upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-29 18:09:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
23318 commits 18 branches 854 tags 440 MiB
Commit graph

87 commits

Author SHA1 Message Date
Mark Andrews
2b97639b9b use isc_mem_create2 2016-11-09 16:24:48 +11:00
Mark Andrews
193c1e2618 back port alway use a private memory pool with openssl 2016-11-09 10:22:35 +11:00
Mark Andrews
8176815e04 back port alway use a private memory pool with openssl 2016-11-09 10:17:28 +11:00
Mark Andrews
964e19cea8 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-11-09 09:59:32 +11:00
Francis Dupont
c5f24b125f Merged rt42505 (misc DNSSEC bugs) 2016-06-01 09:33:50 +02:00
Tinderbox User
8df239e201 update copyright notice / whitespace 2016-01-05 23:46:15 +00:00
Evan Hunt
75214d0c59 [v9_9] fix use after free on xfr timeout 
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
 2016-01-04 22:06:35 -08:00
Tinderbox User
2a71b08491 update copyright notice / whitespace 2015-05-28 23:46:13 +00:00
Mark Andrews
64b34aee39 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 
(cherry picked from commit e53e202ef3)
 2015-05-28 13:26:19 +10:00
Mark Andrews
2e4548087a 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-11-13 12:54:37 +11:00
Mark Andrews
cbc2132d2a 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]

(cherry picked from commit 7ace327795)
 2013-08-15 11:20:18 +10:00
Evan Hunt
1d737374e4 [v9_9] add zone memory context pools 
3492.	[bug]		Fixed a regression in zone loading performance
			due to lock contention. [RT #30399]
(cherry picked from commit df925e6c66)
 2013-02-20 21:40:25 -08:00
Tinderbox User
4484a9cabf update copyright notice 2013-02-16 23:45:45 +00:00
Evan Hunt
27eefab033 [v9_9] address TKEY bugs 
3486.	[bug]		named could crash when using TKEY-negotiated keys
			that had been deleted and then recreated. [RT #32506]

(cherry picked from commit 0b8bd3a4ae)
 2013-02-15 10:21:43 -08:00
Mark Andrews
3a1d39aa57 3440. [bug] Reorder get_key_struct to not trigger a assertion when 
cleaning up due to out of memory error. [RT #32131]
 2012-12-13 11:19:00 +11:00
Evan Hunt
152c393671 [v9_9] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
(cherry picked from commit 0e37e9e3d7)
 2012-10-24 13:00:06 -07:00
Evan Hunt
2589af5868 [v9_9] silence coverity warnings 
3401.	[bug]		Addressed Coverity warnings. [RT #31484]
(cherry picked from commit 47c5b8af92)
 2012-10-23 22:12:15 -07:00
Evan Hunt
b5bfcabdc0 warn when changing mode on .private files 
3347.	[bug]		dnssec-settime: Issue a warning when writing a new
			private key file would cause a change in the
			permissions of the existing file. [RT #27724]
 2012-07-05 18:03:57 -07:00
Mark Andrews
acebc2457c 3339. [func] Allow the maximum supported rsa exponent size to be 
specified: "max-rsa-exponent-size <value>;" [RT #29228]
 2012-06-20 21:34:24 +10:00
Mark Andrews
e6e3680d46 = -> == 2012-05-18 17:12:47 +10:00
Tinderbox User
a2093c07a5 update copyright notice 2012-05-17 23:45:48 +00:00
Evan Hunt
8b1b819ae4 add ECDSA support 
3317.	[protocol]	Add ECDSA support (RFC 6605). [RT #21918]
 2012-05-17 15:52:07 -07:00
Mark Andrews
1946c596b4 3174. [bug] Always compute to revoked key tag from scratch. 
[RT #24711]
 2011-10-20 21:20:02 +00:00
Evan Hunt
76a7d4e152 3152. [cleanup] Some versions of gcc and clang failed due to 
incorrect use of __builtin_expect. [RT #25183]
 2011-09-05 18:00:22 +00:00
Automatic Updater
d5c0739351 update copyright notice 2011-08-18 23:46:35 +00:00
Mark Andrews
0226bd69cd cast to unsigned 2011-08-18 17:41:54 +00:00
Mark Andrews
ecf809f959 3143. [bug] Silence clang compiler warnings. [RT #25174] 2011-08-18 06:00:07 +00:00
Mark Andrews
3a63259484 3143. [bug] Silence clang compiler warnings. [RT #25174] 2011-08-18 04:52:35 +00:00
Evan Hunt
0994d3a21b 3087. [bug] DDNS updates using SIG(0) with update-policy match 
type "external" could cause a crash. [RT #23735]
 2011-03-21 19:54:03 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Automatic Updater
135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved 
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
 2011-01-10 05:32:04 +00:00
Mark Andrews
37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Evan Hunt
71bd858d8e 2989. [func] Added support for writable DLZ zones. (Contributed 
by Andrew Tridgell of the Samba project.) [RT #22629]

2988.	[experimental]	Added a "dlopen" DLZ driver, allowing the creation
			of external DLZ drivers that can be loaded as
			shared objects at runtime rather than linked with
			named.  Currently this is switched on via a
			compile-time option, "configure --with-dlz-dlopen".
			Note: the syntax for configuring DLZ zones
			is likely to be refined in future releases.
			(Contributed by Andrew Tridgell of the Samba
			project.) [RT #22629]

2987.	[func]		Improve ease of configuring TKEY/GSS updates by
			adding a "tkey-gssapi-keytab" option.  If set,
			updates will be allowed with any key matching
			a principal in the specified keytab file.
			"tkey-gssapi-credential" is no longer required
			and is expected to be deprecated.  (Contributed
			by Andrew Tridgell of the Samba project.)
			[RT #22629]
 2010-12-18 01:56:23 +00:00
Mark Andrews
9f9b7f0e8d 2982. [bug] Reference count dst keys. dst_key_attach() can be used 
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
 2010-12-09 00:54:34 +00:00
Mark Andrews
c87f15dac8 2976. [bug] named die on exit after negotiating a GSS-TSIG key. [RT #3415] 2010-12-02 23:22:42 +00:00
Mark Andrews
49560ac770 typo in threaded build, silence compiler warning 2010-05-13 03:08:30 +00:00
Mark Andrews
5c40acf215 2887. [bug] Report the keytag times in UTC in the .key file, 
local time is presented as a comment within the
                        comment.  [RT #21223]

2886.   [bug]           ctime() is not thread safe. [RT #21223]
 2010-05-12 23:49:40 +00:00
Automatic Updater
65d1486535 update copyright notice 2010-01-11 23:48:37 +00:00
Francis Dupont
a91029a00e Prevent Linux spurious warnings about fwrite(). [RT #20812] 2010-01-11 10:49:14 +00:00
Evan Hunt
5c6c5669ec #include <time.h> for the ctime() prototype. 2009-11-07 03:36:58 +00:00
Mark Andrews
5ccd971c72 UNUSED(engine) if !defined(OPENSSL) 2009-11-03 19:43:54 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Mark Andrews
a01095a487 2721. [port] Have dst__entropy_status() prime the random number 
generator. [RT #20369]
 2009-10-20 04:39:48 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Mark Andrews
30bb4870da remove, not zero, extended flags 2009-10-12 09:03:06 +00:00
Mark Andrews
11804ca08f zero extended flags 2009-10-12 08:57:38 +00:00
Mark Andrews
515053881b remove extended flags before comparing if set 2009-10-12 06:05:29 +00:00