check can be abused for implementation specific exploitation: depending on
the use of libbind, this can result in denial of service or even remote
code execution.
- Fix ${MASTER_SITES}
- Fix permissions on installed html files
BIND changes:
1750. [cleanup] Add "End of Life" notices.
1749. [security] Use arc4 rather than LC NSID for QID RNG. [RT #17034]
1719. [port] HPUX-IA64 support.
1716. [port] solaris: poll() support.
1715. [port] solaris: uses Sun's md5 implementation.
1712. [bug] turning off non-blocking i/o was broken.
1700. [port] Use closefrom() if available.
See CHANGES for all the details.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Package changes:
* Use bsd.pkg.install full power: rc script handling, OWN_DIRS.
* Tweak BUILD_DIRS instead of using post-build and post-install time
make invocations (with a little help of post-extract clean up).
* Automatic OPSYS PLIST handling.
* Install html documentation in a canonical pkgsrc directory.
Changes since bind version 8.3.4:
--- 8.4.1-REL released --- (Sun Jun 8 15:11:32 PDT 2003)
1548. [port] winnt: make recv visible from libbind.
1547. [port] cope with spurious EINVAL from evRead.
1546. [cleanup] dig now reports version 8.4.
1545. [bug] getifaddrs_sun6 was broken.
1544. [port] hpux 10.20 has a broken recvfrom(). Revert to recv()
in named-xfer and work around deprecated recv() in
OSF.
1543. [bug] named failed to send notifies to servers that live
in zones it was authoritative for.
1542. [bug] set IPV6_USE_MIN_MTU on IPv6 sockets if the kernel
supports it.
1541. [bug] getifaddrs_sun6() should be a no-op on early SunOS
releases.
--- 8.4.0-REL released --- (Sun Jun 1 17:49:31 PDT 2003)
1540. [bug] remove potential memory leak from net_data_create().
1539. [port] protect references to sin6_scope_id with #ifdef.
1538. [port] linux: not all distributions define IF_NAMESIZE.
--- 8.4.0-RC2 released --- (Tue May 27 18:31:53 PDT 2003)
1537. [bug] dig buffer overrun with large command lines.
1536. [cleanup] use NS_MAXMSG to define TCP buffers.
1535. [bug] winnt: large zone transfers failed.
1534. [func] The advertised EDNS UDP buffer size can now be set
via named.conf (edns-udp-size).
1533. [bug] don't artificially restrict the update message size.
1532. [bug] use maximum sized answer buffers in res_findzonecut().
1531. [port] darwin: has getifaddrs().
1530. [bug] nslookup computed incorrect reverse lookup for IPv6.
1529. [lint] unused variable in dnsquery.c::main().
1528. [bug] getaddrinfo() incorrectly rejected a numeric service
under certian circumstances.
1527. [proto] add ns_t_apl (42).
1526. [doc] res_{get,set}servers().
1525. [bug] named failed to start on linux machines w/o IPv6
support.
--- 8.4.0-RC1 released --- (Fri May 2 18:20:02 PDT 2003)
1524. [bug] update documentation for IPv6 transport support.
1523. [bug] getipnodebyname with AI_ADDRCONFIG set was broken
on HPUX 11.11. Detect IPv6 interfaces under linux.
1522. [port] ultrix doesn't have msg_control (NO_MSG_CONTROL).
1521. [bug] query-source{-v6} was broken.
1520. [port] hpux: socket returns EPROTONOSUPPORT for unsupported
family.
1519. [port] decunix: conflicting setnetgrent() and innetgr()
prototypes.
1518. [cleanup] silence "No root nameservers for class XX" when
"forward only;" is set in options.
1517. [cleanup] stop using putshort/putlong internally.
1516. [port] bsdos: now know correct appearance information for
getifaddrs/freeifaddrs.
--- 8.4.0-T2B released --- (Wed Apr 23 21:11:59 PDT 2003)
1515. [port] solaris doesn't have msg_control (NO_MSG_CONTROL).
1514. [port] hpux doesn't have msg_control (NO_MSG_CONTROL).
1513. [bug] use ipnodes.{byname,byaddr} for IPv6 NIS lookups.
Add support for "YP_MULTI_".
1512. [func] provide a getifaddrs() implementation for OS's
that don't have one. Includes IPv6 support for
Solaris, HPUX and Linux.
1511. [cleanup] don't use argument names in function prototypes.
1510. [port] openbsd uses /bsd not /kernel.
1509. [port] bsd: extract sin6_scope_id from internal form.
1508. [bug] not all references to sin6_scope_id were protected.
1507. [bug] don't attempt to send using address families not
supported by the kernel.
1506. [bug] named could sometimes set tc incorrectly.
1505. [bug] potential overflow if pointer arithmetic wrapped.
1504. [port] sa_family_t doesn't exist on all platforms.
1503. [bug] named could make unnecessary queries for glue if the
additional section was full.
1502. [port] some IPv6 references were not protected.
1501. [port] decunix: OSF 3.2 does not have native 64 bit support.
1500. [port] linux: namespace collision.
1499. [port] linux: #include <time.h> bin/dig/dig.c
1498. [bug] ns_makecanon() could under read its destination buffer
by one character and fail to properly canonicalise.
1497. [bug] res_mkupdate() used compression pointers when it
shouldn't.
1496. [bug] res_mkupdate() didn't support NAPTR.
--- 8.4.0-T1B released --- (Mon Apr 7 20:00:15 PDT 2003)
1495. [func] IPv6 transport support for named, named-xfer and
ndc.
1494. [bug] memory leak on thread destruction if gethostbyname() /
getnetbyname() have been called by the thread.
1493. [bug] check scope for link local servers.
1492. [placeholder]
1491. [cleanup] indentation problems.
1490. [bug] the seek offset was miscalculated when truncating
the ixfr log.
1489. [func] named no longer queries for missing additional A6
records.
1488. [port] decunix: TruCluster support.
See port/decunix/TruCluster.
1487. [bug] getnetgroup() takes (char **) not (const char **).
1486. [func] res_query() now generates more/better debug on failure
1485. [func] res_send() records the nameserver the response came
from. Dig retrieves this rather than reporting the
first address.
1484. [bug] dig use sin.sin_port for IPv4.
1483. [bug] nslookup could dereference a NULL pointer under certain
circumstances.
1482. [bug] provide local storage for localtime_r result.
1481. [bug] tv.tv_sec and time_t are not always the same type.
1480. [bug] gethostbyname(), getaddrinfo() could drop address
if the previous call contained one of the new
addresses.
1479. [func] try known lame servers if all other servers have
failed.
1478. [cleanup] libbind: don't look for A6 records, don't follow
DNAME record (use the CNAMES), remove some bitstring
related functions.
1477. [cleanup] libbind: namespace cleanup (irs_* to __irs*,
dst_* to __dst_* and tree_* to __tree*)
1476. [bug] dig wasn't using a random query id.
1475. [bug] "query-source address <listening interface> port *"
failed to use a system assigned port as documented.
1474. [bug] named wasn't seeing cached NODATA CNAME records.
1473. [bug] nslookup: buffer overrun when looking up reverse
IPv6 addresses under IP6.INT when not found under
IP6.ARPA.
1472. [port] freebsd; current has pselect().
1471. [port] 'dig -P' failed on some platforms.
1470. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
1467. [deleted]
1461. [func] return referrals for glue (NS/A/AAAA) if recursion is
disabled (recursion no;).
1460. [bug] NS_MD5RSA_MAX_BITS was not correct.
1459. [bug] ns_sign2() could fail to compute a correct signature
if the TSIG ownername was compressed.
1458. [bug] host: spurious "Unknown algorithm" message with default
zone listing. missing white space before '(' in SOA
format.
1457. [bug] bison didn't like ns_parser.y.
1456. [doc] document auth-nxdomain default is "no" (see # 524).
1455. [bug] named failed to allow a cached NODATA response for
a ANY query to be retrieved.
1454. [contrib] nsverifier from Bob.Whelton@qwest.com.
1453. [bug] SOA answers should only be cached for the current
tick.
1452. [bug] don't cache -ve response SOA record.
1451. [port] bsdos: maybe_fix_includes is not required.
1450. [bug] hint zones don't need to be reloaded when a "child"
zone is removed.
1449. [bug] it was possible to orphan glue records. this could
lead to panics in stale().
1438. [bug] glue from a parent zone beneath a child zone could
be deleted by loading a child zone.
1437. [bug] linux: probe_ipv6 was broken.
1436. [port] decunix: update sys/bitypes.h
1435. [func] named-xfer: log the zone name when reporting query
sent.
1434. [doc] the man page for dn_expand failed to document eomorig.
1433. [lint] remove unused variable.
1432. [func] log TSIG key name if used with zone transfer.
1431. [func] new category "update-security".
1430. [func] libbind: the default nameservers now include ::1/::
as well as 127.0.0.1/0.0.0.0 if none are specified in
resolv.conf.
1429. [port] libbind: use strlcat/strlcpy if available.
1428. [port] eventlib.c: cast tv_sec to long when calling *printf().
1427. [func] define INT8SZ
1426. [port] res_dprintf() now supports format checking w/ gcc.
1425. [bug] 'aa' was not being set appropriately with cross zone
CNAMES.
1424. [cleanup] ip6_str2scopeid() now returns u_int32_t.
1423. [bug] 'ndc restart' could fail to restart named if there
were no arguments to named.
1422. [cleanup] optarg() etc. are declared in unistd.h.
1421. [bug] clear and check errno when calling strtoul().
1420. [cleanup] use %p instead of %#x for printing pointers.
1419. [cleanup] getinfo(): kill buflen manipulation.
1418. [port] cast pointers to (size_t) when aligning.
1417. [cleanup] make1101inaddr(): kill size manipulation.
1416. [port] log_vwrite() now supports format checking w/ gcc.
1415. [port] irix: probe for in6addr_any.
1414. [bug] strtoul() cast (char*) to (unsigned char*).
1413. [bug] host: soa values are not signed.
1412. [bug] fix numeric port range check in getaddrinfo().
1411. [port] freebsd/netbsd/openbsd: #define USE_IFNAMELINKID.
1410. [port] probe for sin6_scope_id when probing for IPv6 structs.
1409. [bug] dig: reverse6 computed a incorrect nibble string.
1408. [cleanup] res_mkquery.c: kill buflen manipulation.
1407. [port] namespace clash EV_ERR -> EV_SETERR
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
bump PKGREVISION
---
1469. [bug] buffer length calculation for PX was wrong.
1468. [bug] ns_name_ntol() could overwite a zero length buffer.
1467. [bug] off by one bug in ns_makecannon().
1466. [bug] large ENDS UDP buffer size could trigger a assertion.
1465. [bug] possible NULL pointer dereference in db_sec.c
1464. [bug] the buffer used to construct the -ve record was not
big enough for all possible SOA records. use pointer
arithmetic to calculate the remaining size in this
buffer.
1463. [bug] use serial space arithmetic to determine if a SIG is
too old, in the future or has internally constistant
times.
1462. [bug] write buffer overflow in make_rr().
--- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002)
1301. [func] log attempts to exploit #1300.
1300. [bug] Remote buffer overrun.
1299. [func] Log to xfer-in when a named-xfer fails and one of
the masters returned REFUSED.
1298. [bug] named could leak a OPT record when returning a
negative response.
1297. [func] 'ndc restart' will now attempt to preserve the
arguments named was started with.
Use 'ndc restart --' to clear the arguements.
Use 'ndc restart <new arguements>' to restart named
with a alternate set of arguements.
1296. [bug] delay setting need_restart until the response to
ndc exec has been sent.
1295. [func] new ndc command 'args'. returns the arguements that
named was started with %xx escaped.
1294. [bug] #1272 broke linkage for those OS's using -lfl (flex).
Move -ll/-lfl to LIBL for all platforms.
--- 8.3.2-REL released --- (Mon Jun 17 20:24:32 PDT 2002)
1293. [doc] update man pages for 'dig', 'dnsquery' and 'host'
to reflect IPv6 capabilities (nslookup and nsupdate
were already IPv4/IPv6 agnostic).
1292. [func] host: the default lookups now also include AAAA
records.
1291. [func] 'dig -x <ip6>' now works.
1290. [bug] 'dig @server' fail to report the IPv6 address of the
server in error messages.
1289. [contrib] normalize_zone now handles $TTL.
1288. [bug] named: -t and -w could not be used together.
1287. [func] report serial(s) in out going transfer operation.
--- 8.3.2-RC1 released --- (Thu May 30 23:06:11 PDT 2002)
1286. [func] libbind: no longer attempts bit string labels for
IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
for nibble style resolution.
1285. [port] linux: ss_family vs __ss_family in sockaddr_storage.
1284. [port] freebsd: 5.0 uses gid_t rather that int for
GETGROUPLIST_ARGS
1283. [port] bsdi: 4.2 also has struct sockaddr_storage.
1282. [bug] nslookup was using inet_ntoa() to print out a IPv6
address.
1281. [bug] escape '(' and ')' when coverting to presentation
form.
1280. [func] server { edns yes_or_no; } is now supported.
1279. [bug] nslookup: partial coversion to similar style outputs
for both -type=aaaa and -type=a.
1278. [bug] free() of non-malloced memory in nslookup.
1277. [port] cast all instances of yytext in commands.l to (char*)
to silence compilers on OS's where lex declares it
as (unsigned char *).
1276. [port] hpux 11.22: ansify GetAnswer in getinfo.c to
silence compiler.
1275. [bug] bad declaration of si in tsig_key_from_addr().
1274. [port] hpux 11.22: ansify hexstring() and display() in
addr.c to silence compiler.
1273. [bug] const pointer conficts in res_debug.c.
1272. [port] hpux 11.22: don't link against -ll unless required.
1272. [bug] main_need_num was not last entry in enum.
main_need_tick nolonger required.
1271. [port] hpux: treat all hpux systems as BIG_ENDIAN, don't
include <sys/mbuf.h>.
1270. [port] hpux 11.22 namespace clash DATASIZE -> BIND_DATASIZE.
1269. [port] hpux 11.11 interface scaning.
1268. [port] solaris: 64 bit binary compatability.
1267. [bug] aix4: missing IN6_IS_ADDR_V4COMPAT macro.
1266. [bug] If you are using TSIG #1261 introduced the potential
of a infinite loop.
1265. [bug] nslookup failed on platforms that don't have BSD 43
style sockets.
1264. [bug] LINK_INIT and UNLINK were not compatible with
C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
--- 8.3.2-T1B released --- (Tue May 7 18:49:58 PDT 2002)
1263. [bug] gethostans() could get out of sync parsing the
response if there was a very long CNAME chain.
1262. [bug] winnt: dumpdb and stats should now work reliably.
1261. [bug] using a valid TSIG with a compressed ownername could
result a INSIST() failure.
1260. [func] "notify explicit;" from BIND 9.
1259. [misc] leave the verification of the OPT options to the
caller.
1258. [func] accept SOA MNAME field as legitimate additional
data.
1257. [bug] malformed response to query w/ tsig + edns.
1256. [port] darwin: probe for IPv6 support.
1255. [bug] xfers_running could become out of sync if a zone
was removed while it was being transfered.
1254. [func] nsupdate can now update IPv6 servers.
1253. [func] host now accepts IPv6 addresses.
1253. [bug] reserve space for the signature when performing a
zone transfer.
1252. [func] dnsquery now accepts IPv6 addresses.
1251. [bug] win32: it was possible to call RegCloseKey() on a
invalid key.
1250 [func] nslookup now accepts IPv6 addresses.
1249. [func] dig now accepts IPv6 addresses.
1248. [doc] correct some typos in named.conf.5 and corresponding
html.
1247. [bug] get_salen() IPv6 support was broken for OSs w/o sa_len.
1246. [support] add highly dangerous compile time option
NXDOMAIN_ON_DENIAL. it should not be used
except in testing.
1245. [bug] if we don't have enough file descriptors to open
a socket attempt to close a idle tcp client.
1244. [port] bsdi: 4.3 has struct sockaddr_storage.
1243. [bug] SERVFAIL can have too many other causes to be used
say whether a server supports EDNS or not.
1242. [port] 64k answer buffers were causing stack space to be
exceeded for certian OS. Use heap space instead.
1241. [bug] getnameinfo() failed to lookup IPv4 mapped /
compatible addresses.
1340. [bug] reference after free for included conf file name.
1339. [bug] doaddinfo would not always attempt to fetch missing
glue when it should have.
1338. [bug] an IPv6 only nameserver could generate spurious
sysquery errors.
1337. [port] linux: IN6ADDR_LOOPBACK_INIT, IN6ADDR_ANY_INIT and
sockaddr_storage not declared by early kernels.
1336. [bug] getaddrinfo() could call freeaddrinfo() with an
invalid pointer.
1335. [bug] res_nupdate() failed to update the name servers
addresses before sending the update.
1334. [bug] A6 is expected in the additional section.
Fixes long-standing protocol incompatibility in DNSSEC support.
Avoids fwd'ing to root name servers if response will be rejected.
new port/cygwin contributed by s_c_biggs@bigfoot.com.
new contrib/mdnkit (V1.3) from author.
new contrib/adm from official ftp site.
new contrib/host from author.
new contrib/dnsp from author.
fixed file descriptor leak in resolver.
numerous portability improvements.
numerous bug fixes.
