upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
22911 commits 18 branches 886 tags 464 MiB
Commit graph

9596 commits

Author SHA1 Message Date
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00
Tinderbox User
aee6c351d3 update copyright notice 2014-11-15 23:45:22 +00:00
Evan Hunt
63fb92c1ba [master] fix false positive compiler warning 
a "pointer always evaluates to true" warning was blocking
compilation of the radix ATF test when using --enable-developer
with gcc 4.8.2.
 2014-11-15 00:56:30 -08:00
Evan Hunt
907e01d6f3 [master] buffer ATF test was failing 2014-11-15 00:56:17 -08:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Evan Hunt
c4abb19716 [master] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]
 2014-11-14 09:02:28 -08:00
Mukund Sivaraman
a3157f3c75 [master] close() fd when done (Coverity report) 2014-11-11 07:15:02 +05:30
Evan Hunt
fadf7291df [master] check creat() return 2014-11-10 17:30:58 -08:00
Tinderbox User
6d0a639bd0 update copyright notice 2014-11-06 23:45:21 +00:00
Evan Hunt
067c0c38e7 [master] s/mempcy/memmove/ 2014-11-06 13:01:59 -08:00
Mark Andrews
8f0cf84bb1 set working directory; #include <string.h> 2014-11-06 18:02:32 +11:00
Tinderbox User
d478dbae80 update copyright notice 2014-11-05 23:45:20 +00:00
Evan Hunt
ad9645512c [master] add print.h 2014-11-04 20:43:41 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Tinderbox User
5781d00939 update copyright notice 2014-11-04 23:45:20 +00:00
Mark Andrews
a31d0513c3 add missing opening bracket 2014-11-04 17:02:32 +11:00
Mark Andrews
b976c39c07 3998. [bug] isc_radix_search was returning matches that were 
to precise. [RT #37680]
 2014-11-04 12:34:12 +11:00
Mark Andrews
1feee79e1f 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:39 +11:00
Tinderbox User
03fc2ff527 update copyright notice 2014-10-31 23:45:23 +00:00
Mark Andrews
c2f8108123 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]
 2014-10-31 11:44:09 +11:00
Mark Andrews
4e59131f18 3995. [bug] receive_secure_serial holds the zone lock for too 
long. [RT #37626]
 2014-10-31 11:38:14 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Mark Andrews
eb5243365c 3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748] 2014-10-30 10:53:12 +11:00
Mark Andrews
bad93fb90c missing comma 2014-10-28 16:10:49 +11:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Francis Dupont
4d6329c1b3 Handle VS14 incompatible changes [RT #37380] 2014-10-21 09:34:33 +02:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Francis Dupont
7fbfa379e2 Accept up to 256 byte PINs in native PKCS#11. [RT #37410] 2014-10-20 22:55:40 +02:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Mark Andrews
72775a79fe 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]
 2014-10-18 13:09:09 +11:00
Mark Andrews
871f3c8bee 3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF 
size. [RT #37187]
 2014-10-18 12:40:13 +11:00
Mark Andrews
48f97c23b7 3979. [bug] Negative trust anchor fetches where not properly 
managed. [RT #37488]
 2014-10-18 10:07:24 +11:00
Evan Hunt
188690149b [master] add diffie-hellman key unit test 
3978.	[test]		Added a unit test for Diffie-Hellman key
			computation, completing change #3974. [RT #37477]
 2014-10-17 15:55:37 -07:00
Evan Hunt
eb6d61d5e0 [master] correctly validate 5011 trust anchors 
3976.	[bug]		When refreshing managed-key trust anchors, clear
			any cached trust so that they will always be
			revalidated with the current set of secure
			roots. [RT #37506]
 2014-10-17 15:40:07 -07:00
Tinderbox User
28b2fddfd4 update copyright notice 2014-10-16 23:45:23 +00:00
Mark Andrews
ca77632f65 initialize rdataset->private7 2014-10-16 11:23:01 +11:00
Mark Andrews
58a1051e92 3974. [bug] handle DH_compute_key() failure correctly in 
openssldh_link.c. [RT #37477]
 2014-10-13 23:41:36 +11:00
Evan Hunt
34cb27055a [master] install badcache.h 2014-10-08 19:42:48 -07:00
Francis Dupont
1831311ac6 added hooks for gperftools CPU profiler [#37339] 2014-10-08 15:14:02 +02:00
Mark Andrews
bbec761a67 silence compiler warning 2014-10-08 17:47:46 +11:00
Tinderbox User
d1573beb05 update copyright notice 2014-10-04 23:45:22 +00:00
Mark Andrews
c81d56c03e 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]
 2014-10-05 08:29:34 +11:00
Tinderbox User
7a3f584cfc update copyright notice 2014-10-02 23:45:25 +00:00
Mark Andrews
9c0589bc8b 3966. [bug] Missing dns_db_closeversion call in receive_secure_db. 
[RT #35746]
 2014-10-03 07:50:09 +10:00
Mark Andrews
dda69168ea 3965. [func] Log outgoing packets and improve packet logging to 
support logging the remote address. [RT #36624]
 2014-10-02 09:40:11 +10:00
Mark Andrews
ed1c845c1d 3964. [func] nsupdate now performs check-names processing. 
[RT #36266]
 2014-10-02 09:35:43 +10:00
Tinderbox User
be484acb22 update copyright notice 2014-09-30 23:45:22 +00:00
Mark Andrews
ffeaac1d82 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]
 2014-10-01 07:24:16 +10:00
Mark Andrews
fa827173df 3959. [bug] Updates could be lost if they arrived immediately 
after a rndc thaw. [RT #37233]
 2014-10-01 06:59:19 +10:00
Tinderbox User
2fb35a6d59 update copyright notice 2014-09-29 23:45:24 +00:00