dist/lib/isc/include/isc/Makefile.in vendor/bind9/dist/lib/isc/include/isc/buffer.h vendor/bind9/dist/lib/isc/include/isc/file.h vendor/bind9/dist/lib/isc/include/isc/list.h vendor/bind9/dist/lib/isc/include/isc/mem.h vendor/bind9/dist/lib/isc/include/isc/namespace.h vendor/bind9/dist/lib/isc/include/isc/region.h vendor/bind9/dist/lib/isc/include/isc/sockaddr.h vendor/bind9/dist/lib/isc/include/isc/socket.h vendor/bind9/dist/lib/isc/include/isc/task.h vendor/bind9/dist/lib/isc/include/isc/timer.h vendor/bind9/dist/lib/isc/inet_aton.c vendor/bind9/dist/lib/isc/mem.c vendor/bind9/dist/lib/isc/nothreads/Makefile.in vendor/bind9/dist/lib/isc/parseint.c vendor/bind9/dist/lib/isc/pthreads/thread.c vendor/bind9/dist/lib/isc/ratelimiter.c vendor/bind9/dist/lib/isc/sockaddr.c vendor/bind9/dist/lib/isc/sparc64/include/isc/atomic.h vendor/bind9/dist/lib/isc/symtab.c vendor/bind9/dist/lib/isc/task.c vendor/bind9/dist/lib/isc/taskpool.c vendor/bind9/dist/lib/isc/timer.c vendor/bind9/dist/lib/isc/timer_api.c vendor/bind9/dist/lib/isc/unix/entropy.c vendor/bind9/dist/lib/isc/unix/file.c vendor/bind9/dist/lib/isc/unix/include/isc/time.h vendor/bind9/dist/lib/isc/unix/net.c vendor/bind9/dist/lib/isc/unix/socket.c vendor/bind9/dist/lib/isc/unix/time.c vendor/bind9/dist/lib/isccc/api vendor/bind9/dist/lib/isccc/cc.c vendor/bind9/dist/lib/isccfg/Makefile.in vendor/bind9/dist/lib/isccfg/aclconf.c vendor/bind9/dist/lib/isccfg/api vendor/bind9/dist/lib/isccfg/include/isccfg/cfg.h vendor/bind9/dist/lib/isccfg/namedconf.c vendor/bind9/dist/lib/isccfg/parser.c vendor/bind9/dist/lib/lwres/api vendor/bind9/dist/lib/lwres/context.c vendor/bind9/dist/lib/lwres/getaddrinfo.c vendor/bind9/dist/lib/lwres/getipnode.c vendor/bind9/dist/lib/lwres/getnameinfo.c vendor/bind9/dist/lib/lwres/getrrset.c vendor/bind9/dist/lib/lwres/lwinetaton.c vendor/bind9/dist/lib/lwres/print.c vendor/bind9/dist/ltmain.sh vendor/bind9/dist/make/rules.in vendor/bind9/dist/version Modified: vendor/bind9/dist/CHANGES ============================================================================== --- vendor/bind9/dist/CHANGES Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/CHANGES Wed Jul 24 07:12:55 2013 (r253592) @@ -1,20 +1,386 @@ - --- 9.8.4-P2 released --- + --- 9.8.5-P1 released --- -3516. [security] Removed the check for regex.h in configure in order - to disable regex syntax checking, as it exposes - BIND to a critical flaw in libregex on some - platforms. [RT #32688] +3584. [security] Caching data from an incompletely signed zone could + trigger an assertion failure in resolver.c [RT #33690] - --- 9.8.4-P1 released --- + --- 9.8.5 released --- -3407. [security] Named could die on specific queries with dns64 enabled. - [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] +3568. [cleanup] Add a product description line to the version file, + to be reported by named -v/-V. [RT #33366] - --- 9.8.4 released --- +3567. [bug] Silence clang static analyzer warnings. [RT #33365] + +3563. [contrib] zone2sqlite failed with some table names. [RT #33375] + +3561. [bug] dig: issue a warning if an EDNS query returns FORMERR + or NOTIMP. Adjust usage message. [RT #33363] + + --- 9.8.5rc1 released --- + +3560. [bug] isc-config.sh did not honor includedir and libdir + when set via configure. [RT #33345] + +3559. [func] Check that both forms of Sender Policy Framework + records exist or do not exist. [RT #33355] + +3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331] + +3556. [maint] Added AAAA for D.ROOT-SERVERS.NET. + +3555. [bug] Address theoretical race conditions in acache.c + (change #3553 was incomplete). [RT #33252] + +3553. [bug] Address suspected double free in acache. [RT #33252] + +3552. [bug] Wrong getopt option string for 'nsupdate -r'. + [RT #33280] + +3549. [doc] Documentation for "request-nsid" was missing. + [RT #33153] + +3548. [bug] The NSID request code in resolver.c was broken + resulting in invalid EDNS options being sent. + [RT #33153] + +3547. [bug] Some malformed unknown rdata records were not properly + detected and rejected. [RT #33129] + +3056. [func] Added support for URI resource record. [RT #23386] + + --- 9.8.5rc1 released --- + +3546. [func] Add EUI48 and EUI64 types. [RT #33082] + +3544. [contrib] check5011.pl: Script to report the status of + managed keys as recorded in managed-keys.bind. + Contributed by Tony Finch <dot@dotat.at> + +3543. [bug] Update socket structure before attaching to socket + manager after accept. [RT #33084] + +3542. [bug] masterformat system test was broken. [RT #33086] + +3541. [bug] Parts of libdns were not properly initialized when + built in libexport mode. [RT #33028] + +3540. [test] libt_api: t_info and t_assert were not thread safe. + +3539. [port] win32: timestamp format didn't match other platforms. + +3538. [test] Running "make test" now requires loopback interfaces + to be set up. [RT #32452] + +3537. [tuning] Slave zones, when updated, now send NOTIFY messages + to peers before being dumped to disk rather than + after. [RT #27242] + +3535. [bug] Minor win32 cleanups. [RT #32962] + +3534. [bug] Extra text after an embedded NULL was ignored when + parsing zone files. [RT #32699] + +3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960] + +3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960] + +3531. [bug] win32: A uninitialized value could be returned on out + of memory. [RT #32960] + +3530. [contrib] Better RTT tracking in queryperf. [RT #30128] + +3526. [cleanup] Set up dependencies for unit tests correctly during + build. [RT #32803] + +3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249] + +3520. [bug] 'mctx' was not being referenced counted in some places + where it should have been. [RT #32794] + + --- 9.8.5b2 released --- + +3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777] + +3515. [port] '%T' is not portable in strftime(). [RT #32763] + +3514. [bug] The ranges for valid key sizes in ddns-confgen and + rndc-confgen were too constrained. Keys up to 512 + bits are now allowed for most algorithms, and up + to 1024 bits for hmac-sha384 and hmac-sha512. + [RT #32753] + +3509. [cleanup] Added a product line to version file to allow for + easy naming of different products (BIND + vs BIND ESV, for example). [RT #32755] + +3508. [contrib] queryperf was incorrectly rejecting the -T option. + [RT #32338] + +3503. [doc] Clarify size_spec syntax. [RT #32449] + +3500. [security] Support NAPTR regular expression validation on + all platforms without using libregex, which + can be vulnerable to memory exhaustion attack + (CVE-2013-2266). [RT #32688] + +3499. [doc] Corrected ARM documentation of built-in zones. + [RT #32694] + +3498. [bug] zone statistics for zones which matched a potential + empty zone could have their zone-statistics setting + overridden. + +3496. [func] Improvements to RPZ performance. The "response-policy" + syntax now includes a "min-ns-dots" clause, with + default 1, to exclude top-level domains from + NSIP and NSDNAME checking. --enable-rpz-nsip and + --enable-rpz-nsdname are now the default. [RT #32251] + +3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT. + When cloning a rdataset do not copy the link contents. + [RT #32651] + +3488. [bug] Use after free error with DH generated keys. [RT #32649] + +3487. [bug] Change 3444 was not complete. There was a additional + place where the NOQNAME proof needed to be saved. + [RT #32629] + +3486. [bug] named could crash when using TKEY-negotiated keys + that had been deleted and then recreated. [RT #32506] + +3485. [cleanup] Only compile openssl_gostlink.c if we support GOST. + +3481. [cleanup] Removed use of const const in atf. + +3479. [bug] Address potential memory leaks in gssapi support + code. [RT #32405] + +3478. [port] Fix a build failure in strict C99 environments + [RT #32475] + +3474. [bug] nsupdate could assert when the local and remote + address families didn't match. [RT #22897] + +3470. [bug] Slave zones could fail to dump when successfully + refreshing after an initial failure. [RT #31276] + + --- 9.8.5b1 released --- + +3468. [security] RPZ rules to generate A records (but not AAAA records) + could trigger an assertion failure when used in + conjunction with DNS64 (CVE-2012-5689). [RT #32141] + +3467. [bug] Added checks in dnssec-keygen and dnssec-settime + to check for delete date < inactive date. [RT #31719] + +3465. [bug] Handle isolated reserved ports. [RT #31778] + +3464. [maint] Updates to PKCS#11 openssl patches, supporting + versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749] + +3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232] + +3462. [doc] Clarify server selection behavior of dig when using + -4 or -6 options. [RT #32181] + +3461. [bug] Negative responses could incorrectly have AD=1 + set. [RT #32237] + +3458. [bug] Return FORMERR when presented with a overly long + domain named in a request. [RT #29682] + +3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836] + +3456. [port] g++47: ATF failed to compile. [RT #32012] + +3455. [contrib] queryperf: fix getopt option list. [RT #32338] + +3454. [port] sparc64: improve atomic support. [RT #25182] + +3452. [bug] Accept duplicate singleton records. [RT #32329] + +3451. [port] Increase per thread stack size from 64K to 1M. + [RT #32230] + +3450. [bug] Stop logfileconfig system test spam system logs. + [RT #32315] + +3449. [bug] gen.c: use the pre-processor to construct format + strings so that compiler can perform sanity checks; + check the snprintf results. [RT #17576] + +3448. [bug] The allow-query-on ACL was not processed correctly. + [RT #29486] + +3447. [port] Add support for libxml2-2.9.x [RT #32231] + +3446. [port] win32: Add source ID (see change #3400) to build. + [RT #31683] + +3445. [bug] Warn about zone files with blank owner names + immediately after $ORIGIN directives. [RT #31848] + +3444. [bug] The NOQNAME proof was not being returned from cached + insecure responses. [RT #21409] + +3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly + rejected when generating keys. [RT #31927] + +3442. [port] Net::DNS 0.69 introduced a non backwards compatible + change. [RT #32216] + +3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13. + +3440. [bug] Reorder get_key_struct to not trigger a assertion when + cleaning up due to out of memory error. [RT #32131] + +3439. [bug] contrib/dlz error checking fixes. [RT #32102] + +3438. [bug] Don't accept unknown data escape in quotes. [RT #32031] + +3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize + buffers with constant data. [RT #32064] + +3436. [bug] Check malloc/calloc return values. [RT #32088] + +3435. [bug] Cross compilation support in configure was broken. + [RT #32078] + +3431. [bug] ddns-confgen: Some valid key algorithms were + not accepted. [RT #31927] + +3430. [bug] win32: isc_time_formatISO8601 was missing the + 'T' between the date and time. [RT #32044] + +3429. [bug] dns_zone_getserial2 could a return success without + returning a valid serial. [RT #32007] + +3428. [cleanup] dig: Add timezone to date output. [RT #2269] + +3427. [bug] dig +trace incorrectly displayed name server + addresses instead of names. [RT #31641] + +3425. [bug] "acacheentry" reference counting was broken resulting + in use after free. [RT #31908] + +3422. [bug] Added a clear error message for when the SOA does not + match the referral. [RT #31281] + +3421. [bug] Named loops when re-signing if all keys are offline. + [RT #31916] + +3420. [bug] Address VPATH compilation issues. [RT #31879] + +3419. [bug] Memory leak on validation cancel. [RT #31869] + +3415. [bug] named could die with a REQUIRE failure if a validation + was canceled. [RT #31804] + +3412. [bug] Copy timeval structure from control message data. + [RT #31548] + +3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition + to UDP. [RT #31690] + +3410. [bug] Addressed Coverity warnings. [RT #31626] + +3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's + from X.509 certificates, for use with DANE + (DNS-based Authentication of Named Entities). + [RT #30513] + +3406. [bug] mem.c: Fix compilation errors when building with + ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled. + Also, ISC_MEM_DEBUG is no longer optional. [RT #31559] + +3405. [bug] Handle time going backwards in acache. [RT #31253] + +3404. [bug] dnssec-signzone: When re-signing a zone, remove + RRSIG and NSEC records from nodes that used to be + in-zone but are now below a zone cut. [RT #31556] + +3403. [bug] Silence noisy OpenSSL logging. [RT #31497] + +3402. [test] The IPv6 interface numbers used for system + tests were incorrect on some platforms. [RT #25085] + +3401. [bug] Addressed Coverity warnings. [RT #31484] + +3400. [cleanup] "named -V" can now report a source ID string, defined + in the "srcid" file in the build tree and normally set + to the most recent git hash. [RT #31494] + +3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298] + +3396. [bug] OPT records were incorrectly removed from signed, + truncated responses. [RT #31439] + +3395. [protocol] Add RFC 6598 reverse zones to built in empty zones + list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA. + [RT #31336] + +3394. [bug] Adjust 'successfully validated after lower casing + signer' log level and category. [RT #31414] + +3393. [bug] 'host -C' could core dump if REFUSED was received. + [RT #31381] + +3391. [bug] A DNSKEY lookup that encountered a CNAME failed. + [RT #31262] + +3390. [bug] Silence clang compiler warnings. [RT #30417] + +3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275] + +3388. [bug] Fixed several Coverity warnings. + Note: This change includes a fix for a bug that + was subsequently determined to be an exploitable + security vulnerability, CVE-2012-5688: named could + die on specific queries with dns64 enabled. + [RT #30996] + +3386. [bug] Address locking violation when generating new NSEC / + NSEC3 chains. [RT #31224] + +3384. [bug] Improved logging of crypto errors. [RT #30963] 3383. [security] A certain combination of records in the RBT could - cause named to hang while populating the additional - section of a response. [RT #31090] + cause named to hang while populating the additional + section of a response. [RT #31090] + +3382. [bug] SOA query from slave used use-v6-udp-ports range, + if set, regardless of the address family in use. + [RT #24173] + +3381. [contrib] Update queryperf to support more RR types. + [RT #30762] + +3380. [bug] named could die if a nonexistent master list was + referenced in a also-notify. [RT #31004] + +3379. [bug] isc_interval_zero and isc_time_epoch should be + "const (type)* const". [RT #31069] + +3378. [bug] Handle missing 'managed-keys-directory' better. + [RT #30625] + +3376. [bug] Lack of EDNS support was being recorded without a + successful response. [RT #30811] + +3375. [func] Check that 'rndc dumpdb' works on a empty cache. + [RT #30808] + +3374. [bug] isc_parse_uint32 failed to return a range error on + systems with 64 bit longs. [RT #30232] + +3372. [bug] Silence spurious "deleted from unreachable cache" + messages. [RT #30501] + +3371. [bug] AD=1 should behave like DO=1 when deciding whether to + add NS RRsets to the additional section or not. + [RT #30479] + + --- 9.8.4 released --- 3373. [bug] win32: open raw files in binary mode. [RT #30944] @@ -135,11 +501,11 @@ --- 9.8.3 released --- 3318. [tuning] Reduce the amount of work performed while holding a - bucket lock when finshed with a fetch context. + bucket lock when finished with a fetch context. [RT #29239] -3314. [bug] The masters list could be updated while refesh_callback - and stub_callback were using it. [RT #26732] +3314. [bug] The masters list could be updated while stub_callback + or refresh_callback were using it. [RT #26732] 3313. [protocol] Add TLSA record type. [RT #28989] @@ -151,7 +517,7 @@ 3310. [test] Increase table size for mutex profiling. [RT #28809] -3309. [bug] resolver.c:fctx_finddone() was not threadsafe. +3309. [bug] resolver.c:fctx_finddone() was not thread safe. [RT #27995] 3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS. @@ -328,7 +694,7 @@ 3234. [bug] 'make depend' produced invalid makefiles. [RT #26830] -3231. [bug] named could fail to send a uncompressable zone. +3231. [bug] named could fail to send a incompressible zone. [RT #26796] 3230. [bug] 'dig axfr' failed to properly handle a multi-message @@ -345,7 +711,7 @@ 3226. [bug] Address minor resource leakages. [RT #26624] -3221. [bug] Fixed a potential coredump on shutdown due to +3221. [bug] Fixed a potential core dump on shutdown due to referencing fetch context after it's been freed. [RT #26720] @@ -369,7 +735,7 @@ 3209. [func] Add "dnssec-lookaside 'no'". [RT #24858] -3208. [bug] 'dig -y' handle unknown tsig alorithm better. +3208. [bug] 'dig -y' handle unknown tsig algorithm better. [RT #25522] 3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444] @@ -672,7 +1038,7 @@ 3077. [bug] zone.c:zone_refreshkeys() incorrectly called dns_zone_attach(), use zone->irefs instead. [RT #23303] -3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant +3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent timestamp when determining which keys are active. [RT #23642] @@ -686,7 +1052,7 @@ 3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference. [RT #20256] -3071. [bug] has_nsec could be used unintialised in +3071. [bug] has_nsec could be used uninitialized in update.c:next_active. [RT #20256] 3070. [bug] dnssec-signzone potential NULL pointer dereference. @@ -732,7 +1098,7 @@ 3052. [test] Fixed last autosign test report. [RT #23256] -3051. [bug] NS records obsure DNAME records at the bottom of the +3051. [bug] NS records obscure DNAME records at the bottom of the zone if both are present. [RT #23035] 3050. [bug] The autosign system test was timing dependent. @@ -742,7 +1108,7 @@ 3049. [bug] Save and restore the gid when creating creating named.pid at startup. [RT #23290] -3048. [bug] Fully separate view key mangement. [RT #23419] +3048. [bug] Fully separate view key management. [RT #23419] 3047. [bug] DNSKEY NODATA responses not cached fixed in validator.c. Tests added to dnssec system test. @@ -1079,7 +1445,7 @@ no data response. [RT #21744] 2952. [port] win32: named-checkzone and named-checkconf failed - to initialise winsock. [RT #21932] + to initialize winsock. [RT #21932] 2951. [bug] named failed to generate a correct signed response in a optout, delegation only zone with no secure @@ -1125,7 +1491,7 @@ in use. [RT# 21868] 2938. [bug] When generating signed responses, from a signed zone - that uses NSEC3, named would use a uninitialised + that uses NSEC3, named would use a uninitialized pointer if it needed to skip a NSEC3 record because it didn't match the selected NSEC3PARAM record for zone. [RT# 21868] @@ -1179,7 +1545,7 @@ revisit the issue and complete the fix later. [RT #21710] -2930. [experimental] New "rndc addzone" and "rndc delzone" commads +2930. [experimental] New "rndc addzone" and "rndc delzone" commands allow dynamic addition and deletion of zones. To enable this feature, specify a "new-zone-file" option at the view or options level in named.conf. @@ -1355,7 +1721,7 @@ successfully responds to the query using plain DNS. [RT #20930] -2873. [bug] Cancelling a dynamic update via the dns/client module +2873. [bug] Canceling a dynamic update via the dns/client module could trigger an assertion failure. [RT #21133] 2872. [bug] Modify dns/client.c:dns_client_createx() to only @@ -1397,7 +1763,7 @@ 2860. [bug] named-checkconf's usage was out of date. [RT #21039] -2859. [bug] When cancelling validation it was possible to leak +2859. [bug] When canceling validation it was possible to leak memory. [RT #20800] 2858. [bug] RTT estimates were not being adjusted on ICMP errors. @@ -1950,7 +2316,7 @@ 2695. [func] DHCP/DDNS - update fdwatch code for use by DHCP. Modify the api to isc_sockfdwatch_t (the - callback functon for isc_socket_fdwatchcreate) + callback function for isc_socket_fdwatchcreate) to include information about the direction (read or write) and add isc_socket_fdwatchpoke. [RT #20253] @@ -2015,7 +2381,7 @@ sets the time when a key is no longer used for signing but is still published. - The "unpublished" date (-U) is deprecated in - favour of "deleted" (-D). + favor of "deleted" (-D). [RT #20247] 2676. [bug] --with-export-installdir should have been @@ -2461,7 +2827,7 @@ 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] -2552. [bug] zero-no-soa-ttl-cache was not being honoured. +2552. [bug] zero-no-soa-ttl-cache was not being honored. [RT #19340] 2551. [bug] Potential Reference leak on return. [RT #19341] @@ -2514,7 +2880,7 @@ 2534. [func] Check NAPTR records regular expressions and replacement strings to ensure they are syntactically - valid and consistant. [RT #18168] + valid and consistent. [RT #18168] 2533. [doc] ARM: document @ (at-sign). [RT #17144] Modified: vendor/bind9/dist/COPYRIGHT ============================================================================== --- vendor/bind9/dist/COPYRIGHT Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/COPYRIGHT Wed Jul 24 07:12:55 2013 (r253592) @@ -1,4 +1,4 @@ -Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any Modified: vendor/bind9/dist/FAQ ============================================================================== --- vendor/bind9/dist/FAQ Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/FAQ Wed Jul 24 07:12:55 2013 (r253592) @@ -1,6 +1,6 @@ Frequently Asked Questions about BIND 9 -Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright © 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC") Copyright © 2000-2003 Internet Software Consortium. @@ -869,7 +869,7 @@ A: If you run Tiger(Mac OS 10.4) or late Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.: key "rndc-key" { - algorithm hmac-md5; + algorithm hmac-sha256; secret "uvceheVuqf17ZwIcTydddw=="; }; Modified: vendor/bind9/dist/FAQ.xml ============================================================================== --- vendor/bind9/dist/FAQ.xml Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/FAQ.xml Wed Jul 24 07:12:55 2013 (r253592) @@ -1,7 +1,7 @@ <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> <!-- - - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -30,6 +30,7 @@ <year>2008</year> <year>2009</year> <year>2010</year> + <year>2013</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -1564,7 +1565,7 @@ rand_irqs="3 14 15"</programlisting> <informalexample> <programlisting> key "rndc-key" { - algorithm hmac-md5; + algorithm hmac-sha256; secret "uvceheVuqf17ZwIcTydddw=="; };</programlisting> </informalexample> Modified: vendor/bind9/dist/Makefile.in ============================================================================== --- vendor/bind9/dist/Makefile.in Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/Makefile.in Wed Jul 24 07:12:55 2013 (r253592) @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -61,9 +61,21 @@ tags: rm -f TAGS find lib bin -name "*.[ch]" -print | @ETAGS@ - -check: test +test check: + @if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \ + echo I: NOTE: The tests were not run because they require that; \ + echo I: the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \ + echo I: as alias addresses on the loopback interface. Please run; \ + echo I: \'bin/tests/system/ifconfig.sh up\' as root to configure; \ + echo I: them, then rerun the tests. Run make force-test to run the; \ + echo I: tests anyway.; \ + exit 1; \ + fi + ${MAKE} test-force -test: +force-test: test-force + +test-force: status=0; \ (cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \ (test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \ Modified: vendor/bind9/dist/README ============================================================================== --- vendor/bind9/dist/README Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/README Wed Jul 24 07:12:55 2013 (r253592) @@ -51,6 +51,11 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.8.5 + + BIND 9.8.5 includes several bug fixes and patches security + flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266. + BIND 9.8.4 BIND 9.8.4 includes several bug fixes and patches security Modified: vendor/bind9/dist/aclocal.m4 ============================================================================== --- vendor/bind9/dist/aclocal.m4 Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/aclocal.m4 Wed Jul 24 07:12:55 2013 (r253592) @@ -1,2 +1,5 @@ -sinclude(./libtool.m4)dnl - +sinclude(libtool.m4/libtool.m4)dnl +sinclude(libtool.m4/ltoptions.m4)dnl +sinclude(libtool.m4/ltsugar.m4)dnl +sinclude(libtool.m4/ltversion.m4)dnl +sinclude(libtool.m4/lt~obsolete.m4)dnl Modified: vendor/bind9/dist/bin/Makefile.in ============================================================================== --- vendor/bind9/dist/bin/Makefile.in Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/Makefile.in Wed Jul 24 07:12:55 2013 (r253592) @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -19,7 +19,7 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ -SUBDIRS = named rndc dig dnssec tests tools nsupdate \ +SUBDIRS = named rndc dig dnssec tools tests nsupdate \ check confgen @PKCS11_TOOLS@ TARGETS = Modified: vendor/bind9/dist/bin/check/check-tool.c ============================================================================== --- vendor/bind9/dist/bin/check/check-tool.c Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/check/check-tool.c Wed Jul 24 07:12:55 2013 (r253592) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2010, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -196,6 +196,10 @@ checkns(dns_zone_t *zone, dns_name_t *na a->type == dns_rdatatype_a); REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) || aaaa->type == dns_rdatatype_aaaa); + + if (a == NULL || aaaa == NULL) + return (answer); + memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; hints.ai_family = PF_UNSPEC; @@ -258,8 +262,7 @@ checkns(dns_zone_t *zone, dns_name_t *na } return (ISC_TRUE); } - if (a == NULL || aaaa == NULL) - return (answer); + /* * Check that all glue records really exist. */ @@ -597,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *z dns_zone_settype(zone, dns_zone_master); - isc_buffer_init(&buffer, zonename, strlen(zonename)); + isc_buffer_constinit(&buffer, zonename, strlen(zonename)); isc_buffer_add(&buffer, strlen(zonename)); dns_fixedname_init(&fixorigin); origin = dns_fixedname_name(&fixorigin); Modified: vendor/bind9/dist/bin/check/named-checkconf.c ============================================================================== --- vendor/bind9/dist/bin/check/named-checkconf.c Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/check/named-checkconf.c Wed Jul 24 07:12:55 2013 (r253592) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -295,6 +295,18 @@ configure_zone(const char *vclass, const } obj = NULL; + if (get_maps(maps, "check-spf", &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options &= ~DNS_ZONEOPT_CHECKSPF; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } + + obj = NULL; if (get_checknames(maps, &obj)) { if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { zone_options |= DNS_ZONEOPT_CHECKNAMES; @@ -471,6 +483,7 @@ main(int argc, char **argv) { if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); + /* FALLTHROUGH */ case 'h': usage(); Modified: vendor/bind9/dist/bin/check/named-checkzone.8 ============================================================================== --- vendor/bind9/dist/bin/check/named-checkzone.8 Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/check/named-checkzone.8 Wed Jul 24 07:12:55 2013 (r253592) @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -33,9 +33,9 @@ named\-checkzone, named\-compilezone \- zone file validity checking or converting tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} .HP 18 -\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} +\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} .SH "DESCRIPTION" .PP \fBnamed\-checkzone\fR @@ -236,6 +236,14 @@ Chroot to so that include directives in the configuration file are processed as if run by a similarly chrooted named. .RE .PP +\-T \fImode\fR +.RS 4 +Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are +\fB"warn"\fR +(default), +\fB"ignore"\fR. +.RE +.PP \-w \fIdirectory\fR .RS 4 chdir to @@ -281,7 +289,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br Modified: vendor/bind9/dist/bin/check/named-checkzone.c ============================================================================== --- vendor/bind9/dist/bin/check/named-checkzone.c Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/check/named-checkzone.c Wed Jul 24 07:12:55 2013 (r253592) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -145,19 +145,21 @@ main(int argc, char **argv) { if (progmode == progmode_compile) { zone_options |= (DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_FATALNS | + DNS_ZONEOPT_CHECKSPF | DNS_ZONEOPT_CHECKDUPRR | DNS_ZONEOPT_CHECKNAMES | DNS_ZONEOPT_CHECKNAMESFAIL | DNS_ZONEOPT_CHECKWILDCARD); } else - zone_options |= DNS_ZONEOPT_CHECKDUPRR; + zone_options |= (DNS_ZONEOPT_CHECKDUPRR | + DNS_ZONEOPT_CHECKSPF); #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0) isc_commandline_errprint = ISC_FALSE; while ((c = isc_commandline_parse(argc, argv, - "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:")) + "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:T:W:")) != EOF) { switch (c) { case 'c': @@ -363,6 +365,18 @@ main(int argc, char **argv) { } break; + case 'T': + if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } else if (ARGCMP("ignore")) { + zone_options &= ~DNS_ZONEOPT_CHECKSPF; + } else { + fprintf(stderr, "invalid argument to -T: %s\n", + isc_commandline_argument); + exit(1); + } + break; + case 'W': if (ARGCMP("warn")) zone_options |= DNS_ZONEOPT_CHECKWILDCARD; @@ -374,6 +388,7 @@ main(int argc, char **argv) { if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", prog_name, isc_commandline_option); + /* FALLTHROUGH */ case 'h': usage(); Modified: vendor/bind9/dist/bin/check/named-checkzone.docbook ============================================================================== --- vendor/bind9/dist/bin/check/named-checkzone.docbook Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/check/named-checkzone.docbook Wed Jul 24 07:12:55 2013 (r253592) @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -38,6 +38,7 @@ <year>2007</year> <year>2009</year> <year>2010</year> + <year>2013</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -75,6 +76,7 @@ <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg> <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-D</option></arg> <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg> @@ -98,6 +100,7 @@ <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-D</option></arg> <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg> @@ -380,6 +383,18 @@ </varlistentry> <varlistentry> + <term>-T <replaceable class="parameter">mode</replaceable></term> + <listitem> + <para> + Check if Sender Policy Framework records (TXT and SPF) + both exist or both don't exist. A warning is issued + if they don't match. Possible modes are + <command>"warn"</command> (default), <command>"ignore"</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-w <replaceable class="parameter">directory</replaceable></term> <listitem> <para> Modified: vendor/bind9/dist/bin/check/named-checkzone.html ============================================================================== --- vendor/bind9/dist/bin/check/named-checkzone.html Wed Jul 24 06:13:00 2013 (r253591) +++ vendor/bind9/dist/bin/check/named-checkzone.html Wed Jul 24 07:12:55 2013 (r253592) @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,11 +29,11 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> -<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</co de></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> +<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> +<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</co de></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543696"></a><h2>DESCRIPTION</h2> +<a name="id2543716"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> does when loading a @@ -53,7 +53,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543731"></a><h2>OPTIONS</h2> +<a name="id2543751"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -214,6 +214,13 @@ directives in the configuration file are processed as if run by a similarly chrooted named. </p></dd> +<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt> +<dd><p> + Check if Sender Policy Framework records (TXT and SPF) + both exist or both don't exist. A warning is issued + if they don't match. Possible modes are + <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>. + </p></dd> <dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> chdir to <code class="filename">directory</code> so that @@ -247,14 +254,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544446"></a><h2>RETURN VALUES</h2> +<a name="id2544422"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544458"></a><h2>SEE ALSO</h2> +<a name="id2544434"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <em class="citetitle">RFC 1035</em>, @@ -262,7 +269,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544491"></a><h2>AUTHOR</h2> +<a name="id2544603"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307240712.r6O7CuKL053097>