2442. [bug] A lock could be destroyed twice. [RT# 18626]

2436.   [security]      win32: UDP client handler can be shutdown.  [RT #18576]

CHANGES

@@ -1,6 +1,34 @@
+	--- 9.5.0-P2-W2 released ---
+
+2442.	[bug]		A lock could be destroyed twice. [RT# 18626]
+
+2436.	[security]	win32: UDP client handler can be shutdown. [RT #18576]
+
+	--- 9.5.0-P2-W1 released ---
+
+2435.	[bug]		Fixed an ACL memory leak affecting win32.
+
+2434.	[bug]		Fixed a minor error-reporting bug in
+			lib/isc/win32/socket.c.
+
+2432.	[bug]		More Windows socket handling improvements.  Stop
+			using I/O events and use IO Completion Ports
+			throughout.  Rewrite the receive path logic to make
+			it easier to support multiple simultaneous
+			requestrs in the future.  Add stricter consistency
+			checking as a compile-time option (define
+			ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
+
+2420.	[bug]		Windows socket handling cleanup.  Let the io
+			completion event send out cancelled read/write
+			done events, which keeps us from writing to memeory
+			we no longer have ownership of.  Add debugging
+			socket_log() function.  Rework TCP socket handling
+			to not leak sockets.
+
 	--- 9.5.0-P2 released ---
 
-2406.   [bug]           Some operating systems have FD_SETSIZE set to a
+2406.	[bug]		Some operating systems have FD_SETSIZE set to a
 			low value by default, which can cause resource
 			exhaustion when many simultaneous connections are
 			open.  Linux in particular makes it difficult to
@@ -10,7 +38,7 @@
 			(This should not be necessary in most cases, and
 			never for an authoritative-only server.) [RT #18328]
 
-2405.   [cleanup]       The default value for dnssec-validation was changed to
+2405.	[cleanup]	The default value for dnssec-validation was changed to
 			"yes" in 9.5.0-P1 and all subsequent releases; this
 			was inadvertently omitted from CHANGES at the time.
 
@@ -26,7 +54,7 @@
 2399.	[bug]		Abort timeout queries to reduce the number of open
 			UDP sockets. [RT #18367]
 
-2398.	[bug]           Improve file descriptor management.  New,
+2398.	[bug]		Improve file descriptor management.  New,
 			temporary, named.conf option reserved-sockets,
 			default 512. [RT #18344]
 
@@ -42,7 +70,7 @@
 			open files to 'unlimited' as described in the
 			documentation. [RT #18331]
 
-2393.   [bug]           nested acls containing keys could trigger an
+2393.	[bug]		nested acls containing keys could trigger an
 			assertion in acl.c. [RT #18166]
 
 2392.	[bug]		remove 'grep -q' from acl test script, some platforms
@@ -53,32 +81,32 @@
 
 	--- 9.5.0-P1 released ---
 
-2375.   [security]      Fully randomize UDP query ports to improve
+2375.	[security]	Fully randomize UDP query ports to improve
 			forgery resilience. [RT #17949]
 
 	--- 9.5.0 released ---
 
-2374.   [bug]           "blackhole" ACLs could cause named to segfault due
+2374.	[bug]		"blackhole" ACLs could cause named to segfault due
 			to some uninitialized memory. [RT #18095]
 
-2372.   [bug]           fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
+2372.	[bug]		fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
 
-2371.   [doc]           add +nsid option to dig man page. [RT #18039]
+2371.	[doc]		add +nsid option to dig man page. [RT #18039]
 
-2370.   [bug]           "rndc freeze" could trigger an assertion in named
+2370.	[bug]		"rndc freeze" could trigger an assertion in named
 			when called on a nonexistent zone. [RT #18050]
 
 	--- 9.5.0rc1 released ---
 
-2368.   [port]          Linux: use libcap for capability management if
+2368.	[port]		Linux: use libcap for capability management if
 			possible. [RT# 18026]
 
-2367.   [bug]           Improve counting of dns_resstatscounter_retry
+2367.	[bug]		Improve counting of dns_resstatscounter_retry
 			[RT #18030]
 
 2366.	[bug]		Adb shutdown race. [RT #18021]
 
-2365.   [bug]           Fix a bug that caused dns_acl_isany() to return
+2365.	[bug]		Fix a bug that caused dns_acl_isany() to return
 			spurious results. [RT #18000]
 
 2364.	[bug]		named could trigger a assertion when serving a
@@ -87,7 +115,7 @@
 2363.	[port]		sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
 			[RT #17513]
 
-2362.   [cleanup]       Make "rrset-order fixed" a compile-time option.
+2362.	[cleanup]	Make "rrset-order fixed" a compile-time option.
 			settable by "./configure --enable-fixed-rrset".
 			Disabled by default. [RT #17977]
 
@@ -213,7 +241,7 @@
 2316.	[port]		Missing #include <isc/print.h> in lib/dns/gssapictx.c.
 			[RT #17513]
 
-2315.   [bug]           Used incorrect address family for mapped IPv4
+2315.	[bug]		Used incorrect address family for mapped IPv4
 			addresses in acl.c. [RT #17519]
 
 2314.	[bug]		Uninitialized memory use on error path in
@@ -225,13 +253,13 @@
 2312.	[cleanup]	Silence Coverity warning in lib/isc/unix/socket.c.
 			[RT #17458]
 
-2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
+2311.	[bug]		IPv6 addresses could match IPv4 ACL entries and
 			vice versa. [RT #17462]
 
 2310.	[bug]		dig, host, nslookup: flush stdout before emitting
 			debug/fatal messages.  [RT #17501]
 
-2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
+2309.	[cleanup]	Fix Coverity warnings in lib/dns/acl.c and iptable.c.
 			[RT #17455]
 
 2308.	[cleanup]	Silence Coverity warning in bin/named/controlconf.c.
@@ -284,7 +312,7 @@
 2292.	[bug]		Log if the working directory is not writable.
 			[RT #17312]
 
-2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
+2291.	[bug]		PR_SET_DUMPABLE may be set too late.  Also report
 			failure to set PR_SET_DUMPABLE. [RT #17312]
 
 2290.	[bug]		Let AD in the query signal that the client wants AD
@@ -311,7 +339,7 @@
 2280.	[func]		Allow the experimental http server to be reached
 			over IPv6 as well as IPv4. [RT #17332]
 
-2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
+2279.	[bug]		Use setsockopt(SO_NOSIGPIPE), when available,
 			to protect applications from receiving spurious
 			SIGPIPE signals when using the resolver.
 
@@ -346,7 +374,7 @@
 
 	--- 9.5.0b1 released ---
 
-2267.   [bug]           Radix tree node_num value could be set incorrectly,
+2267.	[bug]		Radix tree node_num value could be set incorrectly,
 			causing positive ACL matches to look like negative
 			ones.  [RT #17311]
 
@@ -364,7 +392,7 @@
 2262.	[bug]		Error status from all but the last view could be
 			lost. [RT #17292]
 
-2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]
+2261.	[bug]		Fix memory leak with "any" and "none" ACLs [RT #17272]
 
 2260.	[bug]		Reported wrong clients-per-query when increasing the
 			value. [RT #17236]
@@ -392,7 +420,7 @@
 2253.	[func]	 	"max-cache-size" defaults to 32M.
 			"max-acache-size" defaults to 16M.
 
-2252.   [bug]           Fixed errors in sortlist code [RT #17216]
+2252.	[bug]		Fixed errors in sortlist code [RT #17216]
 
 2251.	[placeholder]
 
@@ -401,10 +429,10 @@
 			Additionally named's -m option will cause the
 			statistics file to be written. [RT #17113]
 			
-2249.   [bug]           Only set Authentic Data bit if client requested
+2249.	[bug]		Only set Authentic Data bit if client requested
 			DNSSEC, per RFC 3655 [RT #17175]
 
-2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]
+2248.	[cleanup]	Fix several errors reported by Coverity. [RT #17160]
 
 2247.	[doc]		Sort doc/misc/options. [RT #17067]
 
@@ -445,9 +473,9 @@
 
 2235.	[bug]		<isc/atomic.h> was not being installed. [RT #17135]
 
-2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]
-  
-2233.   [func]          Add support for O(1) ACL processing, based on
+2234.	[port]		Correct some compiler warnings on SCO OSr5 [RT #17134]
+
+2233.	[func]		Add support for O(1) ACL processing, based on
 			radix tree code originally written by Kevin
 			Brintnall. [RT #16288]
 

lib/dns/acl.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acl.c,v 1.37.2.7 2008/04/29 01:04:14 each Exp $ */
+/* $Id: acl.c,v 1.37.2.7.22.1 2008/09/05 21:09:56 each Exp $ */
 
 /*! \file */
 
@@ -234,8 +234,10 @@ dns_acl_match(const isc_netaddr_t *reqaddr,
 		dns_aclelement_t *e = &acl->elements[i];
 
 		/* Already found a better match? */
-		if (match_num != -1 && match_num < e->node_num)
+		if (match_num != -1 && match_num < e->node_num) {
+			isc_refcount_destroy(&pfx.refcount);
 			return (ISC_R_SUCCESS);
+		}
 
 		if (dns_aclelement_match(reqaddr, reqsigner,
 					 e, env, matchelt)) {
@@ -245,10 +247,12 @@ dns_acl_match(const isc_netaddr_t *reqaddr,
 				else
 					*match = e->node_num;
 			}
+			isc_refcount_destroy(&pfx.refcount);
 			return (ISC_R_SUCCESS);
 		}
 	}
 
+	isc_refcount_destroy(&pfx.refcount);
 	return (ISC_R_SUCCESS);
 }
 

lib/dns/iptable.c

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: iptable.c,v 1.5.46.3 2008/01/21 21:02:24 each Exp $ */
+/* $Id: iptable.c,v 1.5.46.3.30.1 2008/09/05 21:09:56 each Exp $ */
 
 #include <isc/mem.h>
 #include <isc/radix.h>
@@ -75,8 +75,10 @@ dns_iptable_addprefix(dns_iptable_t *tab, isc_netaddr_t *addr,
 
 	result = isc_radix_insert(tab->radix, &node, NULL, &pfx);
 
-	if (result != ISC_R_SUCCESS)
+	if (result != ISC_R_SUCCESS) {
+		isc_refcount_destroy(&pfx.refcount);
 		return(result);
+	}
 
 	/* If the node already contains data, don't overwrite it */
 	if (node->data[ISC_IS6(family)] == NULL) {
@@ -86,6 +88,7 @@ dns_iptable_addprefix(dns_iptable_t *tab, isc_netaddr_t *addr,
 			node->data[ISC_IS6(family)] = &dns_iptable_neg;
 	}
 
+	isc_refcount_destroy(&pfx.refcount);
 	return (ISC_R_SUCCESS);
 }
 

lib/isc/include/isc/msgs.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: msgs.h,v 1.15 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: msgs.h,v 1.15.268.1 2008/09/04 06:23:15 marka Exp $ */
 
 #ifndef ISC_MSGS_H
 #define ISC_MSGS_H 1
@@ -153,7 +153,8 @@
 #define ISC_MSG_ACCEPTRETURNED 1418 /*%< accept() returned %d/%s */
 #define ISC_MSG_TOOMANYFDS     1419 /*%< %s: too many open file descriptors */
 #define ISC_MSG_ZEROPORT       1420 /*%< dropping source port zero packet */
-#define ISC_MSG_FILTER	       1420 /*%< setsockopt(SO_ACCEPTFILTER): %s */
+#define ISC_MSG_FILTER	       1421 /*%< setsockopt(SO_ACCEPTFILTER): %s */
+#define ISC_MSG_TOOMANYHANDLES 1422 /*%< %s: too many open WSA event handles: %s */
 
 #define ISC_MSG_AWAKE	       1502 /*%< "awake" */
 #define ISC_MSG_WORKING	       1503 /*%< "working" */

lib/isc/include/isc/socket.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.72.226.6 2008/07/23 23:48:45 tbox Exp $ */
+/* $Id: socket.h,v 1.72.226.6.6.2 2008/09/05 00:29:15 each Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1

lib/isc/radix.c

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: radix.c,v 1.9.6.5.2.1 2008/07/24 02:03:22 marka Exp $ */
+/* $Id: radix.c,v 1.9.6.5.2.1.6.1 2008/09/16 03:37:47 marka Exp $ */
 
 /*
  * This source was adapted from MRT's RCS Ids:
@@ -98,13 +98,15 @@ _ref_prefix(isc_mem_t *mctx, isc_prefix_t **target, isc_prefix_t *prefix) {
 	       (prefix->family == AF_INET6 && prefix->bitlen <= 128));
 	REQUIRE(target != NULL);
 
-	/* If this prefix is a static allocation, copy it into new memory */
+	/*
+	 * If this prefix is a static allocation, copy it into new memory.
+	 * (Note, the refcount still has to be destroyed by the calling
+	 * routine.)
+	 */
 	if (isc_refcount_current(&prefix->refcount) == 0) {
 		isc_result_t ret;
 		ret = _new_prefix(mctx, target, prefix->family,
 				  &prefix->add, prefix->bitlen);
-		if (ret == ISC_R_SUCCESS)
-			isc_refcount_destroy(&prefix->refcount);
 		return ret;
 	}
 

lib/isc/win32/errno2result.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.c,v 1.14 2007/06/19 23:47:19 tbox Exp $ */
+/* $Id: errno2result.c,v 1.14.266.1 2008/09/04 06:23:15 marka Exp $ */
 
 #include <config.h>
 
@@ -61,22 +61,39 @@ isc__errno2resultx(int posixerrno, const char *file, int line) {
 	case EMFILE:
 	case WSAEMFILE:
 		return (ISC_R_TOOMANYOPENFILES);
-	case ERROR_OPERATION_ABORTED:
-		return (ISC_R_CONNECTIONRESET);
-	case ERROR_PORT_UNREACHABLE:
-		return (ISC_R_HOSTUNREACH);
+	case ERROR_CANCELLED:
+		return (ISC_R_CANCELED);
+	case ERROR_CONNECTION_REFUSED:
+	case WSAECONNREFUSED:
+		return (ISC_R_CONNREFUSED);
+	case WSAENOTCONN:
+	case ERROR_CONNECTION_INVALID:
+		return (ISC_R_NOTCONNECTED);
 	case ERROR_HOST_UNREACHABLE:
-		return (ISC_R_HOSTUNREACH);
-	case ERROR_NETWORK_UNREACHABLE:
-		return (ISC_R_NETUNREACH);
-	case WSAEADDRNOTAVAIL:
-		return (ISC_R_ADDRNOTAVAIL);
 	case WSAEHOSTUNREACH:
 		return (ISC_R_HOSTUNREACH);
-	case WSAEHOSTDOWN:
-		return (ISC_R_HOSTUNREACH);
+	case ERROR_NETWORK_UNREACHABLE:
 	case WSAENETUNREACH:
 		return (ISC_R_NETUNREACH);
+	case ERROR_NO_NETWORK:
+		return (ISC_R_NETUNREACH);
+	case ERROR_PORT_UNREACHABLE:
+		return (ISC_R_HOSTUNREACH);
+	case WSAECONNRESET:
+	case WSAENETRESET:
+	case WSAECONNABORTED:
+	case WSAEDISCON:
+	case ERROR_OPERATION_ABORTED:
+	case ERROR_CONNECTION_ABORTED:
+	case ERROR_REQUEST_ABORTED:
+		return (ISC_R_CONNECTIONRESET);
+	case WSAEADDRNOTAVAIL:
+		return (ISC_R_ADDRNOTAVAIL);
+	case ERROR_NETNAME_DELETED:
+	case WSAENETDOWN:
+		return (ISC_R_NETUNREACH);
+	case WSAEHOSTDOWN:
+		return (ISC_R_HOSTUNREACH);
 	case WSAENOBUFS:
 		return (ISC_R_NORESOURCES);
 	default:

lib/isc/win32/include/isc/mutex.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mutex.h,v 1.19 2007/06/19 23:47:20 tbox Exp $ */
+/* $Id: mutex.h,v 1.19.274.2 2008/09/05 00:29:16 each Exp $ */
 
 #ifndef ISC_MUTEX_H
 #define ISC_MUTEX_H 1

lib/isc/win32/net.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.c,v 1.14.128.2 2008/04/02 23:46:28 tbox Exp $ */
+/* $Id: net.c,v 1.14.128.2.16.1 2008/09/05 00:29:15 each Exp $ */
 
 #include <config.h>
 
@@ -225,7 +225,7 @@ try_ipv6pktinfo(void) {
 	optname = IPV6_PKTINFO;
 #endif
 	on = 1;
-	if (setsockopt(s, IPPROTO_IPV6, optname, &on, sizeof(on)) < 0) {
+	if (setsockopt(s, IPPROTO_IPV6, optname, (const char *) &on, sizeof(on)) < 0) {
 		ipv6pktinfo_result = ISC_R_NOTFOUND;
 		goto close;
 	}

lib/isc/win32/time.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: time.c,v 1.43 2007/06/19 23:47:19 tbox Exp $ */
+/* $Id: time.c,v 1.43.274.1 2008/09/04 06:23:15 marka Exp $ */
 
 #include <config.h>
 
@@ -65,7 +65,7 @@ isc_interval_set(isc_interval_t *i, unsigned int seconds,
 	REQUIRE(nanoseconds < NS_PER_S);
 
 	i->interval = (LONGLONG)seconds * INTERVALS_PER_S
-		+ nanoseconds / NS_INTERVAL;
+		+ (nanoseconds + NS_INTERVAL - 1) / NS_INTERVAL;
 }
 
 isc_boolean_t

version

@@ -1,4 +1,4 @@
-# $Id: version,v 1.39.18.5.2.1 2008/07/29 05:03:07 each Exp $
+# $Id: version,v 1.39.18.5.2.1.6.2 2008/09/10 23:31:41 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=5
 PATCHVER=0
 RELEASETYPE=-P
-RELEASEVER=2
+RELEASEVER=2-W2

win32utils/readme1st.txt

@@ -2,11 +2,11 @@ Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 2001, 2003  Internet Software Consortium.
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 
-$Id: readme1st.txt,v 1.18 2007/05/02 23:46:54 tbox Exp $
+$Id: readme1st.txt,v 1.18.314.1 2008/09/10 23:31:41 marka Exp $
 
-	   Release of BIND 9.5 for Window 2000/XP/2003
+	   Release of BIND 9.5 for Window XP/2003
 
-This is a release of BIND 9.5 for Window 2000/XP/2003.
+This is a release of BIND 9.5 for Window XP/2003.
 Only IPv4 stacks are supported on the box running this version of BIND.
 IPv6 stacks will be supported in a future release.