Commit Graph

54 Commits

Author SHA1 Message Date
dougb
78d3ed4dab Vendor import of BIND 9.6.2 2010-03-02 19:49:55 +00:00
dougb
1f85128730 Vendor import of BIND 9.6.1-P3 2010-01-25 04:22:19 +00:00
dougb
146495b70a Update these files to match current reality.
BIND 9.6 has diverged sufficiently from 9.4 to warrant slightly different
procedures, so stop pretending that they are interchangable.
2009-12-11 04:14:44 +00:00
dougb
2478455da9 Vendor import of BIND 9.6.1-P2 2009-11-30 02:59:30 +00:00
dougb
323dcbcd1b Vendor import of BIND 9.6.1-P1 2009-07-28 22:58:40 +00:00
dougb
1344cd470f Vendor import of BIND 9.6.1 2009-06-25 18:50:46 +00:00
dougb
8f86a2e390 Update note about IDN and XML support, and combine it with the
note about IPv6 support

Fix alphebetization of the new dnssec-keyfromlabel directory
2009-06-01 22:05:08 +00:00
dougb
aab4e82874 Add a comment about the new dist-9.4 directory and using it for 7-stable 2009-06-01 20:14:05 +00:00
dougb
5b9b443542 Update relative to the BIND 9.6.1rc1 import 2009-05-31 05:20:54 +00:00
dougb
ce53222946 The isc-config.sh file is actually used in the configure stage
described in FreeBSD-Upgrade.
2009-05-31 01:27:27 +00:00
dougb
41dfacc75a Vendor import of BIND 9.6.1rc1 2009-05-31 01:26:43 +00:00
dougb
fd553238c9 Vendor import of BIND 9.6.1rc1 2009-05-31 00:11:36 +00:00
dougb
d342cb576b Update relative to the BIND 9.6.1rc1 import 2009-05-31 00:03:41 +00:00
dougb
ad09d367a4 In preparation for the BIND 9.6.1rc1 import, remove this file.
We don't use it.
2009-05-30 23:51:02 +00:00
dougb
be58c3cbc7 In preparation for the BIND 9.6.1rc1 import, remove this directory.
The libbind library is no longer distributed as part of the main
BIND package, and we never built it in any case.
2009-05-30 23:50:12 +00:00
dougb
bd548c6714 In preparation for the BIND 9.6.1rc1 import, remove these two directories.
We do not install these files so there is little use to keeping them in
the tree, and the drafts directory in particular is the source of a lot
of churn for each new version.
2009-05-30 23:48:09 +00:00
dougb
07c13c27e3 Vendor import of BIND 9.4.3-P2 2009-03-21 21:37:05 +00:00
dougb
ec2fb76ed9 Vendor import of BIND 9.4.3-P1 2009-01-09 09:04:10 +00:00
dougb
fa25a858e2 The lib/bind directory has its own configure script. Update accordingly. 2008-12-23 19:19:45 +00:00
dougb
77bde798e1 Vendor import of BIND 9.4.3 2008-12-23 19:18:41 +00:00
dougb
6c8226d7d6 Vendor import of BIND 9.4.3 2008-12-23 18:35:21 +00:00
dougb
e2c9b86ef6 Minor tweak to reflect my actual process. 2008-12-23 18:31:38 +00:00
dougb
7f88623c45 This directory was added to src/contrib/bind9 prior to the svn move so
that BIND 9.4.1 could compile and run on the ARM platform, but is not
part of the vendor source.  It will remain in src/contrib/bind9 since
it is a local modification.
2008-12-23 18:30:32 +00:00
dougb
2ed0ad54b7 Note that the dist directory for RELENG_6 is dist-9.3
Move all references to committing things to the last section
(after testing)
2008-09-01 21:46:14 +00:00
dougb
6391cf1904 Vendor import of BIND 9.4.2-P2 2008-09-01 20:53:25 +00:00
dougb
a4287a7203 Update this file to reflect how things are done in subversion-land
Reviewed by:	peter
2008-07-12 08:52:11 +00:00
dougb
6de19f1719 The vendor area is the proper home for these files now. 2008-07-12 08:46:21 +00:00
dougb
32fd6457bc These files are unused, and due to a more thorough FREEBSD-Xlist
are no longer updated.
2008-07-12 07:32:48 +00:00
dougb
5d352cdcfa Add a patch from ISC to fix named-checkconf. The error condition was not
being properly tested for, so it would not report the error in some cases.

This fix (or similar) will be in version 9.4.3.
2008-07-12 06:55:03 +00:00
dougb
04de7fe966 Vendor import of BIND 9.4.2-P1 2008-07-12 06:31:08 +00:00
peter
ba8f85b49c Flatten bind9 vendor work area 2008-07-12 05:00:28 +00:00
dougb
0f328cea25 Update this file so that BIND on ARM can actually work. I quote:
The problem was, isc_atomic_cmpxchg() is almost like our
	atomic_cmpset_32(), except it expects the old value to be
	returned, whereas our atomic_cmpset_32 returns 1 on success,
	or 0 on failure. So I re-implemented something suitable.

Submitted by:	cognet
Reviewed by:	bsdimp
2007-12-03 08:26:34 +00:00
dougb
a826585f40 These files are not part of the distribution.
Brought to you by:	PEBCAK
2007-12-02 19:21:31 +00:00
dougb
848cf5c2a5 This file is no longer in BIND 9.4.2 2007-12-02 19:17:26 +00:00
dougb
a71024a14b Vendor import of BIND 9.4.2 2007-12-02 19:10:41 +00:00
dougb
e9f5980a15 Vendor import of 9.4.1-P1, which has fixes for the following:
1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.

All users are encouraged to upgrade.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

Approved by:	re (kensmith, implicit)
2007-07-25 08:12:36 +00:00
dougb
7fe38836a1 Add a custom atomic.h file which implements the C versions of the
code we already have assembly versions of.

Written by:	imp
2007-06-05 22:15:38 +00:00
dougb
0758208e67 Remove from the vendor branch files that are no longer
present in BIND 9.4.1.
2007-06-02 23:29:48 +00:00
dougb
6df9693fc1 Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
dougb
fb8cb3b3a3 Vendor import of BIND 9.3.4 2007-01-29 18:31:57 +00:00
dougb
b63477174b Remove from the vendor branch files that are no longer in the
9.3.3 sources.
2006-12-10 07:12:50 +00:00
dougb
f5d31f05bd Vendor import of BIND 9.3.3 2006-12-10 07:09:56 +00:00
dougb
4a3a088a0b Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):

Description:
        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
        CAN-2006-4339.
2006-11-04 07:53:25 +00:00
dougb
f79340e225 Vendor import of BIND 9.3.2-P1, which addresses the following security
vulnerabilities:

http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066.  [security]      Handle SIG queries gracefully. [RT #16300]

http://www.kb.cert.org/vuls/id/697164
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
2006-09-06 21:27:11 +00:00
dougb
84bc3de5bb Remove files from the vendor branch that are no longer present
in BIND 9.3.2 that were mistakenly removed from HEAD.
2006-01-14 02:11:56 +00:00
dougb
cfe23adacb After some discussion with the folks at ISC, it turns out that the _ai_pad
part of the structure was a hack to maintain binary compatibility with
Sun binaries, and my understanding is that it's not needed generally
on sparc systems running other operating systems. Therefore, hide this
code behind the same set of tests as in lib/bind/include/netdb.h.

This file is being imported on the vendor branch because a similar change
(or change with similar effect) will be in the next version of BIND 9.

This change will not affect other platforms in any way.
2006-01-04 19:18:43 +00:00
dougb
13e6e55147 Vendor import of BIND 9.3.2 2005-12-29 04:22:58 +00:00
dougb
9123af99f7 Update the vendor branch with a patch to this file that was
researched by glebius, and incorporated by ISC into the next
version of BIND. Unfortunately, it looks like their release
will come after the release of FreeBSD 6, so we will bring
this in now.

The patch addresses a problem with high-load resolvers which
hit memory barriers. Without this patch, running the resolving
name server out of memory would lead to "unpredictable results."

Of course, the canonical answer to this problem is to put more
memory into the system, however that is not always possible, and
the code should be able to handle this situation gracefully in
any case.
2005-08-18 18:39:31 +00:00
dougb
12fce141a0 Remove files from the vendor branch that were [re]moved in 9.3.1 2005-03-17 08:10:34 +00:00
dougb
6c00746d36 Vendor import of BIND 9.3.1 2005-03-17 08:04:02 +00:00