Commit Graph

4414 Commits

Author SHA1 Message Date
Doug Barton
2e5453748e Merge from vendor/bind9/dist as of the 9.4.2-P1 import, including
the patch from ISC for lib/bind9/check.c and deletion of unused
files in lib/bind.

This version will by default randomize the UDP query source port
(and sequence number of course) for every query.

In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] options.

The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.

Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.

This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.

All users of BIND are strongly encouraged to upgrade to the latest
version, and to utilize the source port randomization feature.

This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.kb.cert.org/vuls/id/800113
http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
2008-07-12 09:38:35 +00:00
Doug Barton
632c4e7871 The vendor area is the proper home for these files now. 2008-07-12 08:46:21 +00:00
Peter Wemm
a988131922 Flatten bind9 vendor work area 2008-07-12 05:00:28 +00:00
Peter Wemm
c6acfe86c7 Merge gnu cpio 2.6 -> 2.8 changes. Unfortunately, we have massive
conflicts due to radically different approaches to security and bug fixes.
In some cases I re-started from the vendor version and reimplemented our
patches.  Fortunately, this is not enabled by default in -current.
2008-07-10 02:08:00 +00:00
Peter Wemm
bb7e869618 Flatten cvs2svn generated import tree. 2008-07-09 23:21:55 +00:00
Peter Wemm
6e62580c07 cvs2svn managed to overlay two different path trees. fix. 2008-07-09 23:07:03 +00:00
David E. O'Brien
b370e2cfea White space fixes. 2008-06-28 15:28:17 +00:00
David E. O'Brien
c4a2958381 Reduce diff to vendor. 2008-06-28 15:17:02 +00:00
David Schultz
c713eaa603 Bring in the vendor's fix for a bug in strtod() whereby
strtod("0xyz", &endp) resulted in endp pointing to "0xyz"
instead of "xyz".

Reported by:	Tony Finch <dot@dotat.at>
MFC after:	1 week
2008-06-21 19:27:54 +00:00
Ruslan Ermilov
cd83aa9707 Removed the no-op -p; documented -P.
MFC after:	3 days
2008-06-21 15:48:16 +00:00
David E. O'Brien
a1dba0f9f4 Add $FreeBSD$ since we now have local changes. 2008-06-16 17:06:17 +00:00
David E. O'Brien
248041d262 Optimize the CVS bug #17168 fix by relaxing the conditions for update
with respect to sticky options.  (r179561 was WRT sticky and branch tags)

Consulted with: Mark Baushke <mdb@gnu.org>
2008-06-06 16:16:44 +00:00
David E. O'Brien
b1ca926d0f Optimize the CVS bug #17168 fix by relaxing the conditions for update. 2008-06-05 15:09:53 +00:00
Rong-En Fan
68fa82ebe1 - update maintainer's info per src/MAINTAINERS 2008-06-04 07:38:38 +00:00
Doug Barton
5de57ff6ba Add proper mime-types for files that they are relevant for.
This is useful for things like *.pdf files that svn needs
to know about, and will probably be useful down the road
for other things.
2008-06-02 20:37:11 +00:00
David E. O'Brien
bd7d47734a Bring these back to HEAD.
(I thought ncvs@ had rm'ed these MIPS files a long time ago... SVN had
better work out - else 7 more files off the vendor branch.)
2008-05-29 02:43:05 +00:00
David E. O'Brien
de582f44b4 This commit was generated by cvs2svn to compensate for changes in r179404,
which included commits to RCS files with non-trunk default branches.
2008-05-29 02:29:59 +00:00
David E. O'Brien
b7e4108c6b Import of Binutils from the FSF 2.15 branch (just post-.0 release).
These bits are taken from the FSF anoncvs repo on 23-May-2004 04:41:00 UTC.
2008-05-29 02:29:59 +00:00
Antoine Brodin
b6642dadae Document freebsd extensions to netcat a bit better:
- sort the options
- document -o and -O everywhere

Reviewed by:	delphij
Approved by:	rwatson (mentor)
2008-05-10 18:50:45 +00:00
Julian Elischer
30ab20975f Max's changes got left out of the MRT commit. 2008-05-09 23:53:01 +00:00
Rong-En Fan
6f67bb1485 - Update for 5.6-20080503 2008-05-09 02:30:24 +00:00
Rong-En Fan
b285ba3630 This commit was generated by cvs2svn to compensate for changes in r178866,
which included commits to RCS files with non-trunk default branches.
2008-05-09 02:28:12 +00:00
Rong-En Fan
aa59d4d4c5 Import ncurses 5.6-20080503 snapshot onto the vender branch 2008-05-09 02:28:12 +00:00
Coleman Kane
b53e922121 Update the FREEBSD-upgrade for expat 2.0.1
Approved by:	sam, phk
2008-05-08 13:56:58 +00:00
Coleman Kane
4d360d633e This commit was generated by cvs2svn to compensate for changes in r178848,
which included commits to RCS files with non-trunk default branches.
2008-05-08 13:51:16 +00:00
Coleman Kane
220ed979de Virgin import (trimmed) of eXpat v2.0.1. Discussed and tested with
sam and phk who are the two consumers of this library. If there is
any other fallout, email me and I will take care of it.

Approved by: sam, phk
2008-05-08 13:51:16 +00:00
Doug Rabson
5768032947 Merge from the vendor branch and resolve conflicts. 2008-05-08 11:01:46 +00:00
Doug Rabson
5f06c5bb28 This commit was generated by cvs2svn to compensate for changes in r178843,
which included commits to RCS files with non-trunk default branches.
2008-05-08 10:58:50 +00:00
Doug Rabson
fcd2e55858 Import com_err from heimdal-1.1 2008-05-08 10:58:50 +00:00
David E. O'Brien
f380a8f773 List of files that are off the vendor branch, but we use the stock vendor
files.
2008-04-24 18:23:13 +00:00
David E. O'Brien
87c92cf118 Remove FreeBSD ID's so these are exact copies of the vendor sources. 2008-04-24 18:18:53 +00:00
Marius Strobl
ae8e775b82 This commit was generated by cvs2svn to compensate for changes in r178388,
which included commits to RCS files with non-trunk default branches.
2008-04-21 20:40:42 +00:00
Marius Strobl
7125e147b2 * gthr-posix.h (__gthread_active_p): Use the Solaris implementation
for FreeBSD as well.

This is the fix for __gthread_active_p() returning false positives
which was committed as rev. 1.1.1.8.2.1 to RELENG_7 but now looped
back to the vendor branch via the GCC repository and relicensed to
be GPLv2 by me.
Thanks go to gerald@ for getting the fix approved upstream and for
committing to the GCC repository.

PR:		119289
Approved by:	core
2008-04-21 20:40:42 +00:00
Xin LI
c784a71d0b Update instructions to match recent practices 2008-04-21 18:37:08 +00:00
Xin LI
0c2d6f72b7 Add vendor metadata 2008-04-21 18:36:52 +00:00
Xin LI
2308b50e15 Resolve conflicts. 2008-04-21 18:31:50 +00:00
Xin LI
0b96cd80df This commit was generated by cvs2svn to compensate for changes in r178382,
which included commits to RCS files with non-trunk default branches.
2008-04-21 18:30:26 +00:00
Xin LI
c7c53f7a03 Import netcat as of today's OPENBSD_4_3 snapshot. 2008-04-21 18:30:26 +00:00
Sam Leffler
562cc1a640 This commit was generated by cvs2svn to compensate for changes in r178363,
which included commits to RCS files with non-trunk default branches.
2008-04-20 21:39:06 +00:00
Ruslan Ermilov
d3bf3b9a7a system_info.cpustates isn't sparse, so a bitmask of available CPU states
is redundant (I think it's a leftover from an older implementation).
2008-04-11 11:39:26 +00:00
Bruce M Simpson
bc38f653f1 Add an -O option to disable TCP options, for protocol testing purposes.
Do this for active and passive (-l switch) TCP sessions.

MFC after:	1 week
2008-04-01 13:54:24 +00:00
Max Laier
4239d24b98 Make ALTQ cope with disappearing interfaces (particularly common with mpd
and netgraph in gernal).  This also allows to add queues for an interface
that is not yet existing (you have to provide the bandwidth for the
interface, however).

PR:		kern/106400, kern/117827
MFC after:	2 weeks
2008-03-29 00:24:36 +00:00
John Birrell
8f0cc58815 Remove files that have been repo copied to their new location
in cddl-specific parts of the source tree.
2008-03-28 00:08:47 +00:00
Sam Leffler
2e76e92b45 fix botched merge of syslog support to the vendor branch; these files
were off the branch so we need to pull the changes back up
2008-03-25 21:47:03 +00:00
Sam Leffler
ed2e126666 This commit was generated by cvs2svn to compensate for changes in r177580,
which included commits to RCS files with non-trunk default branches.
2008-03-24 21:20:35 +00:00
Sam Leffler
bdc431a06b add support for driver-based RADIUS ACL's (committed on vendor branch as it's
been sent upstream)

Submitted by:	Chris Zimmermann
2008-03-24 21:20:35 +00:00
Sam Leffler
9170422006 resolve merge conflicts
MFC after:	3 weeks
2008-03-24 21:08:25 +00:00
Sam Leffler
6ff97d4b9c Import of hostapd 0.5.10 2008-03-24 21:06:16 +00:00
Sam Leffler
1fa9817d63 This commit was generated by cvs2svn to compensate for changes in r177576,
which included commits to RCS files with non-trunk default branches.
2008-03-24 21:06:16 +00:00
Sam Leffler
dc0d8c3f05 This commit was generated by cvs2svn to compensate for changes in r177572,
which included commits to RCS files with non-trunk default branches.
2008-03-24 20:13:41 +00:00