freebsd-nq/contrib
Doug Barton 2e5453748e Merge from vendor/bind9/dist as of the 9.4.2-P1 import, including
the patch from ISC for lib/bind9/check.c and deletion of unused
files in lib/bind.

This version will by default randomize the UDP query source port
(and sequence number of course) for every query.

In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] options.

The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.

Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.

This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.

All users of BIND are strongly encouraged to upgrade to the latest
version, and to utilize the source port randomization feature.

This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.kb.cert.org/vuls/id/800113
http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
2008-07-12 09:38:35 +00:00
..
amd Update for the 6.1.5 import. 2007-12-11 19:16:51 +00:00
bc s/predefine/predefined/ 2006-01-24 06:38:35 +00:00
bind9 Merge from vendor/bind9/dist as of the 9.4.2-P1 import, including 2008-07-12 09:38:35 +00:00
binutils Bring these back to HEAD. 2008-05-29 02:43:05 +00:00
bsnmp This commit was generated by cvs2svn to compensate for changes in r176892, 2008-03-07 09:33:29 +00:00
bzip2 Resolve conflicts. 2008-03-20 02:56:24 +00:00
com_err Merge from the vendor branch and resolve conflicts. 2008-05-08 11:01:46 +00:00
cpio Merge gnu cpio 2.6 -> 2.8 changes. Unfortunately, we have massive 2008-07-10 02:08:00 +00:00
csup Fix a compiler warning. 2007-11-18 00:25:18 +00:00
cvs Add $FreeBSD$ since we now have local changes. 2008-06-16 17:06:17 +00:00
diff This commit was generated by cvs2svn to compensate for changes in r171490, 2007-07-19 06:57:46 +00:00
expat Update the FREEBSD-upgrade for expat 2.0.1 2008-05-08 13:56:58 +00:00
file This commit was generated by cvs2svn to compensate for changes in r175898, 2008-02-02 18:26:53 +00:00
gcc White space fixes. 2008-06-28 15:28:17 +00:00
gcclibs GCC 4.2.1 release miscellaneous support libraries. 2007-08-14 02:52:47 +00:00
gdb This commit was generated by cvs2svn to compensate for changes in r173619, 2007-11-14 22:58:36 +00:00
gdtoa Bring in the vendor's fix for a bug in strtod() whereby 2008-06-21 19:27:54 +00:00
gnu-sort
gperf
groff MFV: recent mdoc(7) changes. 2007-10-04 04:38:23 +00:00
hostapd This commit was generated by cvs2svn to compensate for changes in r178363, 2008-04-20 21:39:06 +00:00
ipfilter Pullup IPFilter 4.1.28 from the vendor branch into HEAD. 2007-10-18 21:52:14 +00:00
less Resolve conflicts. 2007-11-26 08:58:07 +00:00
libbegemot Vendor patch that adds a microsecond timer function. 2006-12-08 14:45:15 +00:00
libf2c Gcc 3.4.6 F77 runtime support bits (as of 2006/08/25 #116475). 2006-08-26 21:30:30 +00:00
libobjc GCC 4.2.1 release Objective C runtime support code. 2007-08-14 02:51:20 +00:00
libpcap Revert back to including the whole net/bpf.h again. 2007-10-20 20:23:39 +00:00
libreadline Update after import 2007-11-07 04:44:11 +00:00
libstdc++ GCC 4.2.1 release C++ standard library and runtime support code. 2007-08-14 02:49:11 +00:00
lukemftp
lukemftpd Pull vendor file to HEAD. 2006-08-31 17:11:46 +00:00
ncurses - update maintainer's info per src/MAINTAINERS 2008-06-04 07:38:38 +00:00
netcat Document freebsd extensions to netcat a bit better: 2008-05-10 18:50:45 +00:00
ngatm This commit was generated by cvs2svn to compensate for changes in r156678, 2006-03-13 09:37:22 +00:00
ntp This commit was generated by cvs2svn to compensate for changes in r162735, 2006-09-28 16:02:34 +00:00
nvi - Sort the headers per style(9) 2007-06-06 11:14:30 +00:00
one-true-awk Document the bwk_20071023 import. 2007-10-25 12:38:34 +00:00
openbsm Regenerate config.h after import of OpenBSM 1.0. 2007-10-29 18:45:40 +00:00
openpam As per discussion, commit experimental metadata for my contrib packages. 2008-02-06 23:06:24 +00:00
opie Add missing code needed for the detection of IPSec packet replays. [1] 2006-03-22 16:00:42 +00:00
pam_modules/pam_passwdqc
pf Max's changes got left out of the MRT commit. 2008-05-09 23:53:01 +00:00
pnpinfo Sort sections. 2006-09-17 18:52:28 +00:00
sendmail Update for sendmail 8.14.2 2007-11-05 00:21:32 +00:00
smbfs Document default values for timeout and retry count. 2007-06-16 07:01:15 +00:00
tcp_wrappers
tcpdump unbreak printing 802.11 tx/rx rates 2008-02-25 01:28:14 +00:00
tcsh This commit was generated by cvs2svn to compensate for changes in r177128, 2008-03-12 23:01:33 +00:00
telnet Commit IPv6 support for FAST_IPSEC to the tree. 2007-07-01 12:08:08 +00:00
texinfo Add note concerning FreeBSD-SA-06:01.texindex. 2006-07-08 07:32:41 +00:00
top Removed the no-op -p; documented -P. 2008-06-21 15:48:16 +00:00
traceroute Add AS lookup functionality. On each hop we query a whois server to 2008-02-20 23:29:53 +00:00
wpa_supplicant fix botched merge of syslog support to the vendor branch; these files 2008-03-25 21:47:03 +00:00