This commit was generated by cvs2svn to compensate for changes in r109983,

which included commits to RCS files with non-trunk default branches.
2003-01-28 13:09:17 +00:00 · 2003-01-28 13:09:17 +00:00 · 68ec16bb1e
commit 68ec16bb1e
parent 62d1a66f75 7f1ab065eb
15 changed files with 38 additions and 24 deletions
--- a/contrib/bind/CHANGES
+++ b/contrib/bind/CHANGES
@ -1,14 +1,14 @@
+	--- 8.3.4-REL released --- (Thu Nov 14 05:45:26 PST 2002)
+
 1469.	[bug]		buffer length calculation for PX was wrong.

 1468.	[bug]		ns_name_ntol() could overwite a zero length buffer.

-1467.	[bug]		off by one bug in ns_makecannon().
-
 1466.	[bug]		large ENDS UDP buffer size could trigger a assertion.

 1465.	[bug]		possible NULL pointer dereference in db_sec.c

-1464.	[bug]      	the buffer used to construct the -ve record was not
+1464.	[bug]		the buffer used to construct the -ve record was not
 			big enough for all possible SOA records.  use pointer
 			arithmetic to calculate the remaining size in this
 			buffer.
--- a/contrib/bind/README
+++ b/contrib/bind/README
@ -10,6 +10,9 @@ artifacts including BIND, INN, and DHCP.
 Note that BIND 8 is in "end-of-life", having been replaced by BIND 9.  See
 http://www.isc.org/ for more details.

+BIND 8.3.4 Highlights
+	Security Fix DoS and buffer overrun.
+
 BIND 8.3.3 Highlights
 	Security Fix libbind. All applications linked against libbind
 	need to relinked.
--- a/contrib/bind/Version
+++ b/contrib/bind/Version
@ -1 +1 @@
-8.3.3-REL
+8.3.4-REL
--- a/contrib/bind/bin/named/db_defs.h
+++ b/contrib/bind/bin/named/db_defs.h
@ -1,6 +1,6 @@
 /*
 *	from db.h	4.16 (Berkeley) 6/1/90
- *	$Id: db_defs.h,v 8.47 2002/05/18 01:02:53 marka Exp $
+ *	$Id: db_defs.h,v 8.47.4.1 2002/11/14 13:22:24 marka Exp $
 */

 /*
--- a/contrib/bind/bin/named/db_sec.c
+++ b/contrib/bind/bin/named/db_sec.c
@ -1,6 +1,6 @@

 #if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "$Id: db_sec.c,v 8.35 2001/06/18 14:42:57 marka Exp $";
+static const char rcsid[] = "$Id: db_sec.c,v 8.35.4.2 2002/11/14 13:24:44 marka Exp $";
 #endif /* not lint */

 /*
--- a/contrib/bind/bin/named/ns_defs.h
+++ b/contrib/bind/bin/named/ns_defs.h
@ -1,6 +1,6 @@
 /*
 *	from ns.h	4.33 (Berkeley) 8/23/90
- *	$Id: ns_defs.h,v 8.121 2002/06/26 03:27:19 marka Exp $
+ *	$Id: ns_defs.h,v 8.121.2.1 2002/11/14 13:28:12 marka Exp $
 */

 /*
--- a/contrib/bind/bin/named/ns_ncache.c
+++ b/contrib/bind/bin/named/ns_ncache.c
@ -1,5 +1,5 @@
 #if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "$Id: ns_ncache.c,v 8.29 2001/06/18 14:43:16 marka Exp $";
+static const char rcsid[] = "$Id: ns_ncache.c,v 8.29.4.1 2002/11/14 13:41:31 marka Exp $";
 #endif /* not lint */

 /*
--- a/contrib/bind/bin/named/ns_req.c
+++ b/contrib/bind/bin/named/ns_req.c
@ -1,6 +1,6 @@
 #if !defined(lint) && !defined(SABER)
 static const char sccsid[] = "@(#)ns_req.c	4.47 (Berkeley) 7/1/91";
-static const char rcsid[] = "$Id: ns_req.c,v 8.169 2002/05/12 23:41:52 marka Exp $";
+static const char rcsid[] = "$Id: ns_req.c,v 8.169.2.1 2002/11/14 13:02:48 marka Exp $";
 #endif /* not lint */

 /*
--- a/contrib/bind/bin/named/ns_resp.c
+++ b/contrib/bind/bin/named/ns_resp.c
@ -1,6 +1,6 @@
 #if !defined(lint) && !defined(SABER)
 static const char sccsid[] = "@(#)ns_resp.c	4.65 (Berkeley) 3/3/91";
-static const char rcsid[] = "$Id: ns_resp.c,v 8.178 2002/06/27 03:09:19 marka Exp $";
+static const char rcsid[] = "$Id: ns_resp.c,v 8.178.2.2 2002/11/14 13:39:13 marka Exp $";
 #endif /* not lint */

 /*
--- a/contrib/bind/doc/html/logging.html
+++ b/contrib/bind/doc/html/logging.html
@ -289,6 +289,10 @@ is used: <CODE>category panic { default_syslog; default_stderr; };</CODE>
 <DD>
 Dynamic updates.

+<DT><CODE>update-security</CODE>
+<DD>
+Denied dynamic updates due to access controls.
+
 <DT><CODE>ncache</CODE>
 <DD>
 Negative caching.
@ -363,7 +367,7 @@ Messages arising from response checking, such as

 <HR>
 <ADDRESS>
-Last Updated: $Id: logging.html,v 1.13 2002/04/02 00:57:48 marka Exp $
+Last Updated: $Id: logging.html,v 1.14 2002/07/19 22:44:05 marka Exp $
 </ADDRESS>
 </BODY>
 </HTML>
--- a/contrib/bind/doc/html/options.html
+++ b/contrib/bind/doc/html/options.html
@ -159,9 +159,9 @@ specified, the default is "named.stats".
 <DD>
 If <CODE>yes</CODE>, the <CODE>AA</CODE> bit is always set on
 NXDOMAIN responses, even if the server is not actually authoritative.
-The default is <CODE>yes</CODE>.  Do not turn off
-<CODE>auth-nxdomain</CODE> unless you are sure you know what you are
-doing, as some older software won't like it.
+The default is <CODE>no</CODE>.  Turning <CODE>auth-nxdomain</CODE> will
+allow older clients that require <CODE>AA</CODE> to be set to accept
+NXDOMAIN responses to work.

 <DT><CODE>deallocate-on-exit</CODE>
 <DD>
@ -847,7 +847,7 @@ request for the root servers to be accepted.  Default 2.

 <HR>
 <ADDRESS>
-Last Updated: $Id: options.html,v 1.48 2002/04/25 05:27:00 marka Exp $
+Last Updated: $Id: options.html,v 1.49 2002/09/09 00:19:17 marka Exp $
 </ADDRESS>
 </BODY>
 </HTML>
--- a/contrib/bind/doc/man/named.conf.5
+++ b/contrib/bind/doc/man/named.conf.5
@ -665,6 +665,8 @@ is used:
 .Dl category panic { default_syslog; default_stderr; };
 .It Ic update
 Dynamic updates.
+.It Ic update-security
+Denied dynamic updates due to access controls.
 .It Ic ncache
 Negative caching.
 .It Ic xfer-in
@ -858,11 +860,14 @@ bit is always set on
 .Dv NXDOMAIN
 responses, even if the server is not actually authoritative.
 The default is
-.Li yes .
-Do not turn off
-.Ic auth-nxdomain
-unless you are sure you know what you are
-doing, as some older software won't like it.
+.Li no .
+Turning 
+.Lc auth-nxdomain
+will allow older clients that require
+.Li AA
+to be set to accept
+.Dv NXDOMAIN
+responses to work.
 .It Ic deallocate-on-exit
 If
 .Li yes ,
--- a/contrib/bind/doc/man/resolver.3
+++ b/contrib/bind/doc/man/resolver.3
@ -16,7 +16,7 @@
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
 .\"	@(#)resolver.3	6.5 (Berkeley) 6/23/90
-.\"	$Id: resolver.3,v 8.16 2001/12/28 04:24:20 marka Exp $
+.\"	$Id: resolver.3,v 8.17 2002/08/07 03:47:33 marka Exp $
 .\"
 .Dd July 4, 2000
 .Dt RESOLVER @LIB_NETWORK_EXT_U@ 
@ -552,6 +552,8 @@ to a full domain name.
 The compressed name is contained in a query or reply message;
 .Fa msg
 is a pointer to the beginning of the message.
+.Fa eomorig
+is a pointer to the first location after the message.
 The uncompressed name is placed in the buffer indicated by
 .Fa exp_dn
 which is of size
--- a/contrib/bind/lib/nameser/ns_name.c
+++ b/contrib/bind/lib/nameser/ns_name.c
@ -16,7 +16,7 @@
 */

 #ifndef lint
-static const char rcsid[] = "$Id: ns_name.c,v 8.18 2002/05/24 05:10:40 marka Exp $";
+static const char rcsid[] = "$Id: ns_name.c,v 8.18.4.1 2002/11/14 13:32:08 marka Exp $";
 #endif

 #include "port_before.h"
--- a/contrib/bind/lib/nameser/ns_samedomain.c
+++ b/contrib/bind/lib/nameser/ns_samedomain.c
@ -16,7 +16,7 @@
 */

 #ifndef lint
-static const char rcsid[] = "$Id: ns_samedomain.c,v 8.9 1999/10/15 21:06:51 vixie Exp $";
+static const char rcsid[] = "$Id: ns_samedomain.c,v 8.9.6.2 2002/11/14 22:36:46 marka Exp $";
 #endif

 #include "port_before.h"
@ -166,7 +166,7 @@ int
 ns_makecanon(const char *src, char *dst, size_t dstsize) {
 	size_t n = strlen(src);

-	if (n + sizeof "." + 1 > dstsize) {
+	if (n + sizeof "." > dstsize) {
 		errno = EMSGSIZE;
 		return (-1);
 	}