The NetBSD Project

CVS log for src/external/bsd/bind/dist/lib/dns/Attic/rpz.c

[BACK] Up to [cvs.NetBSD.org] / src / external / bsd / bind / dist / lib / dns

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: MAIN


Revision 1.13, Fri May 10 09:14:41 2019 UTC (4 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, HEAD
Changes since 1.12: +1 -1 lines
FILE REMOVED

Remove src/external/bsd/bind - latest version is in src/external/mpl/bind

This directory was already unhooked from the build (in August 2018).

ok christos@

Revision 1.12 / (download) - annotate - [select for diffs], Sat Apr 7 22:23:21 2018 UTC (5 years, 11 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415
Branch point for: phil-wifi
Changes since 1.11: +105 -80 lines
Diff to previous 1.11 (colored)

merge 9.7.10

Revision 1.11 / (download) - annotate - [select for diffs], Thu Jun 15 15:59:40 2017 UTC (6 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-compat-base, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, perseant-stdc-iso10646-base, perseant-stdc-iso10646
Branch point for: pgoyette-compat
Changes since 1.10: +25 -14 lines
Diff to previous 1.10 (colored)

Merge conflicts; bugs fixed since the last import:

4632.	[security]	The BIND installer on Windows used an unquoted
			service path, which can enable privilege escalation.
			(CVE-2017-3141) [RT #45229]

4631.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]

4582.	[security]	'rndc ""' could trigger a assertion failure in named.
			(CVE-2017-3138) [RT #44924]

4581.	[port]		Linux: Add getpid and getrandom to the list of system
			calls named uses for seccomp. [RT #44883]

4580.	[bug]		4578 introduced a regression when handling CNAME to
			referral below the current domain. [RT #44850]
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

4575.	[security]	DNS64 with "break-dnssec yes;" can result in an
			assertion failure. (CVE-2017-3136) [RT #44653]
4571.	[bug]		Out-of-tree builds of backtrace_test failed.

4570.	[cleanup]	named did not correctly fall back to the built-in
			initializing keys if the bind.keys file was present
			but empty. [RT #44531]

4568.	[contrib]	Added a --with-bind option to the dnsperf configure
			script to specify BIND prefix path.

4567.	[port]		Call getprotobyname and getservbyname prior to calling
			chroot so that shared libraries get loaded. [RT #44537]

4564.	[maint]		Update the built in managed keys to include the
			upcoming root KSK. [RT #44579]

4563.	[bug]		Modified zones would occasionally fail to reload.
			[RT #39424]

4561.	[port]		Silence a warning in strict C99 compilers. [RT #44414]

4560.	[bug]		mdig: add -m option to enable memory debugging rather
			than having it on all the time. [RT #44509]

4559.	[bug]		openssl_link.c didn't compile if ISC_MEM_TRACKLINES
			was turned off.  [RT #44509]
4554.	[bug]		Remove double unlock in dns_dispatchmgr_setudp.
			[RT #44336]

4553.	[bug]		Named could deadlock there were multiple changes to
			NSEC/NSEC3 parameters for a zone being processed at
			the same time. [RT #42770]

4552.	[bug]		Named could trigger a assertion when sending notify
			messages. [RT #44019]

4551.	[test]		Add system tests for integrity checks of MX and
			SRV records. [RT #43953]

4550.	[cleanup]	Increased the number of available master file
			output style flags from 32 to 64. [RT #44043]

4547.	[port]		Add support for --enable-native-pkcs11 on the AEP
			Keyper HSM. [RT #42463]
4543.	[bug]		dns_client_startupdate now delays sending the update
			request until isc_app_ctxrun has been called.
			[RT #43976]

4541.	[bug]		rndc addzone should properly reject non master/slave
			zones. [RT #43665]

4539.	[bug]		Referencing a nonexistent zone with RPZ could lead
			to a assertion failure when configuring. [RT #43787]

4538.	[bug]		Call dns_client_startresolve from client->task.
			[RT #43896]

4537.	[bug]		Handle timeouts better in dig/host/nslookup. [RT #43576]

4536.	[bug]		ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
			when reusing the event structure. [RT #43885]

4535.	[bug]		Address race condition in setting / testing of
			DNS_REQUEST_F_SENDING. [RT #43889]

4534.	[bug]		Only set RD, RA and CD in QUERY responses. [RT #43879]

4533.	[bug]		dns_client_update should terminate on prerequisite
			failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
			and also on BADZONE.  [RT #43865]

4532.	[contrib]	Make gen-data-queryperf.py python 3 compatible.
			[RT #43836]
4529.	[cleanup]	Silence noisy log warning when DSCP probe fails
			due to firewall rules. [RT #43847]

4527.	[doc]		Support DocBook XSL Stylesheets v1.79.1. [RT #43831]

4526.	[doc]		Corrected errors and improved formatting of
			grammar definitions in the ARM. [RT #43739]

4525.	[doc]		Fixed outdated documentation on managed-keys.
			[RT #43810]

4524.	[bug]		The net zero test was broken causing IPv4 servers
			with addresses ending in .0 to be rejected. [RT #43776]

4523.	[doc]		Expand config doc for <querysource4> and
			<querysource6>. [RT #43768]

4522.	[bug]		Handle big gaps in log file version numbers better.
			[RT #38688]

4521.	[cleanup]	Log it as an error if an entropy source is not
			found and there is no fallback available. [RT #43659]

4520.	[cleanup]	Alphabetize more of the grammar when printing it
			out. [RT #43755]

4516.	[bug]		isc_socketmgr_renderjson was missing from the
			windows build. [RT #43602]

4515.	[port]		FreeBSD: Find readline headers when they are in
			edit/readline/ instead of readline/. [RT #43658]

4513.	[cleanup]	Minimum Python versions are now 2.7 and 3.2.
			[RT #43566]

4512.	[bug]		win32: @GEOIP_INC@ missing from delv.vcxproj.in.
			[RT #43556]

4509.	[test]		Make the rrl system test more reliable on slower
			machines by using mdig instead of dig. [RT #43280]

4507.	[bug]		Named could incorrectly log 'allows updates by IP
			address, which is insecure' [RT #43432]

4505.	[port]		Use IP_PMTUDISC_OMIT if available. [RT #35494]

4504.	[security]	Allow the maximum number of records in a zone to
			be specified.  This provides a control for issues
			raised in CVE-2016-6170. [RT #42143]

4503.	[cleanup]	"make uninstall" now removes files installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]

4502.	[func]		Report multiple and experimental options when printing
			grammar. [RT #43134]

4500.	[bug]		Support modifier I64 in isc__print_printf. [RT #43526]

4499.	[port]		MacOSX: silence deprecated function warning
			by using arc4random_stir() when available
			instead of arc4random_addrandom(). [RT #43503]

4498.	[test]		Simplify prerequisite checks in system tests.
			[RT #43516]

4497.	[port]		Add support for OpenSSL 1.1.0. [RT #41284]

4496.	[func]		dig: add +idnout to control whether labels are
			display in punycode or not.  Requires idn support
			to be enabled at compile time. [RT #43398]

4494.	[bug]		Look for <editline/readline.h>. [RT #43429]

4492.	[bug]		irs_resconf_load failed to initialize sortlistnxt
			causing bad writes if resolv.conf contained a
			sortlist directive. [RT #43459]

4491.	[bug]		Improve message emitted when testing whether sendmsg
			works with TOS/TCLASS fails. [RT #43483]

4490.	[maint]		Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.

4489.	[security]	It was possible to trigger assertions when processing
			a response containing a DNAME answer. (CVE-2016-8864)
			[RT #43465]

4488.	[port]		Darwin: use -framework for Kerberos. [RT #43418]

4487.	[test]		Make system tests work on Windows. [RT #42931]

4486.	[bug]		Look in $prefix/lib/pythonX.Y/site-packages for
			the python modules we install. [RT #43330]

4485.	[bug]		Failure to find readline when requested should be
			fatal to configure. [RT #43328]

4484.	[func]		Check prefixes in acls to make sure the address and
			prefix lengths are consistent.  Warn only in
			BIND 9.11 and earlier. [RT #43367]

4483.	[bug]		Address use before require check and remove extraneous
			dns_message_gettsigkey call in dns_tsig_sign.
			[RT #43374]

4476.	[test]		Fix reclimit test on slower machines. [RT #43283]

4475.	[doc]		Update named-checkconf documentation. [RT #43153]

4474.	[bug]		win32: call WSAStartup in fromtext_in_wks so that
			getprotobyname and getservbyname work.  [RT #43197]

4473.	[bug]		Only call fsync / _commit on regular files. [RT #43196]

4472.	[bug]		Named could fail to find the correct NSEC3 records when
			a zone was updated between looking for the answer and
			looking for the NSEC3 records proving nonexistence
			of the answer. [RT #43247]
4471.	[cleanup]	Revert a query logging change inadvertently
			backported from 9.11. [RT #43238]
4467.	[security]	It was possible to trigger an assertion when
			rendering a message. (CVE-2016-2776) [RT #43139]

4466.	[bug]		Interface scanning didn't work on a Windows system
			without a non local IPv6 addresses. [RT #43130]

4464.	[bug]		Fix windows python support. [RT #43173]

4461.	[bug]		win32: not all external data was properly marked
			as external data for windows dll. [RT #43161]

4458.	[cleanup]	Update assertions to be more correct, and also remove
			use of a reserved word. [RT #43090]

4457.	[maint]		Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.

4456.	[doc]		Add DOCTYPE and lang attribute to <html> tags.
			[RT #42587]

4453.	[bug]		Prefetching of DS records failed to update their
			RRSIGs. [RT #42865]

4451.	[cleanup]	Log more useful information if a PKCS#11 provider
			library cannot be loaded. [RT #43076]

4450.	[port]		Provide more nuanced HSM support which better matches
			the specific PKCS11 providers capabilities. [RT #42458]

4448.	[bug]		win32: ::1 was not being found when iterating
			interfaces. [RT #42993]

4446.	[bug]		The cache_find() and _findrdataset() functions
			could find rdatasets that had been marked stale.
			[RT #42853]

4445.	[cleanup]	isc_errno_toresult() can now be used to call the
			formerly private function isc__errno2result().
			[RT #43050]

4443.	[func]		Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
			TCP sockets. [RT #42864]

4442.	[bug]		Fix RPZ CIDR tree insertion bug that corrupted
			tree data structure with overlapping networks
			(longest prefix match was ineffective).
			[RT #43035]
4441.	[cleanup]	Alphabetize host's help output. [RT #43031]

4435.	[tuning]	Only set IPV6_USE_MIN_MTU for UDP when the message
			will not fit into a single IPv4 encapsulated IPv6
			UDP packet when transmitted over a Ethernet link.
			[RT #42871]
4434.	[protocol]	Return EDNS EXPIRE option for master zones in addition
			to slave zones. [RT #43008]

4433.	[cleanup]	Report an error when passing an invalid option or
			view name to "rndc dumpdb". [RT #42958]

4432.	[test]		Hide rndc output on expected failures in logfileconfig
			system test. [RT #27996]

4431.	[bug]		named-checkconf now checks the rate-limit clause.
			[RT #42970]

4430.	[bug]		Lwresd died if a search list was not defined.
			Found by 0x710DDDD At Alibaba Security. [RT #42895]

4425.	[bug]		arpaname and named-rrchecker were not being installed
			into ${prefix}/bin.  [RT #42910]

4424.	[experimental]	Named now sends _ta-XXXX.<trust-anchor>/NULL queries
			to provide feedback to the trust-anchor administrators
			about how key rollovers are progressing as per
			draft-ietf-dnsop-edns-key-tag-02.  This can be
			disabled using 'trust-anchor-telemetry no;'.
			[RT #40583]

4423.	[maint]		Added missing IPv6 address 2001:500:84::b for
			B.ROOT-SERVERS.NET. [RT #42898]

4422.	[port]		Silence clang warnings in dig.c and dighost.c.
			[RT #42451]

4418.	[bug]		Fix a compiler warning in GSSAPI code. [RT #42879]

4414.	[bug]		Corrected a bug in the MIPS implementation of
			isc_atomic_xadd(). [RT #41965]

4413.	[bug]		GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
			was returned. [RT #42733]

4412.	[cleanup]	Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
			removed. [RT #42721]

4409.	[bug]		DNS64 should exclude mapped addresses by default when
			an exclude acl is not defined. [RT #42810]

4407.	[performance]	Use GCC builtin for clz in RPZ lookup code.
			[RT #42818]

4406.	[security]	getrrsetbyname with a non absolute name could
 			trigger an infinite recursion bug in lwresd
 			and named with lwres configured if when combined
 			with a search list entry

4404.	[misc]		Allow krb5-config to be used when configuring gssapi.
			[RT #42580]

4403.	[bug]		Rename variables and arguments that shadow: basename,
			clone and gai_error.

4397.	[bug]		Update Windows python support. [RT #42538]

4395.	[bug]		Improve out-of-tree installation of python modules.
			[RT #42586]

4384.	[bug]		Change 4256 accidentally disabled logging of the
			rndc command. [RT #42654]

4379.	[bug]		An INSIST could be triggered if a zone contains
			RRSIG records with expiry fields that loop
			using serial number arithmetic. [RT #40571]

4378.	[contrib]	#include <isc/string.h> for strlcat in zone2ldap.c.
			[RT #42525]

4377.	[bug]		Don't reuse zero TTL responses beyond the current
			client set (excludes ANY/SIG/RRSIG queries).
			[RT #42142]

4374.	[bug]		Use SAVE/RESTORE macros in query.c to reduce the
			probability of reference counting errors as seen
			in 4365. [RT #42405]

4373.	[bug]		Address undefined behavior in getaddrinfo. [RT #42479]

4372.	[bug]		Address undefined behavior in libt_api. [RT #42480]

4369.	[bug]		Fix 'make' and 'make install' out-of-tree python
			support. [RT #42484]

4367.	[bug]		Remove unnecessary assignment of loadtime in
			zone_touched. [RT #42440]

4361.	[cleanup]	Where supported, file modification times returned
			by isc_file_getmodtime() are now accurate to the
			nanosecond. [RT #41968]

4360.	[bug]		Silence spurious 'bad key type' message when there is
			a existing TSIG key. [RT #42195]

4359.	[bug]		Inherited 'also-notify' lists were not being checked
			by named-checkconf. [RT #42174]

4354.	[bug]		Check that the received HMAC length matches the
			expected length prior to check the contents on the
			control channel.  This prevents a OOB read error.
			This was reported by Lian Yihan, <lianyihan@360.cn>.
			[RT #42215]

4353.	[cleanup]	Update PKCS#11 header files. [RT #42175]

4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]

4351.	[bug]		'dig +noignore' didn't work. [RT #42273]

4350.	[contrib]	Declare result in  dlz_filesystem_dynamic.c.

4348.	[cleanup]	Refactor dnssec-coverage and dnssec-checkds
			functionality into an "isc" python module. [RT #39211]

4013.	[func]		Add a new tcp-only option to server (config) /
			peer (struct) to use TCP transport to send
			queries (in place of UDP transport with a
			TCP fallback on truncated (TC set) response).
			[RT #37800]

Revision 1.10 / (download) - annotate - [select for diffs], Thu Dec 17 04:00:43 2015 UTC (8 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, netbsd-8-base, localcount-20160914, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan
Branch point for: netbsd-8
Changes since 1.9: +10 -16 lines
Diff to previous 1.9 (colored)

merge conflicts

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jul 8 17:28:59 2015 UTC (8 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.8: +307 -93 lines
Diff to previous 1.8 (colored)

Merge changes.

Revision 1.8 / (download) - annotate - [select for diffs], Wed Dec 10 04:37:58 2014 UTC (9 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.7: +34 -17 lines
Diff to previous 1.7 (colored)

merge conflicts.

Revision 1.7 / (download) - annotate - [select for diffs], Tue Jul 8 05:43:39 2014 UTC (9 years, 8 months ago) by spz
Branch: MAIN
CVS Tags: tls-maxphys-base, tls-earlyentropy-base, netbsd-7-base
Branch point for: netbsd-7
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)

merge for bind 9.10.0-P2, first go

Revision 1.6 / (download) - annotate - [select for diffs], Sat Mar 1 03:24:37 2014 UTC (10 years ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3
Branch point for: tls-earlyentropy
Changes since 1.5: +1463 -500 lines
Diff to previous 1.5 (colored)

resolve conflicts; undo many local changes that have been done upstream
differently.

Revision 1.5 / (download) - annotate - [select for diffs], Sat Jul 27 19:23:12 2013 UTC (10 years, 7 months ago) by christos
Branch: MAIN
Changes since 1.4: +13 -29 lines
Diff to previous 1.4 (colored)

merge conflicts for bind-9.9.3-P2

Revision 1.4 / (download) - annotate - [select for diffs], Tue Dec 4 23:38:43 2012 UTC (11 years, 3 months ago) by spz
Branch: MAIN
CVS Tags: yamt-pagecache-base8, yamt-pagecache-base7, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, khorben-n900, agc-symver-base, agc-symver
Changes since 1.3: +80 -55 lines
Diff to previous 1.3 (colored)

merge bind-9-9-2-P1 and adjust build as needed
fixes CVE-2012-5688, see:
http://www.isc.org/software/bind/advisories/cve-2012-5688

Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 5 00:41:40 2012 UTC (11 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base6
Branch point for: tls-maxphys
Changes since 1.2: +100 -85 lines
Diff to previous 1.2 (colored)

Merge bind-9.9.1-P1 to fix:
Processing of DNS resource records where the rdata field is zero length
may cause various issues for the servers handling them.
CVE: CVE-2012-1667

Revision 1.2 / (download) - annotate - [select for diffs], Wed Feb 16 03:47:05 2011 UTC (13 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, netbsd-6-base, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base
Branch point for: yamt-pagecache, netbsd-6, bouyer-quota2
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

- merge conflicts
- Fix UNUSED macro to not have "NULL EFFECT"
- Add /*CONSTCOND*/ to while (0) loops
- Change do while (1) loops to for (;;)
- remove stray continue from do while (0) loop.
- remove "" in comments that confuse lint
- fix strict aliases
- fix non ansi prototypes

Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 15 19:37:01 2011 UTC (13 years, 1 month ago) by christos
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>