Commit Graph

9821 Commits

Author SHA1 Message Date
Tinderbox User
65d4abb881 update copyright notice / whitespace 2017-04-23 23:47:17 +00:00
Mukund Sivaraman
9af94db1da Add missing types for non-threaded build
(cherry picked from commit b1568eeedc)
(cherry picked from commit 5fb7dd046e)
(cherry picked from commit cb0c1c0b04)
2017-04-22 20:03:40 +05:30
Evan Hunt
7f0127c111 [v9_9] openssl backward compatibility fix
4604.	[bug]		Don't use ERR_load_crypto_strings() when building
			with OpenSSL 1.1.0. [RT #45117]

(cherry picked from commit 4c31eda5e1)
2017-04-21 18:56:37 -07:00
Evan Hunt
0f9808291c [v9_9] fix portability issue
(cherry picked from commit 8ee6a6afd8)
2017-04-21 18:16:30 -07:00
Evan Hunt
9ad188ccaf [v9_9] give threads unique names to assist debugging
4602.	[func]		Threads are now set to human-readable
			names to assist debugging, when supported by
			the OS. [RT #43234]

(cherry picked from commit d26ae7fc08)
(cherry picked from commit 8b9c4592ed)
2017-04-21 14:00:54 -07:00
Mukund Sivaraman
4cf12b3916 Reject incorrect RSA key lengths during key generation and and sign/verify context creation (#45043)
(cherry picked from commit 239e9dc81c)
(cherry picked from commit 264e17e739)
(cherry picked from commit 2540059b7b)
2017-04-21 19:09:05 +05:30
Mukund Sivaraman
4973497287 Fix inconsistencies in inline signing time comparisons (#42112)
(cherry picked from commit 4176d278e2)
(cherry picked from commit eeb16584fb)
(cherry picked from commit fb5c4bc94c)
2017-04-21 16:49:03 +05:30
Mukund Sivaraman
3664176a73 Ignore SHA-1 DS digest type when SHA-384 DS digest type is present (#45017)
(cherry picked from commit 5d01eab088)
(cherry picked from commit 9540b42695)
(cherry picked from commit 4ab28446c1)
2017-04-21 16:24:23 +05:30
Evan Hunt
62fd7f8062 [v9_9] fix dispatch.c shutdown race
4952.	[bug]		A race condition on shutdown could trigger an
			assertion failure in dispatch.c. [RT #43822]

(cherry picked from commit 019132b70c)
2017-04-20 17:42:09 -07:00
Mark Andrews
3d61a6c12d 4587. [bug] named-checkzone failed to handle occulted data below
DNAMEs correctly. [RT #44877]

(cherry picked from commit 600b027731)
2017-04-20 13:30:57 +10:00
Mark Andrews
11a028ceb4 4585. [port] win32: Set CompileAS value. [RT #42474]
(cherry picked from commit 3742338a7b)
2017-04-20 13:01:35 +10:00
Tinderbox User
93830fbbf8 update copyright notice / whitespace 2017-04-17 23:47:45 +00:00
Evan Hunt
b70ae741bf [v9_9] fix out of tree build error
(cherry picked from commit 28cff4f924)
2017-04-17 14:32:13 -07:00
Tinderbox User
07967caf75 update copyright notice / whitespace 2017-03-24 23:47:23 +00:00
Mark Andrews
8c2d209f09 4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]

(cherry picked from commit 8e8dfc5941)
2017-03-25 02:08:26 +11:00
Mark Andrews
c43edd377b 4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]

(cherry picked from commit 638c7c635d)
2017-03-14 15:17:32 +11:00
Mark Andrews
b99d097cc4 Reimplement:
4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]

(cherry picked from commit f240f4a5de)
2017-03-01 12:07:56 +11:00
Evan Hunt
fcf1874867 [v9_9] remove unnecessary INSIST and prep 9.11.1rc2
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

(cherry picked from commit a1365a0042)
(cherry picked from commit 559cbe04e7)
2017-02-23 15:26:55 -08:00
Mark Andrews
039a1489c8 explicitly cast to (unsigned int) 2017-02-20 17:05:53 +11:00
Mark Andrews
31099ddd3c explictly cast to isc_stdtime_t
(cherry picked from commit 9998a15284)
2017-02-20 16:57:41 +11:00
Mark Andrews
14d680e3bc 9.9.10; copyrights 2017-02-16 12:41:30 +11:00
Mark Andrews
4ebbb52b1b record ranges; account for -P's 2017-02-16 12:10:14 +11:00
Evan Hunt
b4a0711e17 [v9_9] prep 9.9.10rc1 2017-02-04 22:36:23 -08:00
Tinderbox User
84150b929e update copyright notice / whitespace 2017-02-03 23:47:22 +00:00
Evan Hunt
1b3a9c2755 [v9_9] silence "unused value" warning
(cherry picked from commit f4d20b15a2)
2017-02-03 11:27:19 -08:00
Mark Andrews
182d657891 remove outdated cvs $Id strings 2017-02-03 18:44:36 +11:00
Mark Andrews
3cf44b82b4 4567. [port] Call getprotobyname and getservbyname prior to calling
chroot so that shared libraries get loaded. [RT #44537]

(cherry picked from commit c550e75ade)
2017-02-03 14:23:45 +11:00
Tinderbox User
2444ab6b88 update copyright notice / whitespace 2017-02-02 23:48:58 +00:00
Evan Hunt
3e43702524 [v9_9] Squashed commit of the following:
4561.	[port]		Silence a warning in strict C99 compilers. [RT #44414]

(cherry picked from commit 6cb5e36ca3)
2017-02-01 17:31:37 -08:00
Tinderbox User
485b9c96c2 update copyright notice / whitespace 2017-01-31 23:48:07 +00:00
Evan Hunt
ad1ebb5b28 [v9_9] address portability issues
(cherry picked from commit a2bd99a959)
2017-01-30 16:52:42 -08:00
Mark Andrews
8da7fa7b52 add a REQUIRE to catch the NULL pointer dereference that triggered CVE-2017-3135
(cherry picked from commit 1d8995d226)
2017-01-31 11:21:25 +11:00
Evan Hunt
a6bae6d52c [v9_9] change 4558 was incomplete
(cherry picked from commit cd668ea57f)
2017-01-30 14:11:30 -08:00
Tinderbox User
9e04eb78f1 update copyright notice / whitespace 2017-01-24 23:47:30 +00:00
Mark Andrews
b15e927949 4560. [bug] mdig: add -m option to enable memory debugging rather
than have in on all the time. [RT #44509]

4559.   [bug]           Openssl_link.c didn't compile if ISC_MEM_TRACKLINES
                        was turned off.  [RT #44509]

(cherry picked from commit 25da687db7)
(cherry picked from commit f7903e4bcc)
2017-01-24 17:50:24 +11:00
Mark Andrews
0ce2803ae7 4558. [bug] Synthesised CNAME before matching DNAME was still
being cached when it should have been.  [RT #44318]

(cherry picked from commit 9f4bf43b79)
2017-01-24 17:41:27 +11:00
Tinderbox User
38e1c56c6d update copyright notice / whitespace 2017-01-14 23:47:28 +00:00
Mark Andrews
830f1c2f03 4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
[RT #44336]

(cherry picked from commit 5dfa5221d5)
2017-01-14 13:14:41 +11:00
Tinderbox User
eed41a2afc update copyright notice / whitespace 2017-01-13 23:47:32 +00:00
Mark Andrews
f837844b4f make e's declaration unconditional. [RT #44324]
(cherry picked from commit b8eee0f48d)
2017-01-13 16:10:50 +11:00
Tinderbox User
0ed649b6e5 update copyright notice / whitespace 2017-01-12 23:48:25 +00:00
Mark Andrews
ab9537f521 4553. [bug] Named could deadlock there were multiple changes to
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]

(cherry picked from commit d2e1b47d4f)
2017-01-12 14:26:17 +11:00
Mark Andrews
ff963a5d93 4552. [bug] Named could trigger a assertion when sending notify
messages. [RT #44019]

(cherry picked from commit 7b9e28f1a5)
2017-01-12 14:14:05 +11:00
Tinderbox User
fd687693fd update copyright notice / whitespace 2017-01-11 23:47:22 +00:00
Evan Hunt
7d73d9aafb [v9_9] expand the flags field in dns_master_style
4550.	[cleanup]	Increased the number of available master file
			output style flags from 32 to 64. [RT #44043]
2017-01-11 12:05:54 -08:00
Mark Andrews
b5c3b88f39 remove dnssec-keymgr.html 2016-12-29 19:53:24 +11:00
Mark Andrews
0faee78f98 9.9.10b1 2016-12-29 13:36:32 +11:00
Evan Hunt
3204e83716 [v9_9] silence warning
(cherry picked from commit b3aebb5890)
2016-12-28 17:54:52 -08:00
Mark Andrews
a14b7f0187 4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]

(cherry picked from commit 6adf421e7e)
2016-12-29 11:53:58 +11:00
Mark Andrews
d372472f60 4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]

(cherry picked from commit 2c1c4b99a1)
2016-12-29 11:35:54 +11:00