From owner-svn-src-all@FreeBSD.ORG Tue Aug 2 09:42:58 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFC531065782; Tue, 2 Aug 2011 09:42:58 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BA9228FC16; Tue, 2 Aug 2011 09:42:58 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p729gwGR039833; Tue, 2 Aug 2011 09:42:58 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p729gw5Q039825; Tue, 2 Aug 2011 09:42:58 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201108020942.p729gw5Q039825@svn.freebsd.org> From: Doug Barton Date: Tue, 2 Aug 2011 09:42:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r224601 - in stable/7/contrib/bind9: . bin/dnssec bin/named doc/arm doc/draft lib/dns lib/dns/include/dns lib/dns/rdata/generic lib/isc lib/isc/include/isc lib/isc/powerpc/include/isc l... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2011 09:42:58 -0000 Author: dougb Date: Tue Aug 2 09:42:58 2011 New Revision: 224601 URL: http://svn.freebsd.org/changeset/base/224601 Log: Update to version 9.4-ESV-R5 which contains various bug fixes and improvements See RELEASE-NOTES-BIND-9.4-ESV.* for details This is expected to be the final release of the BIND 9.4 branch Added: stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.html - copied unchanged from r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.html stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.pdf - copied unchanged from r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.pdf stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.txt - copied unchanged from r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.txt stable/7/contrib/bind9/doc/draft/draft-faltstrom-uri-06.txt - copied unchanged from r224594, vendor/bind9/dist-9.4/doc/draft/draft-faltstrom-uri-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2671bis-edns0-05.txt - copied unchanged from r224594, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-rfc2671bis-edns0-05.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-dnssec-key-timing-02.txt - copied unchanged from r224594, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsop-dnssec-key-timing-02.txt Deleted: stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-dnssec-key-timing-00.txt Modified: stable/7/contrib/bind9/CHANGES stable/7/contrib/bind9/COPYRIGHT stable/7/contrib/bind9/README stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.c stable/7/contrib/bind9/bin/named/client.c stable/7/contrib/bind9/bin/named/logconf.c stable/7/contrib/bind9/bin/named/update.c stable/7/contrib/bind9/bin/named/zoneconf.c stable/7/contrib/bind9/doc/arm/Bv9ARM-book.xml stable/7/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/7/contrib/bind9/doc/arm/Bv9ARM.html stable/7/contrib/bind9/doc/arm/Bv9ARM.pdf stable/7/contrib/bind9/doc/arm/man.dig.html stable/7/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/7/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/7/contrib/bind9/doc/arm/man.host.html stable/7/contrib/bind9/doc/arm/man.named-checkconf.html stable/7/contrib/bind9/doc/arm/man.named-checkzone.html stable/7/contrib/bind9/doc/arm/man.named.html stable/7/contrib/bind9/doc/arm/man.rndc-confgen.html stable/7/contrib/bind9/doc/arm/man.rndc.conf.html stable/7/contrib/bind9/doc/arm/man.rndc.html stable/7/contrib/bind9/lib/dns/api stable/7/contrib/bind9/lib/dns/dispatch.c stable/7/contrib/bind9/lib/dns/include/dns/masterdump.h stable/7/contrib/bind9/lib/dns/include/dns/rdataset.h stable/7/contrib/bind9/lib/dns/masterdump.c stable/7/contrib/bind9/lib/dns/message.c stable/7/contrib/bind9/lib/dns/ncache.c stable/7/contrib/bind9/lib/dns/rbtdb.c stable/7/contrib/bind9/lib/dns/rdata.c stable/7/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c stable/7/contrib/bind9/lib/dns/rdata/generic/nsec_47.c stable/7/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c stable/7/contrib/bind9/lib/dns/rdataset.c stable/7/contrib/bind9/lib/dns/resolver.c stable/7/contrib/bind9/lib/dns/time.c stable/7/contrib/bind9/lib/dns/validator.c stable/7/contrib/bind9/lib/dns/xfrin.c stable/7/contrib/bind9/lib/dns/zone.c stable/7/contrib/bind9/lib/isc/api stable/7/contrib/bind9/lib/isc/include/isc/file.h stable/7/contrib/bind9/lib/isc/powerpc/include/isc/atomic.h stable/7/contrib/bind9/lib/isc/unix/file.c stable/7/contrib/bind9/lib/isc/unix/socket.c stable/7/contrib/bind9/lib/isc/unix/stdio.c stable/7/contrib/bind9/lib/lwres/api stable/7/contrib/bind9/lib/lwres/print_p.h stable/7/contrib/bind9/release-notes.css stable/7/contrib/bind9/version Directory Properties: stable/7/contrib/bind9/ (props changed) Modified: stable/7/contrib/bind9/CHANGES ============================================================================== --- stable/7/contrib/bind9/CHANGES Tue Aug 2 09:06:04 2011 (r224600) +++ stable/7/contrib/bind9/CHANGES Tue Aug 2 09:42:58 2011 (r224601) @@ -1,14 +1,83 @@ - --- 9.4-ESV-R4-P1 released --- + --- 9.4-ESV-R5 released --- + +3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing. + See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307 + [RT #24950] + +3023. [bug] Named could be left in an inconsistent state when + receiving multiple AXFR response messages that were + not all TSIG-signed. [RT #23254] + + --- 9.4-ESV-R5rc1 released --- + +3124. [bug] Use an rdataset attribute flag to indicate + negative-cache records rather than using rrtype 0; + this will prevent problems when that rrtype is + used in actual DNS packets. [RT #24777] 3121. [security] An authoritative name server sending a negative response containing a very large RRset could trigger an off-by-one error in the ncache code and crash named. [RT #24650] -3120. [bug] Named could fail to validate zones listed in a DLV +3120. [bug] Named could fail to validate zones list in a DLV that validated insecure without using DLV and had DS records in the parent zone. [RT #24631] +3113. [doc] Document the relationship between serial-query-rate + and NOTIFY messages. + + --- 9.4-ESV-R5b1 released --- + +3095. [bug] Handle isolated reserved ports in the port range. + [RT #23957] + +3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf + and add setup.sh in order to resolve changing + named.conf issue. [RT #23687] + +3071. [bug] has_nsec could be used unintialised in + update.c:next_active. [RT #20256] + +3067. [bug] ixfr-from-differences {master|slave}; failed to + select the master/slave zones. [RT #23580] + +3065. [bug] RRSIG could have time stamps too far in the future. + [RT #23356] + +3064. [bug] powerpc: add sync instructions to the end of atomic + operations. [RT #23469] + +3058. [bug] Cause named to terminate at startup or rndc reconfig/ + reload to fail, if a log file specified in the conf + file isn't a plain file. [RT #22771] + +3051. [bug] NS records obsure DNAME records at the bottom of the + zone if both are present. [RT #23035] + +3041. [bug] dnssec-signzone failed to generate new signatures on + ttl changes. [RT #23330] + +3040. [bug] Named failed to validate insecure zones where a node + with a CNAME existed between the trust anchor and the + top of the zone. [RT #23338] + +3037. [doc] Update COPYRIGHT to contain all the individual + copyright notices that cover various parts. + +3014. [bug] Fix the zonechecks system test to match expected + behaviour for 9.4 and to fail on error. [RT #22905] + +3009. [bug] clients-per-query code didn't work as expected with + particular query patterns. [RT #22972] + +3007. [bug] Named failed to preserve the case of domain names in + rdata which is not compressible when writing master + files. [RT #22863] + +2996. [security] Temporarily disable SO_ACCEPTFILTER support. + [RT #22589] + --- 9.4-ESV-R4 released --- 2970. [security] Adding a NO DATA negative cache entry failed to clear Modified: stable/7/contrib/bind9/COPYRIGHT ============================================================================== --- stable/7/contrib/bind9/COPYRIGHT Tue Aug 2 09:06:04 2011 (r224600) +++ stable/7/contrib/bind9/COPYRIGHT Tue Aug 2 09:42:58 2011 (r224601) @@ -1,4 +1,4 @@ -Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any @@ -13,9 +13,15 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.9.18.7 2010-01-07 23:46:07 tbox Exp $ +$Id: COPYRIGHT,v 1.9.18.9 2011-02-22 06:45:07 marka Exp $ -Portions Copyright (C) 1996-2001 Nominum, Inc. + Portions of this code release fall under one or more of the + following Copyright notices. Please see individual source + files for details. + + For binary releases also see: OpenSSL-LICENSE. + +Copyright (C) 1996-2001 Nominum, Inc. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -28,3 +34,485 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + ----------------------------------------------------------------------------- + +Copyright (C) 1995-2000 by Network Associates, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE +FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + ----------------------------------------------------------------------------- + +Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all +copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET +DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. + +The development of Dynamically Loadable Zones (DLZ) for Bind 9 was +conceived and contributed by Rob Butler. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all +copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER +DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. + + ----------------------------------------------------------------------------- + +Copyright (c) 1987, 1990, 1993, 1994 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright (C) The Internet Society 2005. This version of +this module is part of RFC 4178; see the RFC itself for +full legal notices. + +(The above copyright notice is per RFC 3978 5.6 (a), q.v.) + + ----------------------------------------------------------------------------- + +Copyright (c) 2004 Masarykova universita +(Masaryk University, Brno, Czech Republic) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the University nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright (c) 1998 Doug Rabson +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright ((c)) 2002, Rice University +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of Rice University (RICE) nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + +This software is provided by RICE and the contributors on an "as is" +basis, without any representations or warranties of any kind, express +or implied including, but not limited to, representations or +warranties of non-infringement, merchantability or fitness for a +particular purpose. In no event shall RICE or contributors be liable +for any direct, indirect, incidental, special, exemplary, or +consequential damages (including, but not limited to, procurement of +substitute goods or services; loss of use, data, or profits; or +business interruption) however caused and on any theory of liability, +whether in contract, strict liability, or tort (including negligence +or otherwise) arising in any way out of the use of this software, even +if advised of the possibility of such damage. + + ----------------------------------------------------------------------------- + +Copyright (c) 1993 by Digital Equipment Corporation. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies, and that +the name of Digital Equipment Corporation not be used in advertising or +publicity pertaining to distribution of the document or software without +specific, written prior permission. + +THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL +WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT +CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +SOFTWARE. + + ----------------------------------------------------------------------------- + +Copyright 2000 Aaron D. Gifford. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the copyright holder nor the names of contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright (c) 1998 Doug Rabson. +Copyright (c) 2001 Jake Burkholder. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the project nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + ----------------------------------------------------------------------------- + +Copyright (c) 1999-2000 by Nortel Networks Corporation + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS +BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES +OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +SOFTWARE. + + ----------------------------------------------------------------------------- + +Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved. + +By using this file, you agree to the terms and conditions set forth bellow. + + LICENSE TERMS AND CONDITIONS + +The following License Terms and Conditions apply, unless a different +license is obtained from Japan Network Information Center ("JPNIC"), +a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda, +Chiyoda-ku, Tokyo 101-0047, Japan. + +1. Use, Modification and Redistribution (including distribution of any + modified or derived work) in source and/or binary forms is permitted + under this License Terms and Conditions. + +2. Redistribution of source code must retain the copyright notices as they + appear in each source code file, this License Terms and Conditions. + +3. Redistribution in binary form must reproduce the Copyright Notice, + this License Terms and Conditions, in the documentation and/or other + materials provided with the distribution. For the purposes of binary + distribution the "Copyright Notice" refers to the following language: + "Copyright (c) 2000-2002 Japan Network Information Center. All rights + reserved." + +4. The name of JPNIC may not be used to endorse or promote products + derived from this Software without specific prior written approval of + JPNIC. + +5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + + ----------------------------------------------------------------------------- + +Copyright (C) 2004 Nominet, Ltd. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. + + ----------------------------------------------------------------------------- + +Portions Copyright RSA Security Inc. + +License to copy and use this software is granted provided that it is +identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface +(Cryptoki)" in all material mentioning or referencing this software. + +License is also granted to make and use derivative works provided that +such works are identified as "derived from the RSA Security Inc. PKCS #11 +Cryptographic Token Interface (Cryptoki)" in all material mentioning or +referencing the derived work. + +RSA Security Inc. makes no representations concerning either the +merchantability of this software or the suitability of this software for +any particular purpose. It is provided "as is" without express or implied +warranty of any kind. + + ----------------------------------------------------------------------------- + +Copyright (c) 1996, David Mazieres +Copyright (c) 2008, Damien Miller + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +----------------------------------------------------------------------------- + +Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + +4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + licensing@OpenSSL.org. + +5. Products derived from this software may not be called "OpenSSL" + nor may "OpenSSL" appear in their names without prior written + permission of the OpenSSL Project. + +6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + +THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + Modified: stable/7/contrib/bind9/README ============================================================================== --- stable/7/contrib/bind9/README Tue Aug 2 09:06:04 2011 (r224600) +++ stable/7/contrib/bind9/README Tue Aug 2 09:42:58 2011 (r224601) @@ -42,15 +42,19 @@ BIND 9 Stichting NLnet - NLnet Foundation Nominum, Inc. +BIND 9.4-ESV-R5 (Extended Support Version) + + BIND 9.4-ESV-R5 is expected to be the last release in the 9.4 + series. + BIND 9.4-ESV (Extended Support Version) BIND 9.4-ESV is the Extended Support Version of BIND 9.4 and incorporates the final maintenance release fixing bugs in BIND 9.4.3. - BIND 9.4-ESV will be supported until December 31, 2010, at - which time you will need to upgrade to the current release - of BIND. + BIND 9.4-ESV will be supported until May 31, 2011, at which + time you will need to upgrade to the current release of BIND. BIND 9.4.3 Copied: stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.html (from r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.html) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.html Tue Aug 2 09:42:58 2011 (r224601, copy of r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.html) @@ -0,0 +1,203 @@ + + + + + + +

+ +

Introduction

+ +

+ BIND 9.4-ESV-R5 is the current production release + of BIND 9.4. +

+

+ This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5. + Please see the CHANGES file in the source code release for a + complete list of all changes. +

+
+ +

Download

+ +

+ The latest release of BIND 9 software can always be found + on our web site at + http://www.isc.org/downloads/all. + There you will find additional information about each release, + source code, and some pre-compiled versions for certain operating + systems. +

+
+ +

Support

+ +

Product support information is available on + http://www.isc.org/services/support + for paid support options. Free support is provided by our user + community via a mailing list. Information on all public email + lists is available at + https://lists.isc.org/mailman/listinfo. +

+
+ +

New Features

+ +

9.4-ESV-R5

+ +

None.

+
+
+ +

Feature Changes

+ +

9.4-ESV-R5

+ +

None.

+
+
+ +

Security Fixes

+ +

9.4-ESV-R5

+ +
  • +A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows +for a TCP DoS attack. Until there is a kernel fix, ISC is disabling +SO_ACCEPTFILTER support in BIND. [RT #22589] +
  • +named, set up to be a caching resolver, is vulnerable to a +user querying a domain with very large resource record sets (RRSets) +when trying to negatively cache the response. Due to an off-by-one +error, caching the response could cause named to crash. [RT #24650] +[CVE-2011-1910] +
  • +Change #2912 (see CHANGES) exposed a latent bug in the DNS message +processing code that could allow certain UPDATE requests to crash +named. This was fixed by disambiguating internal database representation +vs DNS wire format data. [RT #24777] [CVE-2011-2464] +
+
+
+ +

Bug Fixes

+ +

9.4-ESV-R5

+ +
  • +During RFC5011 processing some journal write errors were not detected. +This could lead to managed-keys changes being committed but not +recorded in the journal files, causing potential inconsistencies +during later processing. [RT #20256] +

    +A potential NULL pointer deference in the DNS64 code could cause +named to terminate unexpectedly. [RT #20256] +

    +

    +A state variable relating to DNSSEC could fail to be set during +some infrequently-executed code paths, allowing it to be used whilst +in an unitialized state during cache updates, with unpredictable results. +[RT #20256] +

    +

    +A potential NULL pointer deference in DNSSEC signing code could +cause named to terminate unexpectedly [RT #20256] +

    +

    +Several cosmetic code changes were made to silence warnings +generated by a static code analysis tool. [RT #20256] +

    +
  • +Cause named to terminate at startup or rndc reconfig +reload to fail, if a log file specified in the +conf file isn't a plain file. (RT #22771] +
  • +Prior to this fix, when named was was writing a zone to disk (as slave, +when resigning, etc.), it might not correctly preserve the case of domain +name labels within RDATA, if the RDATA was not compressible. The result +is that when reloading the zone from disk would, named could serve data +that did not match the RRSIG for that data, due to case mismatch. named +now correctly preserves case. After upgrading to fixed code, the operator +should either resign the data (on the master) or delete the disk file +on the slave and reload the zone. [RT #22863] +
  • +Fix the zonechecks system test to fail on error (warning in 9.6, +fatal in 9.7) to match behaviour for 9.4. [RT #22905] +
  • +There was a bug in how the clients-per-query code worked with some +query patterns. This could result, in rare circumstances, in having all +the client query slots filled with queries for the same DNS label, +essentially ignoring the max-clients-per-query setting. +[RT #22972] +
  • +If a slave initiates a TSIG signed AXFR from the master and the master +fails to correctly TSIG sign the final message, the slave would be left +with the zone in an unclean state. named detected this error too late +and named would crash with an INSIST. The order dependancy has been +fixed. [RT #23254] +
  • +Fixed precedence order bug with NS and DNAME records if both are present. +(Also fixed timing of autosign test in 9.7+) [RT #23035] +
  • +Changing TTL did not cause dnssec-signzone to generate new signatures. +[RT #23330] +
  • +If named encountered a CNAME instead of a DS record when walking +the chain of trust down from the trust anchor, it incorrectly stopped +validating. [RT #23338] +
  • +RRSIG records could have time stamps too far in the future. +[RT #23356] +
  • +If running on a powerpc CPU and with atomic operations enabled, +named could lock up. Added sync instructions to the end of atomic +operations. [RT #23469] +
  • +ixfr-from-differences {master|slave}; +failed to select the master/slave zones, resulting in on diff/journal +file being created. +[RT #23580] +
  • +Remove bin/tests/system/logfileconfig/ns1/named.conf and +add setup.sh in order to resolve changing named.conf issue. [RT #23687] +
  • +The autosign tests attempted to open ports within reserved ranges. Test +now avoids those ports. +[RT #23957] +
  • +Named could fail to validate zones list in a DLV that validated insecure +without using DLV and had DS records in the parent zone. [RT #24631] +
  • +A bug in FreeBSD kernels causes IPv6 UDP responses greater than +1280 bytes to not fragment as they should. Until there is a kernel +fix, named will work around this by setting IPV6_USE_MIN_MTU on a +per packet basis. [RT #24950] +
+
+
+ +

Thank You

+ +

+ Thank you to everyone who assisted us in making this release possible. + If you would like to contribute to ISC to assist us in continuing to make + quality open source software, please visit our donations page at + http://www.isc.org/supportisc. +

+
+
Copied: stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.pdf (from r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.pdf) ============================================================================== Binary file (source and/or target). No diff available. Copied: stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.txt (from r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.txt) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/7/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.txt Tue Aug 2 09:42:58 2011 (r224601, copy of r224594, vendor/bind9/dist-9.4/RELEASE-NOTES-BIND-9.4-ESV.txt) @@ -0,0 +1,129 @@ + __________________________________________________________________ + +Introduction + + BIND 9.4-ESV-R5 is the current production release of BIND 9.4. + + This document summarizes changes from BIND 9.4-ESV-R4 to BIND + 9.4-ESV-R5. Please see the CHANGES file in the source code release for + a complete list of all changes. + +Download + + The latest release of BIND 9 software can always be found on our web + site at http://www.isc.org/downloads/all. There you will find + additional information about each release, source code, and some + pre-compiled versions for certain operating systems. + +Support + + Product support information is available on + http://www.isc.org/services/support for paid support options. Free + support is provided by our user community via a mailing list. + Information on all public email lists is available at + https://lists.isc.org/mailman/listinfo. + +New Features + +9.4-ESV-R5 + + None. + +Feature Changes + +9.4-ESV-R5 + + None. + +Security Fixes + +9.4-ESV-R5 + + * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled + allows for a TCP DoS attack. Until there is a kernel fix, ISC is + disabling SO_ACCEPTFILTER support in BIND. [RT #22589] + * named, set up to be a caching resolver, is vulnerable to a user + querying a domain with very large resource record sets (RRSets) + when trying to negatively cache the response. Due to an off-by-one + error, caching the response could cause named to crash. [RT #24650] + [CVE-2011-1910] + * Change #2912 (see CHANGES) exposed a latent bug in the DNS message + processing code that could allow certain UPDATE requests to crash + named. This was fixed by disambiguating internal database + representation vs DNS wire format data. [RT #24777] [CVE-2011-2464] + +Bug Fixes + +9.4-ESV-R5 + + * During RFC5011 processing some journal write errors were not + detected. This could lead to managed-keys changes being committed + but not recorded in the journal files, causing potential + inconsistencies during later processing. [RT #20256] + A potential NULL pointer deference in the DNS64 code could cause + named to terminate unexpectedly. [RT #20256] + A state variable relating to DNSSEC could fail to be set during + some infrequently-executed code paths, allowing it to be used + whilst in an unitialized state during cache updates, with + unpredictable results. [RT #20256] + A potential NULL pointer deference in DNSSEC signing code could + cause named to terminate unexpectedly [RT #20256] + Several cosmetic code changes were made to silence warnings + generated by a static code analysis tool. [RT #20256] + * Cause named to terminate at startup or rndc reconfig reload to + fail, if a log file specified in the conf file isn't a plain file. + (RT #22771] + * Prior to this fix, when named was was writing a zone to disk (as + slave, when resigning, etc.), it might not correctly preserve the + case of domain name labels within RDATA, if the RDATA was not + compressible. The result is that when reloading the zone from disk + would, named could serve data that did not match the RRSIG for that + data, due to case mismatch. named now correctly preserves case. + After upgrading to fixed code, the operator should either resign + the data (on the master) or delete the disk file on the slave and + reload the zone. [RT #22863] + * Fix the zonechecks system test to fail on error (warning in 9.6, + fatal in 9.7) to match behaviour for 9.4. [RT #22905] + * There was a bug in how the clients-per-query code worked with some + query patterns. This could result, in rare circumstances, in having + all the client query slots filled with queries for the same DNS + label, essentially ignoring the max-clients-per-query setting. [RT + #22972] + * If a slave initiates a TSIG signed AXFR from the master and the + master fails to correctly TSIG sign the final message, the slave + would be left with the zone in an unclean state. named detected + this error too late and named would crash with an INSIST. The order + dependancy has been fixed. [RT #23254] + * Fixed precedence order bug with NS and DNAME records if both are + present. (Also fixed timing of autosign test in 9.7+) [RT #23035] + * Changing TTL did not cause dnssec-signzone to generate new + signatures. [RT #23330] + * If named encountered a CNAME instead of a DS record when walking + the chain of trust down from the trust anchor, it incorrectly + stopped validating. [RT #23338] + * RRSIG records could have time stamps too far in the future. [RT + #23356] + * If running on a powerpc CPU and with atomic operations enabled, + named could lock up. Added sync instructions to the end of atomic + operations. [RT #23469] + * ixfr-from-differences {master|slave}; failed to select the + master/slave zones, resulting in on diff/journal file being + created. [RT #23580] + * Remove bin/tests/system/logfileconfig/ns1/named.conf and add + setup.sh in order to resolve changing named.conf issue. [RT #23687] + * The autosign tests attempted to open ports within reserved ranges. + Test now avoids those ports. [RT #23957] + * Named could fail to validate zones list in a DLV that validated + insecure without using DLV and had DS records in the parent zone. + [RT #24631] + * A bug in FreeBSD kernels causes IPv6 UDP responses greater than + 1280 bytes to not fragment as they should. Until there is a kernel + fix, named will work around this by setting IPV6_USE_MIN_MTU on a + per packet basis. [RT #24950] + +Thank You + + Thank you to everyone who assisted us in making this release possible. + If you would like to contribute to ISC to assist us in continuing to + make quality open source software, please visit our donations page at + http://www.isc.org/supportisc. Modified: stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.c ============================================================================== --- stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.c Tue Aug 2 09:06:04 2011 (r224600) +++ stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.c Tue Aug 2 09:42:58 2011 (r224601) @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.177.18.29 2009-07-21 06:44:32 tbox Exp $ */ +/* $Id: dnssec-signzone.c,v 1.177.18.31 2011-02-27 23:45:14 tbox Exp $ */ /*! \file */ @@ -435,32 +435,32 @@ signset(dns_diff_t *del, dns_diff_t *add if (!expired) keep = ISC_TRUE; } else if (issigningkey(key)) { - if (!expired && setverifies(name, set, key, &sigrdata)) - { + if (!expired && rrsig.originalttl == set->ttl && + setverifies(name, set, key, &sigrdata)) { vbprintf(2, "\trrsig by %s retained\n", sigstr); keep = ISC_TRUE; wassignedby[key->position] = ISC_TRUE; nowsignedby[key->position] = ISC_TRUE; } else { vbprintf(2, "\trrsig by %s dropped - %s\n", - sigstr, - expired ? "expired" : - "failed to verify"); + sigstr, expired ? "expired" : + rrsig.originalttl != set->ttl ? *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***