upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-23 15:17:01 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
23318 commits 18 branches 854 tags 440 MiB
Commit graph

236 commits

Author SHA1 Message Date
Mark Andrews
60c101120e 4138. [bug] A uninitialized value in validator.c could result 
in a assertion failure. (CVE-2015-4620) [RT #39795]

(cherry picked from commit a85c6b35af)
(cherry picked from commit f7d53a6f3b)
 2015-06-17 09:18:27 +10:00
Tinderbox User
9cbd625449 update copyright notice / whitespace 2015-01-20 23:47:26 +00:00
Evan Hunt
89f60705ee [v9_9] remove a potentially misleading log message 2015-01-19 20:15:28 -08:00
Mark Andrews
0ef83e5b5d 3945. [bug] Invalid wildcard expansions could be incorrectly 
accepted by the validator. [RT #37093]

(cherry picked from commit 2fa1fc5332)
 2014-09-05 12:12:08 +10:00
Mark Andrews
d2ac59302c 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:59:50 +10:00
Tinderbox User
1f841fabd2 update copyright notice 2014-04-24 23:46:02 +00:00
Mark Andrews
c10c7ddb6e 3819. [bug] NSEC3 hashes need to be able to be entered and 
displayed without padding.  This is not a issue for
                        currently defined algorithms but may be for future
                        hash algorithms. [RT #27925]

(cherry picked from commit 36e5ac0033)
 2014-04-24 19:12:08 +10:00
Mark Andrews
286ef95ba5 redo: 3576. [bug] Address a shutdown race when validating. [RT #33573] 2013-06-04 11:26:33 +10:00
Mark Andrews
0904ef3859 address memory in dns_view_getsecroots failure 
(cherry picked from commit c611465739)
 2013-05-31 12:31:25 +10:00
Mark Andrews
91fdf4c601 3576. [bug] Address a shutdown race when validating. [RT #33573] 
(cherry picked from commit 2cd3c8856c)
 2013-05-29 18:03:59 +10:00
Mark Andrews
c51fe7894a 3541. [bug] The parts if libdns was not being properly initialized 
in when built in libexport mode. [RT #33028]
 2013-04-03 17:28:22 +11:00
Tinderbox User
a1b3872a71 update copyright notice 2013-01-10 23:45:46 +00:00
Mark Andrews
4d112a210e 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 22:38:10 +11:00
Tinderbox User
efbd480608 update copyright notice 2012-12-18 23:45:35 +00:00
Mark Andrews
48f72b811d 3443. [bug] The NOQNAME proof was not being returned from cached 
insecure responses. [RT #21409]

Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/include/dns/types.h
 2012-12-19 10:06:24 +11:00
Mark Andrews
08ed0f97a1 3419. [bug] Memory leak on validation cancel. [RT #31869] 
Squashed commit of the following:

commit 452b07ec7cb31784d90d9c2e45ca708df306302e
Author: Mark Andrews <marka@isc.org>
Date:   Wed Nov 14 23:36:36 2012 +1100

    destroy fetch when canceling validator
 2012-11-15 11:18:08 +11:00
Mark Andrews
acfe8e50b9 Redo 
3415.   [bug]           named could die with a REQUIRE failure if a valdation
                        was canceled. [RT #31804]
 2012-11-14 07:43:42 +11:00
Mark Andrews
ee8323e489 3415. [bug] named could die with a REQUIRE failure id a valdation 
was canceled. [RT #31804]

Squashed commit of the following:

commit d414d3cb4244daeca4159ac1f8a82322e4a20e5a
Author: Mark Andrews <marka@isc.org>
Date:   Wed Nov 7 14:19:28 2012 +1100

    check that val->fetch != NULL before calling dns_resolver_destroyfetch
 2012-11-09 09:11:50 +11:00
Evan Hunt
2589af5868 [v9_9] silence coverity warnings 
3401.	[bug]		Addressed Coverity warnings. [RT #31484]
(cherry picked from commit 47c5b8af92)
 2012-10-23 22:12:15 -07:00
Mark Andrews
07dbb507d2 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 14:56:52 +10:00
Evan Hunt
8c18302d8b fix coverity issues 
3388.	[bug]		Fixed several Coverity warnings. [RT #30996]
 2012-10-02 23:46:15 -07:00
ckb
66e472cd74 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:12:57 -05:00
Mark Andrews
acebc2457c 3339. [func] Allow the maximum supported rsa exponent size to be 
specified: "max-rsa-exponent-size <value>;" [RT #29228]
 2012-06-20 21:34:24 +10:00
Tinderbox User
c201888c2a regen v9_9 2012-03-07 01:59:30 +00:00
Evan Hunt
f94af76649 Revert "added gitignore, removed cvsignore" 
This reverts commit e8ae173655.
 2012-03-05 08:24:17 -08:00
Evan Hunt
e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Automatic Updater
f2cac6cc31 update copyright notice 2012-02-15 23:46:20 +00:00
Mark Andrews
c177ca3064 3285. [bug] val-frdataset was incorrectly disassociated in 
proveunsecure after calling startfinddlvsep.
                        [RT #27928]
 2012-02-15 21:01:50 +00:00
Evan Hunt
25845da41a 3203. [bug] Increase log level to 'info' for validation failures 
from expired or not-yet-valid RRSIGs. [RT #21796]
 2011-11-04 05:36:28 +00:00
Automatic Updater
dfc015bc7e update copyright notice 2011-10-20 23:46:51 +00:00
Mark Andrews
ada40193c8 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:42:11 +00:00
Mark Andrews
020c4484fe 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:00:15 +00:00
Evan Hunt
6de9744cf9 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 22:13:51 +00:00
Mark Andrews
ea82782532 3120. [bug] Named could fail to validate zones list in a DLV 
that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]
 2011-05-26 04:35:02 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Automatic Updater
c8175ece69 update copyright notice 2011-03-01 23:48:07 +00:00
Scott Mann
d31740ce28 Fixed DNSKEY NODATA responses not cached (RT #22908). 2011-03-01 14:40:39 +00:00
Francis Dupont
664917beda Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:21:35 +00:00
Mark Andrews
4b45a8fc5a handle cname response 2011-02-21 23:37:31 +00:00
Mark Andrews
37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Mark Andrews
e27d55e3ee 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:28:00 +00:00
Automatic Updater
515c7f3c43 update copyright notice 2010-05-14 23:50:40 +00:00
Mark Andrews
44f175a90a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:38:52 +00:00
Mark Andrews
b335299322 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:13:43 +00:00
Mark Andrews
fd95cc0da9 2877. [bug] The validator failed to skip obviously mismatching 
RRSIGs. [RT #21138]
 2010-04-21 05:45:47 +00:00
Mark Andrews
bb6d33103e 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:16:49 +00:00
Mark Andrews
b8d036c434 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-03-26 17:12:48 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00