From owner-svn-src-stable@FreeBSD.ORG Mon Feb 11 09:42:35 2013 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5D6A44BE; Mon, 11 Feb 2013 09:42:35 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 3D2A9170C; Mon, 11 Feb 2013 09:42:35 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1B9gZUi038997; Mon, 11 Feb 2013 09:42:35 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1B9gZsp038995; Mon, 11 Feb 2013 09:42:35 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201302110942.r1B9gZsp038995@svn.freebsd.org> From: Xin LI Date: Mon, 11 Feb 2013 09:42:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r246656 - in stable/8: contrib/bind9 contrib/bind9/bin contrib/bind9/bin/check contrib/bind9/bin/confgen contrib/bind9/bin/dig contrib/bind9/bin/dig/include/dig contrib/bind9/bin/dnssec... X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Feb 2013 09:42:35 -0000 Author: delphij Date: Mon Feb 11 09:42:34 2013 New Revision: 246656 URL: http://svnweb.freebsd.org/changeset/base/246656 Log: Sync BIND 9 version with 9-STABLE, to 9.8.4-P1. Added: stable/8/contrib/bind9/HISTORY - copied unchanged from r246649, head/contrib/bind9/HISTORY stable/8/contrib/bind9/bin/confgen/ - copied from r246649, head/contrib/bind9/bin/confgen/ stable/8/contrib/bind9/bin/dnssec/dnssec-revoke.8 - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-revoke.8 stable/8/contrib/bind9/bin/dnssec/dnssec-revoke.c - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-revoke.c stable/8/contrib/bind9/bin/dnssec/dnssec-revoke.docbook - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-revoke.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-revoke.html - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-revoke.html stable/8/contrib/bind9/bin/dnssec/dnssec-settime.8 - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-settime.8 stable/8/contrib/bind9/bin/dnssec/dnssec-settime.c - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-settime.c stable/8/contrib/bind9/bin/dnssec/dnssec-settime.docbook - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-settime.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-settime.html - copied unchanged from r246649, head/contrib/bind9/bin/dnssec/dnssec-settime.html stable/8/contrib/bind9/bin/named/bind.keys.h - copied unchanged from r246649, head/contrib/bind9/bin/named/bind.keys.h stable/8/contrib/bind9/bin/named/include/dlz/ - copied from r246649, head/contrib/bind9/bin/named/include/dlz/ stable/8/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c - copied unchanged from r246649, head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c stable/8/contrib/bind9/bin/tools/ - copied from r246649, head/contrib/bind9/bin/tools/ stable/8/contrib/bind9/doc/arm/dnssec.xml - copied unchanged from r246649, head/contrib/bind9/doc/arm/dnssec.xml stable/8/contrib/bind9/doc/arm/libdns.xml - copied unchanged from r246649, head/contrib/bind9/doc/arm/libdns.xml stable/8/contrib/bind9/doc/arm/man.arpaname.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.arpaname.html stable/8/contrib/bind9/doc/arm/man.ddns-confgen.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.ddns-confgen.html stable/8/contrib/bind9/doc/arm/man.dnssec-revoke.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.dnssec-revoke.html stable/8/contrib/bind9/doc/arm/man.dnssec-settime.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.dnssec-settime.html stable/8/contrib/bind9/doc/arm/man.genrandom.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.genrandom.html stable/8/contrib/bind9/doc/arm/man.isc-hmac-fixup.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.isc-hmac-fixup.html stable/8/contrib/bind9/doc/arm/man.named-journalprint.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.named-journalprint.html stable/8/contrib/bind9/doc/arm/man.nsec3hash.html - copied unchanged from r246649, head/contrib/bind9/doc/arm/man.nsec3hash.html stable/8/contrib/bind9/doc/arm/managed-keys.xml - copied unchanged from r246649, head/contrib/bind9/doc/arm/managed-keys.xml stable/8/contrib/bind9/doc/arm/pkcs11.xml - copied unchanged from r246649, head/contrib/bind9/doc/arm/pkcs11.xml stable/8/contrib/bind9/lib/dns/client.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/client.c stable/8/contrib/bind9/lib/dns/dns64.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/dns64.c stable/8/contrib/bind9/lib/dns/ecdb.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/ecdb.c stable/8/contrib/bind9/lib/dns/include/dns/client.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/client.h stable/8/contrib/bind9/lib/dns/include/dns/dlz_dlopen.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/dlz_dlopen.h stable/8/contrib/bind9/lib/dns/include/dns/dns64.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/dns64.h stable/8/contrib/bind9/lib/dns/include/dns/ecdb.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/ecdb.h stable/8/contrib/bind9/lib/dns/include/dns/keydata.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/keydata.h stable/8/contrib/bind9/lib/dns/include/dns/private.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/private.h stable/8/contrib/bind9/lib/dns/include/dns/rpz.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/rpz.h stable/8/contrib/bind9/lib/dns/include/dns/rriterator.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/rriterator.h stable/8/contrib/bind9/lib/dns/include/dns/tsec.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/include/dns/tsec.h stable/8/contrib/bind9/lib/dns/keydata.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/keydata.c stable/8/contrib/bind9/lib/dns/opensslecdsa_link.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/opensslecdsa_link.c stable/8/contrib/bind9/lib/dns/opensslgost_link.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/opensslgost_link.c stable/8/contrib/bind9/lib/dns/private.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/private.c stable/8/contrib/bind9/lib/dns/rdata/generic/hip_55.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/rdata/generic/hip_55.c stable/8/contrib/bind9/lib/dns/rdata/generic/hip_55.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/rdata/generic/hip_55.h stable/8/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c stable/8/contrib/bind9/lib/dns/rdata/generic/keydata_65533.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.h stable/8/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c - copied, changed from r196045, stable/8/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c stable/8/contrib/bind9/lib/dns/rdata/in_1/naptr_35.h - copied, changed from r196045, stable/8/contrib/bind9/lib/dns/rdata/in_1/naptr_35.h stable/8/contrib/bind9/lib/dns/rpz.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/rpz.c stable/8/contrib/bind9/lib/dns/rriterator.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/rriterator.c stable/8/contrib/bind9/lib/dns/ssu_external.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/ssu_external.c stable/8/contrib/bind9/lib/dns/tsec.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/tsec.c stable/8/contrib/bind9/lib/export/ - copied from r246649, head/contrib/bind9/lib/export/ stable/8/contrib/bind9/lib/irs/ - copied from r246649, head/contrib/bind9/lib/irs/ stable/8/contrib/bind9/lib/isc/app_api.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/app_api.c stable/8/contrib/bind9/lib/isc/backtrace-emptytbl.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/backtrace-emptytbl.c stable/8/contrib/bind9/lib/isc/backtrace.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/backtrace.c stable/8/contrib/bind9/lib/isc/include/isc/backtrace.h - copied unchanged from r246649, head/contrib/bind9/lib/isc/include/isc/backtrace.h stable/8/contrib/bind9/lib/isc/include/isc/bind9.h - copied unchanged from r246649, head/contrib/bind9/lib/isc/include/isc/bind9.h stable/8/contrib/bind9/lib/isc/include/isc/namespace.h - copied unchanged from r246649, head/contrib/bind9/lib/isc/include/isc/namespace.h stable/8/contrib/bind9/lib/isc/mem_api.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/mem_api.c stable/8/contrib/bind9/lib/isc/socket_api.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/socket_api.c stable/8/contrib/bind9/lib/isc/task_api.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/task_api.c stable/8/contrib/bind9/lib/isc/timer_api.c - copied unchanged from r246649, head/contrib/bind9/lib/isc/timer_api.c stable/8/contrib/bind9/lib/isccfg/dnsconf.c - copied unchanged from r246649, head/contrib/bind9/lib/isccfg/dnsconf.c stable/8/contrib/bind9/lib/isccfg/include/isccfg/dnsconf.h - copied unchanged from r246649, head/contrib/bind9/lib/isccfg/include/isccfg/dnsconf.h stable/8/lib/bind/isc/backtrace-emptytbl.c - copied unchanged from r246649, head/lib/bind/isc/backtrace-emptytbl.c - copied from r224093, head/usr.sbin/arpaname/ - copied from r224093, head/usr.sbin/ddns-confgen/ - copied from r224093, head/usr.sbin/dnssec-revoke/ - copied from r224093, head/usr.sbin/dnssec-settime/ - copied from r224093, head/usr.sbin/genrandom/ - copied from r224093, head/usr.sbin/isc-hmac-fixup/ - copied from r224093, head/usr.sbin/named-journalprint/ - copied from r224093, head/usr.sbin/nsec3hash/ Directory Properties: stable/8/usr.sbin/arpaname/ (props changed) stable/8/usr.sbin/ddns-confgen/ (props changed) stable/8/usr.sbin/dnssec-revoke/ (props changed) stable/8/usr.sbin/dnssec-settime/ (props changed) stable/8/usr.sbin/genrandom/ (props changed) stable/8/usr.sbin/isc-hmac-fixup/ (props changed) stable/8/usr.sbin/named-journalprint/ (props changed) stable/8/usr.sbin/nsec3hash/ (props changed) Replaced: stable/8/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c - copied unchanged from r246649, head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c stable/8/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h - copied unchanged from r246649, head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h Deleted: stable/8/contrib/bind9/KNOWN-DEFECTS stable/8/contrib/bind9/NSEC3-NOTES stable/8/contrib/bind9/README.idnkit stable/8/contrib/bind9/README.pkcs11 stable/8/contrib/bind9/bin/rndc/rndc-confgen.8 stable/8/contrib/bind9/bin/rndc/rndc-confgen.c stable/8/contrib/bind9/bin/rndc/rndc-confgen.docbook stable/8/contrib/bind9/bin/rndc/rndc-confgen.html stable/8/contrib/bind9/bin/rndc/unix/ stable/8/contrib/bind9/lib/dns/rdata/generic/naptr_35.c stable/8/contrib/bind9/lib/dns/rdata/generic/naptr_35.h Modified: stable/8/contrib/bind9/CHANGES stable/8/contrib/bind9/COPYRIGHT stable/8/contrib/bind9/FAQ.xml stable/8/contrib/bind9/Makefile.in stable/8/contrib/bind9/README stable/8/contrib/bind9/acconfig.h stable/8/contrib/bind9/bin/Makefile.in stable/8/contrib/bind9/bin/check/Makefile.in stable/8/contrib/bind9/bin/check/check-tool.c stable/8/contrib/bind9/bin/check/check-tool.h stable/8/contrib/bind9/bin/check/named-checkconf.8 stable/8/contrib/bind9/bin/check/named-checkconf.c stable/8/contrib/bind9/bin/check/named-checkconf.docbook stable/8/contrib/bind9/bin/check/named-checkconf.html stable/8/contrib/bind9/bin/check/named-checkzone.8 stable/8/contrib/bind9/bin/check/named-checkzone.c stable/8/contrib/bind9/bin/check/named-checkzone.docbook stable/8/contrib/bind9/bin/check/named-checkzone.html stable/8/contrib/bind9/bin/dig/Makefile.in stable/8/contrib/bind9/bin/dig/dig.1 stable/8/contrib/bind9/bin/dig/dig.c stable/8/contrib/bind9/bin/dig/dig.docbook stable/8/contrib/bind9/bin/dig/dig.html stable/8/contrib/bind9/bin/dig/dighost.c stable/8/contrib/bind9/bin/dig/host.1 stable/8/contrib/bind9/bin/dig/host.c stable/8/contrib/bind9/bin/dig/host.docbook stable/8/contrib/bind9/bin/dig/host.html stable/8/contrib/bind9/bin/dig/include/dig/dig.h stable/8/contrib/bind9/bin/dig/nslookup.1 stable/8/contrib/bind9/bin/dig/nslookup.c stable/8/contrib/bind9/bin/dig/nslookup.docbook stable/8/contrib/bind9/bin/dig/nslookup.html stable/8/contrib/bind9/bin/dnssec/Makefile.in stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8 stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8 stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.8 stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.c stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.html stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.8 stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.c stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html stable/8/contrib/bind9/bin/dnssec/dnssectool.c stable/8/contrib/bind9/bin/dnssec/dnssectool.h stable/8/contrib/bind9/bin/named/Makefile.in stable/8/contrib/bind9/bin/named/bind9.xsl stable/8/contrib/bind9/bin/named/bind9.xsl.h stable/8/contrib/bind9/bin/named/builtin.c stable/8/contrib/bind9/bin/named/client.c stable/8/contrib/bind9/bin/named/config.c stable/8/contrib/bind9/bin/named/control.c stable/8/contrib/bind9/bin/named/controlconf.c stable/8/contrib/bind9/bin/named/include/named/client.h stable/8/contrib/bind9/bin/named/include/named/config.h stable/8/contrib/bind9/bin/named/include/named/control.h stable/8/contrib/bind9/bin/named/include/named/globals.h stable/8/contrib/bind9/bin/named/include/named/log.h stable/8/contrib/bind9/bin/named/include/named/lwdclient.h stable/8/contrib/bind9/bin/named/include/named/main.h stable/8/contrib/bind9/bin/named/include/named/notify.h stable/8/contrib/bind9/bin/named/include/named/query.h stable/8/contrib/bind9/bin/named/include/named/server.h stable/8/contrib/bind9/bin/named/include/named/tsigconf.h stable/8/contrib/bind9/bin/named/include/named/types.h stable/8/contrib/bind9/bin/named/include/named/zoneconf.h stable/8/contrib/bind9/bin/named/interfacemgr.c stable/8/contrib/bind9/bin/named/log.c stable/8/contrib/bind9/bin/named/logconf.c stable/8/contrib/bind9/bin/named/lwdgabn.c stable/8/contrib/bind9/bin/named/lwdgrbn.c stable/8/contrib/bind9/bin/named/lwresd.8 stable/8/contrib/bind9/bin/named/lwresd.c stable/8/contrib/bind9/bin/named/lwresd.docbook stable/8/contrib/bind9/bin/named/lwresd.html stable/8/contrib/bind9/bin/named/main.c stable/8/contrib/bind9/bin/named/named.8 stable/8/contrib/bind9/bin/named/named.conf.5 stable/8/contrib/bind9/bin/named/named.conf.docbook stable/8/contrib/bind9/bin/named/named.conf.html stable/8/contrib/bind9/bin/named/named.docbook stable/8/contrib/bind9/bin/named/named.html stable/8/contrib/bind9/bin/named/query.c stable/8/contrib/bind9/bin/named/server.c stable/8/contrib/bind9/bin/named/statschannel.c stable/8/contrib/bind9/bin/named/tkeyconf.c stable/8/contrib/bind9/bin/named/tsigconf.c stable/8/contrib/bind9/bin/named/unix/Makefile.in stable/8/contrib/bind9/bin/named/unix/include/named/os.h stable/8/contrib/bind9/bin/named/unix/os.c stable/8/contrib/bind9/bin/named/update.c stable/8/contrib/bind9/bin/named/xfrout.c stable/8/contrib/bind9/bin/named/zoneconf.c stable/8/contrib/bind9/bin/nsupdate/Makefile.in stable/8/contrib/bind9/bin/nsupdate/nsupdate.1 stable/8/contrib/bind9/bin/nsupdate/nsupdate.c stable/8/contrib/bind9/bin/nsupdate/nsupdate.docbook stable/8/contrib/bind9/bin/nsupdate/nsupdate.html stable/8/contrib/bind9/bin/rndc/Makefile.in stable/8/contrib/bind9/bin/rndc/include/rndc/os.h stable/8/contrib/bind9/bin/rndc/rndc.c stable/8/contrib/bind9/bin/rndc/rndc.conf.html stable/8/contrib/bind9/bin/rndc/rndc.html stable/8/contrib/bind9/bin/rndc/util.h stable/8/contrib/bind9/config.guess stable/8/contrib/bind9/config.h.in stable/8/contrib/bind9/configure.in stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml stable/8/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/8/contrib/bind9/doc/arm/Bv9ARM.html stable/8/contrib/bind9/doc/arm/Bv9ARM.pdf stable/8/contrib/bind9/doc/arm/Makefile.in stable/8/contrib/bind9/doc/arm/man.dig.html stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/8/contrib/bind9/doc/arm/man.host.html stable/8/contrib/bind9/doc/arm/man.named-checkconf.html stable/8/contrib/bind9/doc/arm/man.named-checkzone.html stable/8/contrib/bind9/doc/arm/man.named.html stable/8/contrib/bind9/doc/arm/man.nsupdate.html stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html stable/8/contrib/bind9/doc/arm/man.rndc.conf.html stable/8/contrib/bind9/doc/arm/man.rndc.html stable/8/contrib/bind9/doc/misc/Makefile.in stable/8/contrib/bind9/doc/misc/options stable/8/contrib/bind9/lib/bind9/Makefile.in stable/8/contrib/bind9/lib/bind9/api stable/8/contrib/bind9/lib/bind9/check.c stable/8/contrib/bind9/lib/bind9/include/bind9/getaddresses.h stable/8/contrib/bind9/lib/dns/Makefile.in stable/8/contrib/bind9/lib/dns/acl.c stable/8/contrib/bind9/lib/dns/adb.c stable/8/contrib/bind9/lib/dns/api stable/8/contrib/bind9/lib/dns/byaddr.c stable/8/contrib/bind9/lib/dns/cache.c stable/8/contrib/bind9/lib/dns/db.c stable/8/contrib/bind9/lib/dns/diff.c stable/8/contrib/bind9/lib/dns/dispatch.c stable/8/contrib/bind9/lib/dns/dlz.c stable/8/contrib/bind9/lib/dns/dnssec.c stable/8/contrib/bind9/lib/dns/ds.c stable/8/contrib/bind9/lib/dns/dst_api.c stable/8/contrib/bind9/lib/dns/dst_internal.h stable/8/contrib/bind9/lib/dns/dst_openssl.h stable/8/contrib/bind9/lib/dns/dst_parse.c stable/8/contrib/bind9/lib/dns/dst_parse.h stable/8/contrib/bind9/lib/dns/forward.c stable/8/contrib/bind9/lib/dns/gen-unix.h stable/8/contrib/bind9/lib/dns/gen.c stable/8/contrib/bind9/lib/dns/gssapi_link.c stable/8/contrib/bind9/lib/dns/gssapictx.c stable/8/contrib/bind9/lib/dns/hmac_link.c stable/8/contrib/bind9/lib/dns/include/dns/Makefile.in stable/8/contrib/bind9/lib/dns/include/dns/acl.h stable/8/contrib/bind9/lib/dns/include/dns/adb.h stable/8/contrib/bind9/lib/dns/include/dns/cache.h stable/8/contrib/bind9/lib/dns/include/dns/compress.h stable/8/contrib/bind9/lib/dns/include/dns/db.h stable/8/contrib/bind9/lib/dns/include/dns/diff.h stable/8/contrib/bind9/lib/dns/include/dns/dlz.h stable/8/contrib/bind9/lib/dns/include/dns/dnssec.h stable/8/contrib/bind9/lib/dns/include/dns/ds.h stable/8/contrib/bind9/lib/dns/include/dns/events.h stable/8/contrib/bind9/lib/dns/include/dns/forward.h stable/8/contrib/bind9/lib/dns/include/dns/keytable.h stable/8/contrib/bind9/lib/dns/include/dns/keyvalues.h stable/8/contrib/bind9/lib/dns/include/dns/lib.h stable/8/contrib/bind9/lib/dns/include/dns/log.h stable/8/contrib/bind9/lib/dns/include/dns/lookup.h stable/8/contrib/bind9/lib/dns/include/dns/master.h stable/8/contrib/bind9/lib/dns/include/dns/message.h stable/8/contrib/bind9/lib/dns/include/dns/name.h stable/8/contrib/bind9/lib/dns/include/dns/ncache.h stable/8/contrib/bind9/lib/dns/include/dns/nsec3.h stable/8/contrib/bind9/lib/dns/include/dns/peer.h stable/8/contrib/bind9/lib/dns/include/dns/rbt.h stable/8/contrib/bind9/lib/dns/include/dns/rdata.h stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h stable/8/contrib/bind9/lib/dns/include/dns/request.h stable/8/contrib/bind9/lib/dns/include/dns/resolver.h stable/8/contrib/bind9/lib/dns/include/dns/result.h stable/8/contrib/bind9/lib/dns/include/dns/sdb.h stable/8/contrib/bind9/lib/dns/include/dns/sdlz.h stable/8/contrib/bind9/lib/dns/include/dns/secalg.h stable/8/contrib/bind9/lib/dns/include/dns/soa.h stable/8/contrib/bind9/lib/dns/include/dns/ssu.h stable/8/contrib/bind9/lib/dns/include/dns/tkey.h stable/8/contrib/bind9/lib/dns/include/dns/tsig.h stable/8/contrib/bind9/lib/dns/include/dns/types.h stable/8/contrib/bind9/lib/dns/include/dns/validator.h stable/8/contrib/bind9/lib/dns/include/dns/view.h stable/8/contrib/bind9/lib/dns/include/dns/xfrin.h stable/8/contrib/bind9/lib/dns/include/dns/zone.h stable/8/contrib/bind9/lib/dns/include/dst/dst.h stable/8/contrib/bind9/lib/dns/include/dst/gssapi.h stable/8/contrib/bind9/lib/dns/iptable.c stable/8/contrib/bind9/lib/dns/journal.c stable/8/contrib/bind9/lib/dns/key.c stable/8/contrib/bind9/lib/dns/keytable.c stable/8/contrib/bind9/lib/dns/lib.c stable/8/contrib/bind9/lib/dns/log.c stable/8/contrib/bind9/lib/dns/master.c stable/8/contrib/bind9/lib/dns/masterdump.c stable/8/contrib/bind9/lib/dns/message.c stable/8/contrib/bind9/lib/dns/name.c stable/8/contrib/bind9/lib/dns/ncache.c stable/8/contrib/bind9/lib/dns/nsec3.c stable/8/contrib/bind9/lib/dns/openssl_link.c stable/8/contrib/bind9/lib/dns/openssldh_link.c stable/8/contrib/bind9/lib/dns/openssldsa_link.c stable/8/contrib/bind9/lib/dns/opensslrsa_link.c stable/8/contrib/bind9/lib/dns/peer.c stable/8/contrib/bind9/lib/dns/rbt.c stable/8/contrib/bind9/lib/dns/rbtdb.c stable/8/contrib/bind9/lib/dns/rcode.c stable/8/contrib/bind9/lib/dns/rdata.c stable/8/contrib/bind9/lib/dns/rdata/any_255/tsig_250.c stable/8/contrib/bind9/lib/dns/rdata/ch_3/a_1.c stable/8/contrib/bind9/lib/dns/rdata/generic/afsdb_18.c stable/8/contrib/bind9/lib/dns/rdata/generic/cert_37.c stable/8/contrib/bind9/lib/dns/rdata/generic/cname_5.c stable/8/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c stable/8/contrib/bind9/lib/dns/rdata/generic/dname_39.c stable/8/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c stable/8/contrib/bind9/lib/dns/rdata/generic/ds_43.c stable/8/contrib/bind9/lib/dns/rdata/generic/gpos_27.c stable/8/contrib/bind9/lib/dns/rdata/generic/hinfo_13.c stable/8/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c stable/8/contrib/bind9/lib/dns/rdata/generic/isdn_20.c stable/8/contrib/bind9/lib/dns/rdata/generic/key_25.c stable/8/contrib/bind9/lib/dns/rdata/generic/loc_29.c stable/8/contrib/bind9/lib/dns/rdata/generic/mb_7.c stable/8/contrib/bind9/lib/dns/rdata/generic/md_3.c stable/8/contrib/bind9/lib/dns/rdata/generic/mf_4.c stable/8/contrib/bind9/lib/dns/rdata/generic/mg_8.c stable/8/contrib/bind9/lib/dns/rdata/generic/minfo_14.c stable/8/contrib/bind9/lib/dns/rdata/generic/mr_9.c stable/8/contrib/bind9/lib/dns/rdata/generic/mx_15.c stable/8/contrib/bind9/lib/dns/rdata/generic/ns_2.c stable/8/contrib/bind9/lib/dns/rdata/generic/nsec3_50.c stable/8/contrib/bind9/lib/dns/rdata/generic/nsec3param_51.c stable/8/contrib/bind9/lib/dns/rdata/generic/nsec_47.c stable/8/contrib/bind9/lib/dns/rdata/generic/null_10.c stable/8/contrib/bind9/lib/dns/rdata/generic/nxt_30.c stable/8/contrib/bind9/lib/dns/rdata/generic/opt_41.c stable/8/contrib/bind9/lib/dns/rdata/generic/proforma.c stable/8/contrib/bind9/lib/dns/rdata/generic/ptr_12.c stable/8/contrib/bind9/lib/dns/rdata/generic/rp_17.c stable/8/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c stable/8/contrib/bind9/lib/dns/rdata/generic/rt_21.c stable/8/contrib/bind9/lib/dns/rdata/generic/sig_24.c stable/8/contrib/bind9/lib/dns/rdata/generic/soa_6.c stable/8/contrib/bind9/lib/dns/rdata/generic/spf_99.c stable/8/contrib/bind9/lib/dns/rdata/generic/sshfp_44.c stable/8/contrib/bind9/lib/dns/rdata/generic/tkey_249.c stable/8/contrib/bind9/lib/dns/rdata/generic/txt_16.c stable/8/contrib/bind9/lib/dns/rdata/generic/unspec_103.c stable/8/contrib/bind9/lib/dns/rdata/generic/x25_19.c stable/8/contrib/bind9/lib/dns/rdata/hs_4/a_1.c stable/8/contrib/bind9/lib/dns/rdata/in_1/a6_38.c stable/8/contrib/bind9/lib/dns/rdata/in_1/a_1.c stable/8/contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c stable/8/contrib/bind9/lib/dns/rdata/in_1/apl_42.c stable/8/contrib/bind9/lib/dns/rdata/in_1/dhcid_49.c stable/8/contrib/bind9/lib/dns/rdata/in_1/kx_36.c stable/8/contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.c stable/8/contrib/bind9/lib/dns/rdata/in_1/nsap_22.c stable/8/contrib/bind9/lib/dns/rdata/in_1/px_26.c stable/8/contrib/bind9/lib/dns/rdata/in_1/srv_33.c stable/8/contrib/bind9/lib/dns/rdata/in_1/wks_11.c stable/8/contrib/bind9/lib/dns/rdataset.c stable/8/contrib/bind9/lib/dns/rdataslab.c stable/8/contrib/bind9/lib/dns/request.c stable/8/contrib/bind9/lib/dns/resolver.c stable/8/contrib/bind9/lib/dns/result.c stable/8/contrib/bind9/lib/dns/rootns.c stable/8/contrib/bind9/lib/dns/sdb.c stable/8/contrib/bind9/lib/dns/sdlz.c stable/8/contrib/bind9/lib/dns/soa.c stable/8/contrib/bind9/lib/dns/spnego.c stable/8/contrib/bind9/lib/dns/ssu.c stable/8/contrib/bind9/lib/dns/stats.c stable/8/contrib/bind9/lib/dns/tkey.c stable/8/contrib/bind9/lib/dns/tsig.c stable/8/contrib/bind9/lib/dns/validator.c stable/8/contrib/bind9/lib/dns/view.c stable/8/contrib/bind9/lib/dns/zone.c stable/8/contrib/bind9/lib/dns/zt.c stable/8/contrib/bind9/lib/isc/Makefile.in stable/8/contrib/bind9/lib/isc/alpha/include/isc/atomic.h stable/8/contrib/bind9/lib/isc/api stable/8/contrib/bind9/lib/isc/assertions.c stable/8/contrib/bind9/lib/isc/base32.c stable/8/contrib/bind9/lib/isc/base64.c stable/8/contrib/bind9/lib/isc/entropy.c stable/8/contrib/bind9/lib/isc/hash.c stable/8/contrib/bind9/lib/isc/hmacmd5.c stable/8/contrib/bind9/lib/isc/hmacsha.c stable/8/contrib/bind9/lib/isc/ia64/include/isc/atomic.h stable/8/contrib/bind9/lib/isc/include/isc/Makefile.in stable/8/contrib/bind9/lib/isc/include/isc/app.h stable/8/contrib/bind9/lib/isc/include/isc/assertions.h stable/8/contrib/bind9/lib/isc/include/isc/buffer.h stable/8/contrib/bind9/lib/isc/include/isc/entropy.h stable/8/contrib/bind9/lib/isc/include/isc/error.h stable/8/contrib/bind9/lib/isc/include/isc/file.h stable/8/contrib/bind9/lib/isc/include/isc/fsaccess.h stable/8/contrib/bind9/lib/isc/include/isc/hash.h stable/8/contrib/bind9/lib/isc/include/isc/heap.h stable/8/contrib/bind9/lib/isc/include/isc/hmacmd5.h stable/8/contrib/bind9/lib/isc/include/isc/hmacsha.h stable/8/contrib/bind9/lib/isc/include/isc/lib.h stable/8/contrib/bind9/lib/isc/include/isc/log.h stable/8/contrib/bind9/lib/isc/include/isc/md5.h stable/8/contrib/bind9/lib/isc/include/isc/mem.h stable/8/contrib/bind9/lib/isc/include/isc/msgs.h stable/8/contrib/bind9/lib/isc/include/isc/netaddr.h stable/8/contrib/bind9/lib/isc/include/isc/netscope.h stable/8/contrib/bind9/lib/isc/include/isc/platform.h.in stable/8/contrib/bind9/lib/isc/include/isc/portset.h stable/8/contrib/bind9/lib/isc/include/isc/radix.h stable/8/contrib/bind9/lib/isc/include/isc/random.h stable/8/contrib/bind9/lib/isc/include/isc/ratelimiter.h stable/8/contrib/bind9/lib/isc/include/isc/refcount.h stable/8/contrib/bind9/lib/isc/include/isc/result.h stable/8/contrib/bind9/lib/isc/include/isc/resultclass.h stable/8/contrib/bind9/lib/isc/include/isc/serial.h stable/8/contrib/bind9/lib/isc/include/isc/sha1.h stable/8/contrib/bind9/lib/isc/include/isc/sha2.h stable/8/contrib/bind9/lib/isc/include/isc/sockaddr.h stable/8/contrib/bind9/lib/isc/include/isc/socket.h stable/8/contrib/bind9/lib/isc/include/isc/task.h stable/8/contrib/bind9/lib/isc/include/isc/timer.h stable/8/contrib/bind9/lib/isc/include/isc/types.h stable/8/contrib/bind9/lib/isc/inet_aton.c stable/8/contrib/bind9/lib/isc/inet_ntop.c stable/8/contrib/bind9/lib/isc/iterated_hash.c stable/8/contrib/bind9/lib/isc/lib.c stable/8/contrib/bind9/lib/isc/md5.c stable/8/contrib/bind9/lib/isc/mem.c stable/8/contrib/bind9/lib/isc/netaddr.c stable/8/contrib/bind9/lib/isc/nls/Makefile.in stable/8/contrib/bind9/lib/isc/nothreads/Makefile.in stable/8/contrib/bind9/lib/isc/print.c stable/8/contrib/bind9/lib/isc/pthreads/Makefile.in stable/8/contrib/bind9/lib/isc/pthreads/mutex.c stable/8/contrib/bind9/lib/isc/random.c stable/8/contrib/bind9/lib/isc/sha1.c stable/8/contrib/bind9/lib/isc/sha2.c stable/8/contrib/bind9/lib/isc/sockaddr.c stable/8/contrib/bind9/lib/isc/task.c stable/8/contrib/bind9/lib/isc/task_p.h stable/8/contrib/bind9/lib/isc/timer.c stable/8/contrib/bind9/lib/isc/timer_p.h stable/8/contrib/bind9/lib/isc/unix/Makefile.in stable/8/contrib/bind9/lib/isc/unix/app.c stable/8/contrib/bind9/lib/isc/unix/dir.c stable/8/contrib/bind9/lib/isc/unix/entropy.c stable/8/contrib/bind9/lib/isc/unix/file.c stable/8/contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c stable/8/contrib/bind9/lib/isc/unix/ifiter_ioctl.c stable/8/contrib/bind9/lib/isc/unix/include/isc/net.h stable/8/contrib/bind9/lib/isc/unix/include/isc/offset.h stable/8/contrib/bind9/lib/isc/unix/include/isc/strerror.h stable/8/contrib/bind9/lib/isc/unix/include/isc/time.h stable/8/contrib/bind9/lib/isc/unix/interfaceiter.c stable/8/contrib/bind9/lib/isc/unix/net.c stable/8/contrib/bind9/lib/isc/unix/resource.c stable/8/contrib/bind9/lib/isc/unix/socket.c stable/8/contrib/bind9/lib/isc/unix/socket_p.h stable/8/contrib/bind9/lib/isc/unix/strerror.c stable/8/contrib/bind9/lib/isccc/Makefile.in stable/8/contrib/bind9/lib/isccc/api stable/8/contrib/bind9/lib/isccfg/Makefile.in stable/8/contrib/bind9/lib/isccfg/aclconf.c stable/8/contrib/bind9/lib/isccfg/api stable/8/contrib/bind9/lib/isccfg/include/isccfg/aclconf.h stable/8/contrib/bind9/lib/isccfg/include/isccfg/cfg.h stable/8/contrib/bind9/lib/isccfg/include/isccfg/grammar.h stable/8/contrib/bind9/lib/isccfg/include/isccfg/log.h stable/8/contrib/bind9/lib/isccfg/include/isccfg/namedconf.h stable/8/contrib/bind9/lib/isccfg/namedconf.c stable/8/contrib/bind9/lib/isccfg/parser.c stable/8/contrib/bind9/lib/lwres/api stable/8/contrib/bind9/lib/lwres/context.c stable/8/contrib/bind9/lib/lwres/context_p.h stable/8/contrib/bind9/lib/lwres/getaddrinfo.c stable/8/contrib/bind9/lib/lwres/getipnode.c stable/8/contrib/bind9/lib/lwres/include/lwres/context.h stable/8/contrib/bind9/lib/lwres/include/lwres/netdb.h.in stable/8/contrib/bind9/lib/lwres/man/lwres.html stable/8/contrib/bind9/lib/lwres/man/lwres_buffer.html stable/8/contrib/bind9/lib/lwres/man/lwres_config.3 stable/8/contrib/bind9/lib/lwres/man/lwres_config.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_config.html stable/8/contrib/bind9/lib/lwres/man/lwres_context.3 stable/8/contrib/bind9/lib/lwres/man/lwres_context.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_context.html stable/8/contrib/bind9/lib/lwres/man/lwres_gabn.3 stable/8/contrib/bind9/lib/lwres/man/lwres_gabn.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_gabn.html stable/8/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 stable/8/contrib/bind9/lib/lwres/man/lwres_gai_strerror.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html stable/8/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 stable/8/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html stable/8/contrib/bind9/lib/lwres/man/lwres_gethostent.3 stable/8/contrib/bind9/lib/lwres/man/lwres_gethostent.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_gethostent.html stable/8/contrib/bind9/lib/lwres/man/lwres_getipnode.3 stable/8/contrib/bind9/lib/lwres/man/lwres_getipnode.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_getipnode.html stable/8/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 stable/8/contrib/bind9/lib/lwres/man/lwres_getnameinfo.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html stable/8/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 stable/8/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html stable/8/contrib/bind9/lib/lwres/man/lwres_gnba.3 stable/8/contrib/bind9/lib/lwres/man/lwres_gnba.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_gnba.html stable/8/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 stable/8/contrib/bind9/lib/lwres/man/lwres_hstrerror.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_hstrerror.html stable/8/contrib/bind9/lib/lwres/man/lwres_inetntop.3 stable/8/contrib/bind9/lib/lwres/man/lwres_inetntop.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_inetntop.html stable/8/contrib/bind9/lib/lwres/man/lwres_noop.3 stable/8/contrib/bind9/lib/lwres/man/lwres_noop.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_noop.html stable/8/contrib/bind9/lib/lwres/man/lwres_packet.3 stable/8/contrib/bind9/lib/lwres/man/lwres_packet.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_packet.html stable/8/contrib/bind9/lib/lwres/man/lwres_resutil.3 stable/8/contrib/bind9/lib/lwres/man/lwres_resutil.docbook stable/8/contrib/bind9/lib/lwres/man/lwres_resutil.html stable/8/contrib/bind9/lib/lwres/strtoul.c stable/8/contrib/bind9/lib/lwres/unix/Makefile.in stable/8/contrib/bind9/lib/lwres/unix/include/Makefile.in stable/8/contrib/bind9/lib/lwres/unix/include/lwres/Makefile.in stable/8/contrib/bind9/lib/lwres/unix/include/lwres/net.h stable/8/contrib/bind9/lib/lwres/version.c stable/8/contrib/bind9/make/rules.in stable/8/contrib/bind9/version stable/8/lib/bind/Makefile stable/8/lib/bind/config.h stable/8/lib/bind/dns/Makefile stable/8/lib/bind/dns/code.h stable/8/lib/bind/dns/dns/enumtype.h stable/8/lib/bind/dns/dns/rdatastruct.h stable/8/lib/bind/isc/Makefile stable/8/lib/bind/isc/isc/platform.h stable/8/lib/bind/lwres/lwres/netdb.h stable/8/share/doc/bind9/Makefile stable/8/usr.bin/nsupdate/Makefile stable/8/usr.sbin/Makefile (contents, props changed) stable/8/usr.sbin/dnssec-signzone/Makefile stable/8/usr.sbin/named-checkconf/Makefile stable/8/usr.sbin/named/Makefile stable/8/usr.sbin/rndc-confgen/Makefile stable/8/usr.sbin/rndc/Makefile Directory Properties: stable/8/contrib/bind9/ (props changed) stable/8/lib/bind/ (props changed) stable/8/share/doc/bind9/ (props changed) stable/8/usr.bin/nsupdate/ (props changed) stable/8/usr.sbin/ (props changed) stable/8/usr.sbin/dnssec-signzone/ (props changed) stable/8/usr.sbin/named/ (props changed) stable/8/usr.sbin/named-checkconf/ (props changed) stable/8/usr.sbin/rndc/ (props changed) stable/8/usr.sbin/rndc-confgen/ (props changed) Modified: stable/8/contrib/bind9/CHANGES ============================================================================== --- stable/8/contrib/bind9/CHANGES Mon Feb 11 08:20:21 2013 (r246655) +++ stable/8/contrib/bind9/CHANGES Mon Feb 11 09:42:34 2013 (r246656) @@ -1,4 +1,9 @@ - --- 9.6-ESV-R8 released --- + --- 9.8.4-P1 released --- + +3407. [security] Named could die on specific queries with dns64 enabled. + [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] + + --- 9.8.4 released --- 3383. [security] A certain combination of records in the RBT could cause named to hang while populating the additional @@ -9,19 +14,26 @@ 3364. [security] Named could die on specially crafted record. [RT #30416] - --- 9.6-ESV-R8rc1 released --- + --- 9.8.4rc1 released --- 3369. [bug] nsupdate terminated unexpectedly in interactive mode if built with readline support. [RT #29550] 3368. [bug] and were not C++ safe. +3367. [bug] dns_dnsseckey_create() result was not being checked. + [RT #30685] + 3366. [bug] Fixed Read-After-Write dependency violation for IA64 atomic operations. [RT #25181] 3365. [bug] Removed spurious newlines from log messages in zone.c [RT #30675] +3363. [bug] Need to allow "forward" and "fowarders" options + in static-stub zones; this had been overlooked. + [RT #30482] + 3362. [bug] Setting some option values to 0 in named.conf could trigger an assertion failure on startup. [RT #27730] @@ -31,18 +43,26 @@ 3359. [bug] An improperly-formed TSIG secret could cause a memory leak. [RT #30607] -3358. [bug] Fix declaration of fatal in bin/named/server.c - and bin/nsupdate/main.c. [RT #30522] - 3357. [port] Add support for libxml2-2.8.x [RT #30440] - --- 9.6-ESV-R8b1 released --- +3356. [bug] Cap the TTL of signed RRsets when RRSIGs are + approaching their expiry, so they don't remain + in caches after expiry. [RT #26429] + + --- 9.8.4b1 released --- 3354. [func] Improve OpenSSL error logging. [RT #29932] +3353. [bug] Use a single task for task exclusive operations. + [RT #29872] + 3352. [bug] Ensure that learned server attributes timeout of the adb cache. [RT #29856] +3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report + caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX + memory debugging flags are set. [RT #30243] + 3350. [bug] Memory read overrun in isc___mem_reallocate if ISC_MEM_DEBUGCTX memory debugging flag is set. [RT #30240] @@ -53,11 +73,13 @@ the cache since change 3218 -- this prevents it being inserted into the cache as well. [RT #26809] +3347. [bug] dnssec-settime: Issue a warning when writing a new + private key file would cause a change in the + permissions of the existing file. [RT #27724] + 3346. [security] Bad-cache data could be used before it was initialized, causing an assert. [RT #30025] -3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821] - 3342. [bug] Change #3314 broke saving of stub zones to disk resulting in excessive cpu usage in some cases. [RT #29952] @@ -68,11 +90,30 @@ 3335. [func] nslookup: return a nonzero exit code when unable to get an answer. [RT #29492] +3333. [bug] Setting resolver-query-timeout too low can cause + named to not recover if it loses connectivity. + [RT #29623] + 3332. [bug] Re-use cached DS rrsets if possible. [RT #29446] 3331. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644] +3330. [func] Fix missing signatures on NOERROR results despite + RPZ rewriting. Also + - add optional "recursive-only yes|no" to the + response-policy statement + - add optional "max-policy-ttl" to the response-policy + statement to limit the false data that + "recursive-only no" can introduce into + resolvers' caches + - add a RPZ performance test to bin/tests/system/rpz + when queryperf is available. + - the encoding of PASSTHRU action to "rpz-passthru". + (The old encoding is still accepted.) + [RT #26172] + + 3329. [bug] Handle RRSIG signer-name case consistently: We generate RRSIG records with the signer-name in lower case. We accept them with any case, but if @@ -82,7 +123,9 @@ 3328. [bug] Fixed inconsistent data checking in dst_parse.c. [RT #29401] - --- 9.6-ESV-R7 released --- +3317. [func] Add ECDSA support (RFC 6605). [RT #21918] + + --- 9.8.3 released --- 3318. [tuning] Reduce the amount of work performed while holding a bucket lock when finshed with a fetch context. @@ -93,6 +136,9 @@ 3313. [protocol] Add TLSA record type. [RT #28989] +3312. [bug] named-checkconf didn't detect a bad dns64 clients acl. + [RT #27631] + 3311. [bug] Abort the zone dump if zone->db is NULL in zone.c:zone_gotwritehandle. [RT #29028] @@ -104,9 +150,17 @@ 3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS. [RT #28956] +3306. [bug] Improve DNS64 reverse zone performance. [RT #28563] + +3305. [func] Add wire format lookup method to sdb. [RT #28563] + 3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps. [RT #28571] +3302. [bug] dns_dnssec_findmatchingkeys could fail to find + keys if the zone name contained character that + required special mappings. [RT #28600] + 3301. [contrib] Update queryperf to build on darwin. Add -R flag for non-recursive queries. [RT #28565] @@ -119,10 +173,12 @@ 3232. [bug] Zero zone->curmaster before return in dns_zone_setmasterswithkeys(). [RT #26732] +3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301] + 3197. [bug] Don't try to log the filename and line number when the config parser can't open a file. [RT #22263] - --- 9.6-ESV-R6 released --- + --- 9.8.2 released --- 3298. [bug] Named could dereference a NULL pointer in zmgr_start_xfrin_ifquota if the zone was being removed. @@ -141,9 +197,15 @@ 3290. [bug] was not being installed. [RT #28169] +3288. [bug] dlz_destroy() function wasn't correctly registered + by the DLZ dlopen driver. [RT #28056] + 3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028] - --- 9.6-ESV-R6rc2 released --- +3286. [bug] Managed key maintenance timer could fail to start + after 'rndc reconfig'. [RT #26786] + + --- 9.8.2rc2 released --- 3285. [bug] val-frdataset was incorrectly disassociated in proveunsecure after calling startfinddlvsep. @@ -163,9 +225,27 @@ despite succeeding over the loopback interface. [RT #27782] -3374. [bug] Log when a zone is not reusable. Only set loadtime +3280. [bug] Potential double free of a rdataset on out of memory + with DNS64. [RT #27762] + +3278. [bug] Make sure automatic key maintenance is started + when "auto-dnssec maintain" is turned on during + "rndc reconfig". [RT #26805] + +3276. [bug] win32: ns_os_openfile failed to return NULL on + safe_open failure. [RT #27696] + +3274. [bug] Log when a zone is not reusable. Only set loadtime on successful loads. [RT #27650] +3273. [bug] AAAA responses could be returned in the additional + section even when filter-aaaa-on-v4 was in use. + [RT #27292] + +3271. [port] darwin: mksymtbl is not always stable, loop several + times before giving up. mksymtbl was using non + portable perl to covert 64 bit hex strings. [RT #27653] + 3268. [bug] Convert RRSIG expiry times to 64 timestamps to work out the earliest expiry time. [RT #23311] @@ -177,7 +257,10 @@ DNSKEY RRset was not being properly computed. [RT #26543] - --- 9.6-ESV-R6rc1 released --- +3262. [bug] Signed responses were handled incorrectly by RPZ. + [RT #27316] + + --- 9.8.2rc1 released --- 3260. [bug] "rrset-order cyclic" could appear not to rotate for some query patterns. [RT #27170/27185] @@ -185,6 +268,9 @@ 3259. [bug] named-compilezone: Suppress "dump zone to " message when writing to stdout. [RT #27109] +3258. [test] Add "forcing full sign with unreadable keys" test. + [RT #27153] + 3257. [bug] Do not generate a error message when calling fsync() in a pipe or socket. [RT #27109] @@ -208,6 +294,10 @@ 3249. [bug] Update log message when saving slave zones files for analysis after load failures. [RT #27087] +3248. [bug] Configure options --enable-fixed-rrset and + --enable-exportlib were incompatible with each + other. [RT #27087] + 3247. [bug] 'raw' format zones failed to preserve load order breaking 'fixed' sort order. [RT #27087] @@ -217,11 +307,18 @@ 3241. [bug] Address race conditions in the resolver code. [RT #26889] +3240. [bug] DNSKEY state change events could be missed. [RT #26874] + +3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent + timestamp. [RT #26883] + 3238. [bug] keyrdata was not being reinitialized in lib/dns/rbtdb.c:iszonesecure. [RT#26913] 3237. [bug] dig -6 didn't work with +trace. [RT #26906] + --- 9.8.2b1 released --- + 3234. [bug] 'make depend' produced invalid makefiles. [RT #26830] 3231. [bug] named could fail to send a uncompressable zone. @@ -230,6 +327,9 @@ 3230. [bug] 'dig axfr' failed to properly handle a multi-message axfr with a serial of 0. [RT #26796] +3229. [bug] Fix local variable to struct var assignment + found by CLANG warning. + 3228. [tuning] Dynamically grow symbol table to improve zone loading performance. [RT #26523] @@ -238,16 +338,20 @@ 3226. [bug] Address minor resource leakages. [RT #26624] - --- 9.6-ESV-R6b1 released --- - 3221. [bug] Fixed a potential coredump on shutdown due to referencing fetch context after it's been freed. [RT #26720] +3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips() + could fail to set the database version correctly, + causing an assertion failure. [RT #26180] + 3218. [security] Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [RT #26590] +3217. [cleanup] Fix build problem with --disable-static. [RT #26476] + 3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478] 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188] @@ -256,6 +360,8 @@ list prior to adding a reference to it leading a possible assertion failure. [RT #23219] +3209. [func] Add "dnssec-lookaside 'no'". [RT #24858] + 3208. [bug] 'dig -y' handle unknown tsig alorithm better. [RT #25522] @@ -273,9 +379,15 @@ 3200. [doc] Some rndc functions were undocumented or were missing from 'rndc -h' output. [RT #25555] +3198. [doc] Clarified that dnssec-settime can alter keyfile + permissions. [RT #24866] + 3196. [bug] nsupdate: return nonzero exit code when target zone doesn't exist. [RT #25783] +3195. [cleanup] Silence "file not found" warnings when loading + managed-keys zone. [RT #26340] + 3194. [doc] Updated RFC references in the 'empty-zones-enable' documentation. [RT #25203] @@ -292,8 +404,14 @@ 3189. [test] Added a summary report after system tests. [RT #25517] +3188. [bug] zone.c:zone_refreshkeys() could fail to detach + references correctly when errors occurred, causing + a hang on shutdown. [RT #26372] + 3187. [port] win32: support for Visual Studio 2008. [RT #26356] +3186. [bug] Version/db mis-match in rpz code. [RT #26180] + 3179. [port] kfreebsd: build issues. [RT #26273] 3175. [bug] Fix how DNSSEC positive wildcard responses from a @@ -301,8 +419,25 @@ unnecessary NSEC3 record when generating such responses. [RT #26200] +3174. [bug] Always compute to revoked key tag from scratch. + [RT #26186] + 3173. [port] Correctly validate root DS responses. [RT #25726] +3171. [bug] Exclusively lock the task when adding a zone using + 'rndc addzone'. [RT #25600] + +3170. [func] RPZ update: + - fix precedence among competing rules + - improve ARM text including documenting rule precedence + - try to rewrite CNAME chains until first hit + - new "rpz" logging channel + - RDATA for CNAME rules can include wildcards + - replace "NO-OP" named.conf policy override with + "PASSTHRU" and add "DISABLED" override ("NO-OP" + is still recognized) + [RT #25172] + 3169. [func] Catch db/version mis-matches when calling dns_db_*(). [RT #26017] @@ -314,26 +449,24 @@ ns*/ subdirectory to override stock arguments to named. Largely from RT#26044, but no separate ticket. +3161. [bug] zone.c:del_sigs failed to always reset rdata leading + assertion failures. [RT #25880] + 3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing the config file before pausing the server. [RT #21373] -3156. [bug] Reconfiguring the server with an incorrectly - formatted TSIG key could cause a crash during - subsequent zone transfers. [RT #20391] +3155. [bug] Fixed a build failure when using contrib DLZ + drivers (e.g., mysql, postgresql, etc). [RT #25710] 3154. [bug] Attempting to print an empty rdataset could trigger an assert. [RT #25452] +3152. [cleanup] Some versions of gcc and clang failed due to + incorrect use of __builtin_expect. [RT #25183] + 3151. [bug] Queries for type RRSIG or SIG could be handled incorrectly. [RT #21050] -3149. [tuning] Improve scalability by allocating one zone - task per 100 zones at startup time. (The - BIND9_ZONE_TASKS_HINT environment variable - which was established as a temporary measure - in change #3132 is no longer needed or - used.) [rt25541] - 3148. [bug] Processing of normal queries could be stalled when forwarding a UPDATE message. [RT #24711] @@ -347,15 +480,17 @@ 3143. [bug] Silence clang compiler warnings. [RT #25174] -3142. [bug] NAPTR is class agnostic. [RT #25429] - -3141. [bug] Silence spurious "zone serial unchanged" messages - associated with empty zones. [RT #25079] - 3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321 for the hashing algorithms (md5, sha1 - sha512, and their hmac counterparts). [RT #25067] + --- 9.8.1 released --- + + --- 9.8.1rc1 released --- + +3141. [bug] Silence spurious "zone serial (0) unchanged" messages + associated with empty zones. [RT #25079] + 3138. [bug] Address memory leaks and out-of-order operations when shutting named down. [RT #25210] @@ -363,30 +498,38 @@ empty zones switched on by the 'empty-zones-enable' option. [RT #24990] -3134. [bug] Improve the accuracy of dnssec-signzone's signing - statistics. [RT #16030] - - --- 9.6-ESV-R5 released --- + Note: empty-zones-enable must be "yes;" or a empty + zone needs to be disabled in named.conf for RFC 1918 + zones to be activated. This requirement may be + removed in future releases. 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing. See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307 [RT #24950] -3132. [bug] Workaround for excessive startup time with large - number of zones; allow setting of an environment - variable to tune the number of tasks, default is 8, - recommends 200 zones per task. If you have 200000 - zones set the BIND9_ZONE_TASKS_HINT environment - variable to 1000 before starting named: - - csh: setenv BIND9_ZONE_TASKS_HINT 1000 - sh: BIND9_ZONE_TASKS_HINT=1000; - export BIND9_ZONE_TASKS_HINT +3134. [bug] Improve the accuracy of dnssec-signzone's signing + statistics. [RT #16030] + + --- 9.8.1b3 released --- + +3133. [bug] Change #3114 was incomplete. [RT #24577] - Applicable to 9.7, 9.6, auto-tuned in 9.8 and up. - [RT #25084] +3131. [tuning] Improve scalability by allocating one zone task + per 100 zones at startup time, rather than using a + fixed-size task table. [RT #24406] - --- 9.6-ESV-R5rc1 released --- +3129. [bug] Named could crash on 'rndc reconfig' when + allow-new-zones was set to yes and named ACLs + were used. [RT #22739] + + --- 9.8.1b2 released --- + +3126. [security] Using DNAME record to generate replacements caused + RPZ to exit with a assertion failure. [RT #24766] + +3125. [security] Using wildcard CNAME records as a replacement with + RPZ caused named to exit with a assertion failure. + [RT #24715] 3124. [bug] Use an rdataset attribute flag to indicate negative-cache records rather than using rrtype 0; @@ -397,6 +540,8 @@ dns_rdataset_totext() that could cause named to crash with an assertion failure. [RT #24777] +3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664] + 3121. [security] An authoritative name server sending a negative response containing a very large RRset could trigger an off-by-one error in the ncache code @@ -406,40 +551,105 @@ that validated insecure without using DLV and had DS records in the parent zone. [RT #24631] +3119. [bug] When rolling to a new DNSSEC key, a private-type + record could be created and never marked complete. + [RT #23253] + 3118. [bug] nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604] +3117. [cleanup] Remove doc and parser references to the + never-implemented 'auto-dnssec create' option. + [RT #24533] + +3115. [bug] Named could fail to return requested data when + following a CNAME that points into the same zone. + [RT #24455] + +3114. [bug] Retain expired RRSIGs in dynamic zones if key is + inactive and there is no replacement key. [RT #23136] + 3113. [doc] Document the relationship between serial-query-rate and NOTIFY messages. + --- 9.8.1b1 released --- + 3112. [doc] Add missing descriptions of the update policy name types "ms-self", "ms-subdomain", "krb5-self" and "krb5-subdomain", which allow machines to update their own records, to the BIND 9 ARM. +3111. [bug] Improved consistency checks for dnssec-enable and + dnssec-validation, added test cases to the + checkconf system test. [RT #24398] + 3110. [bug] dnssec-signzone: Wrong error message could appear when attempting to sign with no KSK. [RT #24369] +3107. [bug] dnssec-signzone: Report the correct number of ZSKs + when using -x. [RT #20852] + +3105. [bug] GOST support can be suppressed by "configure + --without-gost" [RT #24367] + 3104. [bug] Better support for cross-compiling. [RT #24367] +3103. [bug] Configuring 'dnssec-validation auto' in a view + instead of in the options statement could trigger + an assertion failure in named-checkconf. [RT #24382] + +3101. [bug] Zones using automatic key maintenance could fail + to check the key repository for updates. [RT #23744] + +3100. [security] Certain response policy zone configurations could + trigger an INSIST when receiving a query of type + RRSIG. [RT #24280] + 3099. [test] "dlz" system test now runs but gives R:SKIPPED if not compiled with --with-dlz-filesystem. [RT #24146] +3098. [bug] DLZ zones were answering without setting the AA bit. + [RT #24146] + 3097. [test] Add a tool to test handling of malformed packets. [RT #24096] - --- 9.6-ESV-R5b1 released --- +3096. [bug] Set KRB5_KTNAME before calling log_cred() in + dst_gssapi_acceptctx(). [RT #24004] 3095. [bug] Handle isolated reserved ports in the port range. [RT #23957] +3094. [doc] Expand dns64 documentation. + +3093. [bug] Fix gssapi/kerberos dependencies [RT #23836] + +3092. [bug] Signatures for records at the zone apex could go + stale due to an incorrect timer setting. [RT #23769] + +3091. [bug] Fixed a bug in which zone keys that were published + and then subsequently activated could fail to trigger + automatic signing. [RT #22911] + +3090. [func] Make --with-gssapi default [RT #23738] + 3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf and add setup.sh in order to resolve changing named.conf issue. [RT #23687] +3087. [bug] DDNS updates using SIG(0) with update-policy match + type "external" could cause a crash. [RT #23735] + +3086. [bug] Running dnssec-settime -f on an old-style key will + now force an update to the new key format even if no + other change has been specified, using "-P now -A now" + as default values. [RT #22474] + 3083. [bug] NOTIFY messages were not being sent when generating a NSEC3 chain incrementally. [RT #23702] +3082. [port] strtok_r is threads only. [RT #23747] + 3081. [bug] Failure of DNAME substitution did not return YXDOMAIN. [RT #23591] @@ -449,13 +659,32 @@ 3079. [bug] Handle isc_event_allocate failures in t_tasks. [RT #23572] +3078. [func] Added a new include file with function typedefs + for the DLZ "dlopen" driver. [RT #23629] + +3077. [bug] zone.c:zone_refreshkeys() incorrectly called + dns_zone_attach(), use zone->irefs instead. [RT #23303] + +3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant + timestamp when determining which keys are active. + [RT #23642] + 3074. [bug] Make the adb cache read through for zone data and glue learn for zone named is authoritative for. [RT #22842] +3073. [bug] managed-keys changes were not properly being recorded. + [RT #20256] + +3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference. + [RT #20256] + 3071. [bug] has_nsec could be used unintialised in update.c:next_active. [RT #20256] +3070. [bug] dnssec-signzone potential NULL pointer dereference. + [RT #20256] + 3069. [cleanup] Silence warnings messages from clang static analysis. [RT #20256] @@ -465,6 +694,11 @@ 3067. [bug] ixfr-from-differences {master|slave}; failed to select the master/slave zones. [RT #23580] +3066. [func] The DLZ "dlopen" driver is now built by default, + no longer requiring a configure option. To + disable it, use "configure --without-dlopen". + (Note: driver not supported on win32.) [RT #23467] + 3065. [bug] RRSIG could have time stamps too far in the future. [RT #23356] @@ -479,13 +713,34 @@ reload to fail, if a log file specified in the conf file isn't a plain file. [RT #22771] +3057. [bug] "rndc secroots" would abort after the first error + and so could miss some views. [RT #23488] + +3054. [bug] Added elliptic curve support check in + GOST OpenSSL engine detection. [RT #23485] + 3053. [bug] Under a sustained high query load with a finite max-cache-size, it was possible for cache memory to be exhausted and not recovered. [RT #23371] +3052. [test] Fixed last autosign test report. [RT #23256] + 3051. [bug] NS records obsure DNAME records at the bottom of the zone if both are present. [RT #23035] +3050. [bug] The autosign system test was timing dependent. + Wait for the initial autosigning to complete + before running the rest of the test. [RT #23035] + +3049. [bug] Save and restore the gid when creating creating + named.pid at startup. [RT #23290] + +3048. [bug] Fully separate view key mangement. [RT #23419] + +3047. [bug] DNSKEY NODATA responses not cached fixed in + validator.c. Tests added to dnssec system test. + [RT #22908] + 3046. [bug] Use RRSIG original TTL to compute validated RRset and RRSIG TTL. [RT #23332] @@ -509,6 +764,8 @@ with a CNAME existed between the trust anchor and the top of the zone. [RT #23338] +3038. [bug] Install . [RT #23342] + 3037. [doc] Update COPYRIGHT to contain all the individual copyright notices that cover various parts. @@ -544,47 +801,108 @@ after calling grow_headerspace() and if not re-call grow_headerspace() until we do. [RT #22521] + --- 9.8.0 released --- + 3025. [bug] Fixed a possible deadlock due to zone resigning. [RT #22964] +3024. [func] RTT Banding removed due to minor security increase + but major impact on resolver latency. [RT #23310] + 3023. [bug] Named could be left in an inconsistent state when receiving multiple AXFR response messages that were not all TSIG-signed. [RT #23254] +3022. [bug] Fixed rpz SERVFAILs after failed zone transfers + [RT #23246] + +3021. [bug] Change #3010 was incomplete. [RT #22296] + +3020. [bug] auto-dnssec failed to correctly update the zone when + changing the DNSKEY RRset. [RT #23232] + 3019. [test] Test: check apex NSEC3 records after adding DNSKEY record via UPDATE. [RT #23229] + --- 9.8.0rc1 released --- + 3018. [bug] Named failed to check for the "none;" acl when deciding if a zone may need to be re-signed. [RT #23120] +3017. [doc] dnssec-keyfromlabel -I was not properly documented. + [RT #22887] + 3016. [bug] rndc usage missing '-b'. [RT #22937] 3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros. [RT #22724] -3014. [bug] Fix the zonechecks system test to match expected - behaviour for 9.6 and to fail on error. [RT #22905] +3013. [bug] The DNS64 ttl was not always being set as expected. + [RT #23034] 3012. [bug] Remove DNSKEY TTL change pairs before generating signing records for any remaining DNSKEY changes. [RT #22590] - --- 9.6-ESV-R4 released --- +3011. [func] Allow setting this in named.conf using the new + 'resolver-query-timeout' option, which specifies a max + time in seconds. 0 means 'default' and anything longer + than 30 will be silently set to 30. [RT #22852] - --- 9.6.3 released --- +3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer + for refreshing managed-keys. [RT #22296] 3009. [bug] clients-per-query code didn't work as expected with particular query patterns. [RT #22972] - --- 9.6.3rc1 released --- + --- 9.8.0b1 released --- + +3008. [func] Response policy zones (RPZ) support. [RT #21726] 3007. [bug] Named failed to preserve the case of domain names in rdata which is not compressible when writing master files. [RT #22863] +3006. [func] Allow dynamically generated TSIG keys to be preserved + across restarts of named. Initially this is for + TSIG keys generated using GSSAPI. [RT #22639] + +3005. [port] Solaris: Work around the lack of + gsskrb5_register_acceptor_identity() by setting + the KRB5_KTNAME environment variable to the + contents of tkey-gssapi-keytab. Also fixed + test errors on MacOSX. [RT #22853] + +3004. [func] DNS64 reverse support. [RT #22769] + +3003. [experimental] Added update-policy match type "external", + enabling named to defer the decision of whether to + allow a dynamic update to an external daemon. + (Contributed by Andrew Tridgell.) [RT #22758] + 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr. [RT #22766] +3001. [func] Added a default trust anchor for the root zone, which + can be switched on by setting "dnssec-validation auto;" + in the named.conf options. [RT #21727] + +3000. [bug] More TKEY/GSS fixes: + - nsupdate can now get the default realm from + the user's Kerberos principal + - corrected gsstest compilation flags + - improved documentation + - fixed some NULL dereferences + [RT #22795] + +2999. [func] Add GOST support (RFC 5933). [RT #20639] + +2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive + to the task api. [RT #22776] + +2997. [func] named -V now reports the OpenSSL and libxml2 verions + it was compiled against. [RT #22687] + 2996. [security] Temporarily disable SO_ACCEPTFILTER support. [RT #22589] @@ -595,13 +913,52 @@ do not use threads on earlier versions. Also kill the unproven-pthreads, mit-pthreads, and ptl2 support. +2993. [func] Dynamically grow adb hash tables. [RT #21186] + +2992. [contrib] contrib/check-secure-delegation.pl: A simple tool + for looking at a secure delegation. [RT #22059] + +2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for + dynamic zones. [RT #22365] + +2990. [bug] 'dnssec-settime -S' no longer tests prepublication + interval validity when the interval is set to 0. + [RT #22761] + +2989. [func] Added support for writable DLZ zones. (Contributed + by Andrew Tridgell of the Samba project.) [RT #22629] + +2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation + of external DLZ drivers that can be loaded as + shared objects at runtime rather than linked with + named. Currently this is switched on via a + compile-time option, "configure --with-dlz-dlopen". + Note: the syntax for configuring DLZ zones + is likely to be refined in future releases. + (Contributed by Andrew Tridgell of the Samba + project.) [RT #22629] + +2987. [func] Improve ease of configuring TKEY/GSS updates by + adding a "tkey-gssapi-keytab" option. If set, + updates will be allowed with any key matching + a principal in the specified keytab file. + "tkey-gssapi-credential" is no longer required + and is expected to be deprecated. (Contributed + by Andrew Tridgell of the Samba project.) + [RT #22629] + +2986. [func] Add new zone type "static-stub". It's like a stub + zone, but the nameserver names and/or their IP + addresses are statically configured. [RT #21474] + +2985. [bug] Add a regression test for change #2896. [RT #21324] + 2984. [bug] Don't run MX checks when the target of the MX record is ".". [RT #22645] -2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls. - [RT #20768] +2983. [bug] Include "loadkeys" in rndc help output. [RT #22493] - --- 9.6.3b1 released --- + --- 9.8.0a1 released --- 2982. [bug] Reference count dst keys. dst_key_attach() can be used increment the reference count. @@ -610,12 +967,20 @@ always call dst_key_free() rather than setting it to NULL on success. [RT #22672] +2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991] + +2980. [bug] named didn't properly handle UPDATES that changed the + TTL of the NSEC3PARAM RRset. [RT #22363] + 2979. [bug] named could deadlock during shutdown if two "rndc stop" commands were issued at the same time. [RT #22108] 2978. [port] hpux: look for [RT #21919] +2977. [bug] 'nsupdate -l' report if the session key is missing. + [RT #21670] + 2976. [bug] named could die on exit after negotiating a GSS-TSIG key. [RT #22573] @@ -623,21 +988,82 @@ wrong lock which could lead to server deadlock. [RT #22614] +2974. [bug] Some valid UPDATE requests could fail due to a + consistency check examining the existing version + of the zone rather than the new version resulting + from the UPDATE. [RT #22413] + +2973. [bug] bind.keys.h was being removed by the "make clean" + at the end of configure resulting in build failures + where there is very old version of perl installed. + Move it to "make maintainer-clean". [RT #22230] + +2972. [bug] win32: address windows socket errors. [RT #21906] + +2971. [bug] Fixed a bug that caused journal files not to be + compacted on Windows systems as a result of + non-POSIX-compliant rename() semantics. [RT #22434] + +2970. [security] Adding a NO DATA negative cache entry failed to clear + any matching RRSIG records. A subsequent lookup of + of NO DATA cache entry could trigger a INSIST when the + unexpected RRSIG was also returned with the NO DATA + cache entry. + + CVE-2010-3613, VU#706148. [RT #22288] + +2969. [security] Fix acl type processing so that allow-query works + in options and view statements. Also add a new + set of tests to verify proper functioning. + + CVE-2010-3615, VU#510208. [RT #22418] + +2968. [security] Named could fail to prove a data set was insecure + before marking it as insecure. One set of conditions + that can trigger this occurs naturally when rolling + DNSKEY algorithms. + + CVE-2010-3614, VU#837744. [RT #22309] + +2967. [bug] 'host -D' now turns on debugging messages earlier. + [RT #22361] + +2966. [bug] isc_print_vsnprintf() failed to check if there was + space available in the buffer when adding a left + justified character with a non zero width, + (e.g. "%-1c"). [RT #22270] + 2965. [func] Test HMAC functions using test data from RFC 2104 and RFC 4634. [RT #21702] +2964. [placeholder] + +2963. [security] The allow-query acl was being applied instead of the + allow-query-cache acl to cache lookups. [RT #22114] + +2962. [port] win32: add more dependencies to BINDBuild.dsw. + [RT #22062] + +2961. [bug] Be still more selective about the non-authoritative + answers we apply change 2748 to. [RT #22074] + 2960. [func] Check that named accepts non-authoritative answers. [RT #21594] 2959. [func] Check that named starts with a missing masterfile. [RT #22076] +2958. [bug] named failed to start with a missing master file. + [RT #22076] + 2957. [bug] entropy_get() and entropy_getpseudo() failed to match the API for RAND_bytes() and RAND_pseudo_bytes() respectively. [RT #21962] 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899] +2955. [func] Provide more detail in the recursing log. [RT #22043] + 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on build_sqldbinstance failure. [RT #21623] @@ -645,10 +1071,26 @@ exact match" message when returning a wildcard no data response. [RT #21744] +2952. [port] win32: named-checkzone and named-checkconf failed + to initialise winsock. [RT #21932] + +2951. [bug] named failed to generate a correct signed response + in a optout, delegation only zone with no secure + delegations. [RT #22007] + 2950. [bug] named failed to perform a SOA up to date check when falling back to TCP on UDP timeouts when ixfr-from-differences was set. [RT #21595] +2949. [bug] dns_view_setnewzones() contained a memory leak if + it was called multiple times. [RT #21942] + +2948. [port] MacOS: provide a mechanism to configure the test + interfaces at reboot. See bin/tests/system/README + for details. + +2947. [placeholder] + 2946. [doc] Document the default values for the minimum and maximum zone refresh and retry values in the ARM. [RT #21886] @@ -657,12 +1099,59 @@ 2944. [maint] Remove ORCHID prefix from built in empty zones. [RT #21772] +2943. [func] Add support to load new keys into managed zones + without signing immediately with "rndc loadkeys". + Add support to link keys with "dnssec-keygen -S" + and "dnssec-settime -S". [RT #21351] + 2942. [contrib] zone2sqlite failed to setup the entropy sources. [RT #21610] *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***