From 8af21b710f34092dcd08abdc13e7971553b616d2 Mon Sep 17 00:00:00 2001 From: "Internet Software Consortium, Inc" <@isc.org> Date: Tue, 11 Feb 2014 09:00:42 -0700 Subject: 9.9.5rc1 --- CHANGES | 43 + COPYRIGHT | 2 +- Makefile.in | 5 +- README | 4 + bin/check/named-checkconf.8 | 14 +- bin/check/named-checkconf.c | 16 +- bin/check/named-checkconf.docbook | 19 +- bin/check/named-checkconf.html | 24 +- bin/confgen/ddns-confgen.c | 4 +- bin/confgen/rndc-confgen.c | 4 +- bin/dig/dighost.c | 17 +- bin/dig/include/dig/dig.h | 3 +- bin/dnssec/dnssec-signzone.c | 6 +- bin/dnssec/dnssectool.c | 8 +- bin/named/bind9.ver3.xsl | 1110 +- bin/named/bind9.ver3.xsl.h | 245 +- bin/named/builtin.c | 14 +- bin/named/config.c | 14 +- bin/named/controlconf.c | 12 +- bin/named/lwaddr.c | 10 +- bin/named/lwdgnba.c | 6 +- bin/named/lwdgrbn.c | 10 +- bin/named/named.conf.5 | 6 +- bin/named/named.conf.docbook | 5 +- bin/named/named.conf.html | 26 +- bin/named/query.c | 25 +- bin/named/server.c | 4 +- bin/named/statschannel.c | 76 +- bin/named/zoneconf.c | 8 +- bin/nsupdate/nsupdate.c | 13 +- bin/pkcs11/openssl-1.0.0k-patch | 15889 ------------------- bin/pkcs11/openssl-1.0.0l-patch | 15889 +++++++++++++++++++ bin/pkcs11/openssl-1.0.1e-patch | 15784 ------------------ bin/pkcs11/openssl-1.0.1f-patch | 15784 ++++++++++++++++++ bin/rndc/rndc.c | 6 +- bin/tests/hash_test.c | 48 +- bin/tests/names/t_names.c | 4 +- bin/tests/rdata_test.c | 4 +- bin/tests/system/checkconf/clean.sh | 3 +- bin/tests/system/checkconf/good.conf | 6 +- bin/tests/system/checkconf/tests.sh | 28 +- bin/tests/system/checkconf/warn-keydir.conf | 28 + bin/tests/system/dlvauto/tests.sh | 4 +- bin/tests/system/dnssec/ns2/example.db.in | 6 +- .../system/dnssec/ns2/insecure.secure.example.db | 8 +- bin/tests/system/dnssec/ns3/secure.example.db.in | 12 +- bin/tests/system/dnssec/ns4/named4.conf | 83 + bin/tests/system/dnssec/tests.sh | 16 + bin/tests/system/ixfr/clean.sh | 3 +- bin/tests/system/ixfr/ns3/named.conf | 48 +- bin/tests/system/ixfr/setup.sh | 4 +- bin/tests/system/ixfr/tests.sh | 13 +- bin/tests/system/resolver/clean.sh | 2 +- bin/tests/system/resolver/ns7/named.conf | 45 - bin/tests/system/resolver/ns7/named1.conf | 52 + bin/tests/system/resolver/ns7/named2.conf | 46 + bin/tests/system/resolver/setup.sh | 3 +- bin/tests/system/resolver/tests.sh | 18 +- configure | 11 +- configure.in | 6 +- doc/arm/Bv9ARM.pdf | 2660 ++-- doc/arm/man.arpaname.html | 6 +- doc/arm/man.ddns-confgen.html | 8 +- doc/arm/man.genrandom.html | 8 +- doc/arm/man.isc-hmac-fixup.html | 8 +- doc/arm/man.named-checkconf.html | 22 +- doc/arm/man.named-checkzone.html | 10 +- doc/arm/man.named-journalprint.html | 6 +- doc/arm/man.named.html | 14 +- doc/arm/man.nsec3hash.html | 8 +- doc/arm/man.nsupdate.html | 12 +- doc/arm/man.rndc-confgen.html | 10 +- doc/arm/man.rndc.conf.html | 10 +- doc/arm/man.rndc.html | 12 +- lib/bind9/api | 2 +- lib/bind9/check.c | 34 +- lib/dns/acl.c | 6 +- lib/dns/adb.c | 6 +- lib/dns/api | 2 +- lib/dns/diff.c | 6 +- lib/dns/dispatch.c | 30 +- lib/dns/dns64.c | 16 +- lib/dns/dnssec.c | 14 +- lib/dns/gssapi_link.c | 4 +- lib/dns/hmac_link.c | 32 +- lib/dns/journal.c | 8 +- lib/dns/keydata.c | 6 +- lib/dns/masterdump.c | 10 +- lib/dns/message.c | 8 +- lib/dns/name.c | 38 +- lib/dns/nsec.c | 4 +- lib/dns/nsec3.c | 20 +- lib/dns/opensslecdsa_link.c | 6 +- lib/dns/opensslgost_link.c | 8 +- lib/dns/opensslrsa_link.c | 4 +- lib/dns/portlist.c | 14 +- lib/dns/rbt.c | 8 +- lib/dns/rbtdb.c | 29 +- lib/dns/rcode.c | 4 +- lib/dns/rdata.c | 16 +- lib/dns/rdata/ch_3/a_1.c | 6 +- lib/dns/rdata/generic/afsdb_18.c | 6 +- lib/dns/rdata/generic/eui48_108.c | 4 +- lib/dns/rdata/generic/eui64_109.c | 4 +- lib/dns/rdata/generic/ipseckey_45.c | 8 +- lib/dns/rdata/generic/l32_105.c | 4 +- lib/dns/rdata/generic/l64_106.c | 4 +- lib/dns/rdata/generic/nid_104.c | 4 +- lib/dns/rdata/generic/opt_41.c | 4 +- lib/dns/rdata/generic/rt_21.c | 6 +- lib/dns/rdata/generic/soa_6.c | 6 +- lib/dns/rdata/generic/spf_99.c | 4 +- lib/dns/rdata/generic/txt_16.c | 4 +- lib/dns/rdata/hs_4/a_1.c | 8 +- lib/dns/rdata/in_1/a6_38.c | 6 +- lib/dns/rdata/in_1/a_1.c | 8 +- lib/dns/rdata/in_1/aaaa_28.c | 10 +- lib/dns/rdata/in_1/apl_42.c | 6 +- lib/dns/rdata/in_1/wks_11.c | 6 +- lib/dns/rdataslab.c | 14 +- lib/dns/resolver.c | 26 +- lib/dns/rpz.c | 4 +- lib/dns/rrl.c | 10 +- lib/dns/spnego.c | 12 +- lib/dns/ssu.c | 4 +- lib/dns/tests/Makefile.in | 44 +- lib/dns/tests/db_test.c | 86 + lib/dns/time.c | 4 +- lib/dns/tkey.c | 12 +- lib/dns/tsig.c | 18 +- lib/dns/ttl.c | 4 +- lib/dns/zone.c | 8 +- lib/export/samples/nsprobe.c | 4 +- lib/export/samples/sample-request.c | 4 +- lib/export/samples/sample-update.c | 6 +- lib/export/samples/sample.c | 4 +- lib/irs/api | 2 +- lib/irs/getaddrinfo.c | 18 +- lib/irs/resconf.c | 12 +- lib/isc/api | 4 +- lib/isc/base32.c | 6 +- lib/isc/base64.c | 6 +- lib/isc/buffer.c | 6 +- lib/isc/hash.c | 8 +- lib/isc/heap.c | 6 +- lib/isc/hex.c | 6 +- lib/isc/hmacmd5.c | 4 +- lib/isc/hmacsha.c | 32 +- lib/isc/httpd.c | 122 +- lib/isc/include/isc/buffer.h | 6 +- lib/isc/include/isc/httpd.h | 24 +- lib/isc/include/isc/platform.h.in | 7 +- lib/isc/include/isc/radix.h | 6 +- lib/isc/include/isc/string.h | 9 +- lib/isc/include/isc/types.h | 4 +- lib/isc/inet_pton.c | 6 +- lib/isc/lex.c | 8 +- lib/isc/log.c | 4 +- lib/isc/md5.c | 12 +- lib/isc/mem.c | 10 +- lib/isc/netaddr.c | 8 +- lib/isc/radix.c | 6 +- lib/isc/sha1.c | 8 +- lib/isc/sha2.c | 40 +- lib/isc/sockaddr.c | 6 +- lib/isc/stats.c | 6 +- lib/isc/string.c | 58 +- lib/isc/tests/Makefile.in | 12 +- lib/isc/tests/hash_test.c | 14 +- lib/isc/tests/time_test.c | 51 + lib/isc/unix/file.c | 4 +- lib/isc/unix/ifiter_getifaddrs.c | 4 +- lib/isc/unix/ifiter_ioctl.c | 20 +- lib/isc/unix/ifiter_sysctl.c | 10 +- lib/isc/unix/include/isc/time.h | 12 +- lib/isc/unix/interfaceiter.c | 18 +- lib/isc/unix/socket.c | 26 +- lib/isc/unix/time.c | 46 +- lib/isc/win32/include/isc/platform.h.in | 8 +- lib/isc/win32/include/isc/time.h | 52 +- lib/isc/win32/interfaceiter.c | 18 +- lib/isc/win32/libisc.def.in | 4 + lib/isc/win32/socket.c | 23 +- lib/isc/win32/strptime.c | 392 + lib/isc/win32/time.c | 70 +- lib/isccc/api | 2 +- lib/isccc/include/isccc/util.h | 38 +- lib/isccc/sexpr.c | 6 +- lib/isccfg/api | 6 +- lib/isccfg/include/isccfg/cfg.h | 12 +- lib/isccfg/include/isccfg/grammar.h | 7 +- lib/isccfg/namedconf.c | 6 +- lib/isccfg/parser.c | 54 +- lib/isccfg/win32/libisccfg.def | 1 + lib/lwres/api | 2 +- lib/lwres/context.c | 14 +- lib/lwres/getaddrinfo.c | 18 +- lib/lwres/gethost.c | 4 +- lib/lwres/getipnode.c | 70 +- lib/lwres/getrrset.c | 10 +- lib/lwres/lwbuffer.c | 38 +- lib/lwres/lwconfig.c | 8 +- lib/lwres/lwinetpton.c | 6 +- lib/lwres/lwresutil.c | 46 +- srcid | 2 +- version | 2 +- win32utils/Configure | 8 +- win32utils/build.txt | 14 +- 208 files changed, 36153 insertions(+), 34572 deletions(-) delete mode 100644 bin/pkcs11/openssl-1.0.0k-patch create mode 100644 bin/pkcs11/openssl-1.0.0l-patch delete mode 100644 bin/pkcs11/openssl-1.0.1e-patch create mode 100644 bin/pkcs11/openssl-1.0.1f-patch create mode 100644 bin/tests/system/checkconf/warn-keydir.conf create mode 100644 bin/tests/system/dnssec/ns4/named4.conf delete mode 100644 bin/tests/system/resolver/ns7/named.conf create mode 100644 bin/tests/system/resolver/ns7/named1.conf create mode 100644 bin/tests/system/resolver/ns7/named2.conf create mode 100644 lib/dns/tests/db_test.c create mode 100644 lib/isc/tests/time_test.c create mode 100644 lib/isc/win32/strptime.c diff --git a/CHANGES b/CHANGES index 78e3ae60..fc36de2b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,46 @@ + --- 9.9.5rc1 released --- + +3701. [func] named-checkconf can now obscure shared secrets + when printing by specifying '-x'. [RT #34465] + +3699. [bug] Improvements to statistics channel XSL stylesheet: + the stylesheet can now be cached by the browser; + section headers are omitted from the stats display + when there is no data in those sections to be + displayed; counters are now right-justified for + easier readability. (Only available with + configure --enable-newstats.) [RT #35117] + +3698. [cleanup] Replaced all uses of memcpy() with memmove(). + [RT #35120] + +3697. [bug] Handle "." as a search list element when IDN support + is enabled. [RT #35133] + +3696. [bug] dig failed to handle AXFR style IXFR responses which + span multiple messages. [RT #35137] + +3695. [bug] Address a possible race in dispatch.c. [RT #35107] + +3694. [bug] Warn when a key-directory is configured for a zone, + but does not exist or is not a directory. [RT #35108] + +3693. [security] memcpy was incorrectly called with overlapping + ranges resulting in malformed names being generated + on some platforms. This could cause INSIST failures + when serving NSEC3 signed zones. [RT #35120] + +3692. [bug] Two calls to dns_db_getoriginnode were fatal if there + was no data at the node. [RT #35080] + +3690. [bug] Iterative responses could be missed when the source + port for an upstream query was the same as the + listener port (53). [RT #34925] + +3689. [bug] Fixed a bug causing an insecure delegation from one + static-stub zone to another to fail with a broken + trust chain. [RT #35081] + --- 9.9.5b1 released --- 3688. [bug] loadnode could return a freed node on out of memory. diff --git a/COPYRIGHT b/COPYRIGHT index 525c2228..e69ebd3c 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,4 +1,4 @@ -Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any diff --git a/Makefile.in b/Makefile.in index 5bde3dfd..2c5985f8 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -90,5 +90,8 @@ FAQ: FAQ.xml LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp mv $@.tmp $@ +unit:: + sh ${top_srcdir}/unit/unittest.sh + clean:: rm -f FAQ.tmp diff --git a/README b/README index 8b9b6675..e0e7b5f6 100644 --- a/README +++ b/README @@ -63,6 +63,10 @@ BIND 9.9.5 - When re-signing a zone, the new "dnssec-signzone -Q" option drops signatures from keys that are still published but are no longer active. + - "named-checkconf -px" will print the contents of configuration + files with the shared secrets obscured, making it easier to + share configuration (e.g. when submitting a bug report) + without revealing private information. BIND 9.9.4 diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index 67a8f4a3..909184ef 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -33,7 +33,7 @@ named\-checkconf \- named configuration file syntax checking tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR] +\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR] .SH "DESCRIPTION" .PP \fBnamed\-checkconf\fR @@ -84,6 +84,14 @@ Print out the and included files in canonical form if no errors were detected. .RE .PP +\-x +.RS 4 +When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks ('?'). This allows the contents of +\fInamed.conf\fR +and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data. This option cannot be used without +\fB\-p\fR. +.RE +.PP \-z .RS 4 Perform a test load of all master zones found in @@ -113,7 +121,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 6f52a662..fd3795a5 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -482,10 +482,11 @@ main(int argc, char **argv) { isc_entropy_t *ectx = NULL; isc_boolean_t load_zones = ISC_FALSE; isc_boolean_t print = ISC_FALSE; + unsigned int flags = 0; isc_commandline_errprint = ISC_FALSE; - while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) { + while ((c = isc_commandline_parse(argc, argv, "dhjt:pvxz")) != EOF) { switch (c) { case 'd': debug++; @@ -512,6 +513,10 @@ main(int argc, char **argv) { printf(VERSION "\n"); exit(0); + case 'x': + flags |= CFG_PRINTER_XKEY; + break; + case 'z': load_zones = ISC_TRUE; docheckmx = ISC_FALSE; @@ -534,6 +539,11 @@ main(int argc, char **argv) { } } + if (((flags & CFG_PRINTER_XKEY) != 0) && !print) { + fprintf(stderr, "%s: -x cannot be used without -p\n", program); + exit(1); + } + if (isc_commandline_index + 1 < argc) usage(); if (argv[isc_commandline_index] != NULL) @@ -574,7 +584,7 @@ main(int argc, char **argv) { } if (print && exit_status == 0) - cfg_print(config, output, NULL); + cfg_printx(config, flags, output, NULL); cfg_obj_destroy(parser, &config); cfg_parser_destroy(&parser); diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index 9535e284..485dc42a 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> - +