upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 02:10:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
22532 commits 18 branches 854 tags 440 MiB
Commit graph

9485 commits

Author SHA1 Message Date
Mark Andrews
e901c42e9f #include <isc/safe.h> 2015-08-18 19:43:19 +10:00
Mark Andrews
06642559b7 add isc_safe_memequal and isc_safe_memcompare; remove isc_safe_memcmp 
(cherry picked from commit 47d459ef43)
 2015-08-18 12:25:43 +10:00
Evan Hunt
05d0d33cb8 [v9_9] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]

(cherry picked from commit 420a43c8d8)
 2015-08-17 18:31:11 -07:00
Tinderbox User
c4e27dcf82 update copyright notice / whitespace 2015-08-17 23:46:29 +00:00
Mukund Sivaraman
09796fdd84 Use mnemonics for RR class and type comparisons (#40297) 
(cherry picked from commit b0ba1a6059)
(cherry picked from commit 25747be3cb)
 2015-08-17 12:29:02 +05:30
Mark Andrews
5c0836a295 4181. [bug] Queued notify messages could be dequeued from the 
wrong rate limiter queue. [RT #40350]

(cherry picked from commit 70862302f8)
 2015-08-17 10:38:40 +10:00
Tinderbox User
c8b1b9141e update copyright notice / whitespace 2015-08-14 23:46:19 +00:00
Mukund Sivaraman
4abc820714 Fix double frees in getaddrinfo() in libirs (#40209) 
(cherry picked from commit d7262e5c86)
(cherry picked from commit cec7b98404)
 2015-08-14 14:10:14 +05:30
Mukund Sivaraman
0ada9e238a Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) 
(cherry picked from commit 984d2bb9e5)
(cherry picked from commit 9a88ab054b)
 2015-08-14 13:35:11 +05:30
Mukund Sivaraman
ee7ee1c4f7 Fix assertion failure in parsing NSAP records from text 
(cherry picked from commit 474921d733)
(cherry picked from commit 9250173510)
 2015-08-14 13:15:25 +05:30
Mark Andrews
84cfddb9d3 4175. [bug] TKEY with GSS-API keys needed bigger buffers. 
[RT #40333]

(cherry picked from commit 9dc5ef7f24)
 2015-08-14 08:25:59 +10:00
Tinderbox User
26846a23ab update copyright notice / whitespace 2015-08-12 23:46:15 +00:00
Mark Andrews
d9ce8a0667 4172. [bug] Named / named-checkconf didn't handle a view of CLASS0. 
[RT #40265]

(cherry picked from commit 151f1bcd5e)
 2015-08-12 19:06:41 +10:00
Evan Hunt
7d665f7666 [v9_9] fix tsig class checks 
4171.	[bug]		Fixed incorrect class checks in TSIG RR
			implementation. [RT #40287]
 2015-08-11 22:17:24 -07:00
Evan Hunt
75f4d49205 [v9_9] fix length check in OPENPGPKEY 
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
 2015-08-11 20:02:45 -07:00
Tinderbox User
cd80053809 update copyright notice / whitespace 2015-08-07 23:46:19 +00:00
Evan Hunt
0d83784a75 [v9_9] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
 2015-08-07 13:22:40 -07:00
Mukund Sivaraman
4df82d6ab8 Remove missing symbols (Windows) 2015-07-31 20:33:06 +05:30
Mukund Sivaraman
5cfbc228ca Bump api versions for 9.9.8b1 2015-07-31 19:42:23 +05:30
Mukund Sivaraman
d6ef589b99 Fix win32 build (UNUSED is present later) 
(cherry picked from commit 63dcc28d3e)
 2015-07-31 15:01:20 +05:30
Mark Andrews
5dc3a1c3d3 4165. [bug] An failure to reset a value to NULL in tkey.c could 
result in an assertion failure. (CVE-2015-5477)
                        [RT #40046]

(cherry picked from commit dbb064aa79)
 2015-07-14 14:49:21 +10:00
Tinderbox User
cc1a709402 update copyright notice / whitespace 2015-07-13 23:46:09 +00:00
Mark Andrews
82b6caf613 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]

(cherry picked from commit 3a49d0ff10)
 2015-07-13 09:49:09 +10:00
Mark Andrews
e0fd534cdd 4162. [bug] httpdmgr->flags was not being initialized. [RT #40017] 
(cherry picked from commit 0bc743f9bc)
 2015-07-10 18:44:16 +10:00
Tinderbox User
835eaef8e3 update copyright notice / whitespace 2015-07-09 23:46:11 +00:00
Evan Hunt
400f206788 [v9_9] fix build error with ISC_MEM_TRACKLINES=0 2015-07-09 14:24:29 -07:00
Evan Hunt
c1009e506a [v9_9] add missing functions 2015-07-09 00:04:25 -07:00
Evan Hunt
ea36796f82 [v9_9] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			These options are not available by default;
			use "configure --enable-fetchlimit" (or
			--enable-developer) to include them in the build.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 23:00:58 -07:00
Tinderbox User
d23960eb33 update copyright notice / whitespace 2015-07-07 23:46:10 +00:00
Mark Andrews
bb53e1de90 remove extranious ) 2015-07-07 20:49:19 +10:00
Mark Andrews
8f40aae418 restore 9.9 style output 2015-07-07 18:09:06 +10:00
Mark Andrews
61299de7c3 unknown family is now a error 2015-07-07 17:55:15 +10:00
Mark Andrews
5e210b5fe5 4158. [protocol] Support the printing of EDNS COOKIE options. 
[RT #39928]
 2015-07-07 15:49:36 +10:00
Mark Andrews
f5386a21a8 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Check that non significant ECS bits are zero on
                        receipt. [RT #39647]
 2015-07-06 16:34:48 +10:00
Tinderbox User
2043cb5835 update copyright notice / whitespace 2015-07-03 23:46:09 +00:00
Mark Andrews
83028bc232 4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835] 2015-07-03 10:17:57 +10:00
Tinderbox User
c75c73b598 update copyright notice / whitespace 2015-07-01 23:46:06 +00:00
Mark Andrews
0a4dd766f6 4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply 
minimal fix.  [RT #39667]

(cherry picked from commit 753b27a7d3)
 2015-07-01 11:52:17 +10:00
Mukund Sivaraman
fc0797977d Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 
(cherry picked from commit 08f0129732)

Conflicts:
	bin/tests/system/statistics/clean.sh

(cherry picked from commit f69f188b90)

Conflicts:
	bin/named/statschannel.c
	bin/tests/system/statistics/clean.sh
	bin/tests/system/statistics/ns1/named.conf
	bin/tests/system/statistics/tests.sh

Conflicts:
	CHANGES
 2015-06-30 14:45:13 +05:30
Tinderbox User
8780da5841 update copyright notice / whitespace 2015-06-29 23:46:07 +00:00
Mukund Sivaraman
ad0a9403c3 Fix race in getaddrinfo() in libirs (#39873) 
(cherry picked from commit c44c77178e)
(cherry picked from commit 6141f501d9)

Conflicts:
	CHANGES
 2015-06-29 19:51:23 +05:30
Mark Andrews
6f02a4e2a6 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]

(cherry picked from commit 4a61eae651)
 2015-06-29 15:49:19 +10:00
Mark Andrews
1ef6de05cd 4146. [bug] Address reference leak that could prevent a clean 
shutdown. [RT #37125]

(cherry picked from commit adbf81335b)
 2015-06-25 18:36:58 +10:00
Mark Andrews
f02f4ce874 4145. [bug] Not all unassociated adb entries where being printed. 
[RT #37125]

(cherry picked from commit 2f66e2dd81)
 2015-06-25 18:28:14 +10:00
Mark Andrews
07ab217f7f 4143. [bug] serial-query-rate was not effective for notify. 
[RT #39858]

(cherry picked from commit be4b9178f0)
 2015-06-24 20:55:30 +10:00
Mukund Sivaraman
22f467116c Fix parsing of NZFs saved by rndc addzone with view specified (#39845) 
(cherry picked from commit 0439bfedd9)

Conflicts:
	bin/named/server.c
	bin/tests/system/addzone/tests.sh

(cherry picked from commit 8134e7662e)

Conflicts:
	CHANGES
 2015-06-23 15:01:26 +05:30
Mark Andrews
cef5a9fe72 don't use C++ keyword new; use (const char *) for output of strchr((const char *), char) 
(cherry picked from commit d4422ec231)
 2015-06-18 11:16:20 +10:00
Mark Andrews
60c101120e 4138. [bug] A uninitialized value in validator.c could result 
in a assertion failure. (CVE-2015-4620) [RT #39795]

(cherry picked from commit a85c6b35af)
(cherry picked from commit f7d53a6f3b)
 2015-06-17 09:18:27 +10:00
Mark Andrews
18dd646c3e update comment as per rt39703 2015-06-05 11:08:27 +10:00
Mark Andrews
a72248d413 silence coverity warnings 
(cherry picked from commit e0fea0bf85)
 2015-05-30 17:45:18 +10:00