Module Name: src
Committed By: spz
Date: Sun May 29 15:17:10 UTC 2011
Modified Files:
src/distrib/sets/lists/base: ad.mips64eb ad.mips64el md.amd64
md.sparc64 shl.mi
src/external/bsd/bind/dist/bin/named: bind.keys.h query.c server.c
src/external/bsd/bind/dist/lib/dns: ncache.c rbtdb.c resolver.c
validator.c xfrin.c zone.c
src/external/bsd/bind/dist/lib/isc/unix: socket.c
src/external/bsd/bind/lib/libdns: shlib_version
src/external/bsd/bind/lib/libisc: shlib_version
Log Message:
merge 9.8.0-P2:
- fixes CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named
- fixes CVE-2011-0414: bind lockup during IXFR
- return a more correct error in case of policy violation
bump version of libdns and libisc
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/distrib/sets/lists/base/ad.mips64eb
cvs rdiff -u -r1.47 -r1.48 src/distrib/sets/lists/base/ad.mips64el
cvs rdiff -u -r1.122 -r1.123 src/distrib/sets/lists/base/md.amd64
cvs rdiff -u -r1.115 -r1.116 src/distrib/sets/lists/base/md.sparc64
cvs rdiff -u -r1.584 -r1.585 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/dist/bin/named/bind.keys.h
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/dist/bin/named/query.c
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/bind/dist/bin/named/server.c
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/dist/lib/dns/ncache.c \
src/external/bsd/bind/dist/lib/dns/xfrin.c \
src/external/bsd/bind/dist/lib/dns/zone.c
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/lib/dns/rbtdb.c
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/bind/dist/lib/dns/resolver.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/dist/lib/dns/validator.c
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/bind/dist/lib/isc/unix/socket.c
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/bind/lib/libdns/shlib_version
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/bind/lib/libisc/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/base/ad.mips64eb
diff -u src/distrib/sets/lists/base/ad.mips64eb:1.49 src/distrib/sets/lists/base/ad.mips64eb:1.50
--- src/distrib/sets/lists/base/ad.mips64eb:1.49 Fri May 13 01:56:27 2011
+++ src/distrib/sets/lists/base/ad.mips64eb Sun May 29 15:17:08 2011
@@ -1,4 +1,4 @@
-# $NetBSD: ad.mips64eb,v 1.49 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: ad.mips64eb,v 1.50 2011/05/29 15:17:08 spz Exp $
./libexec/ld.elf_so-64 base-compat-shlib compat,pic
./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic
./usr/lib/64 base-compat-lib
@@ -82,7 +82,7 @@
./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic
@@ -116,7 +116,7 @@
./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic
@@ -393,7 +393,7 @@
./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/ad.mips64el
diff -u src/distrib/sets/lists/base/ad.mips64el:1.47 src/distrib/sets/lists/base/ad.mips64el:1.48
--- src/distrib/sets/lists/base/ad.mips64el:1.47 Fri May 13 01:56:27 2011
+++ src/distrib/sets/lists/base/ad.mips64el Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-# $NetBSD: ad.mips64el,v 1.47 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: ad.mips64el,v 1.48 2011/05/29 15:17:09 spz Exp $
./libexec/ld.elf_so-64 base-compat-shlib compat,pic
./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic
./usr/lib/64 base-compat-lib
@@ -82,7 +82,7 @@
./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic
@@ -116,7 +116,7 @@
./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic
@@ -359,7 +359,7 @@
./usr/lib/o32/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/o32/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/o32/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/o32/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/o32/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/o32/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/o32/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/o32/libdwarf.so.0 base-compat-shlib compat,pic
@@ -393,7 +393,7 @@
./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/md.amd64
diff -u src/distrib/sets/lists/base/md.amd64:1.122 src/distrib/sets/lists/base/md.amd64:1.123
--- src/distrib/sets/lists/base/md.amd64:1.122 Fri May 13 01:56:27 2011
+++ src/distrib/sets/lists/base/md.amd64 Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.122 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: md.amd64,v 1.123 2011/05/29 15:17:09 spz Exp $
./dev/lms0 base-obsolete obsolete
./dev/mms0 base-obsolete obsolete
./libexec/ld.elf_so-i386 base-sys-shlib compat,pic
@@ -85,7 +85,7 @@
./usr/lib/i386/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/i386/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/i386/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/i386/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/i386/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/i386/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/i386/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/i386/libdwarf.so.0 base-compat-shlib compat,pic
@@ -121,7 +121,7 @@
./usr/lib/i386/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/i386/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/i386/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/i386/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/i386/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/i386/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/i386/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/i386/libisccfg.so.5 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/md.sparc64
diff -u src/distrib/sets/lists/base/md.sparc64:1.115 src/distrib/sets/lists/base/md.sparc64:1.116
--- src/distrib/sets/lists/base/md.sparc64:1.115 Fri May 13 01:56:27 2011
+++ src/distrib/sets/lists/base/md.sparc64 Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-# $NetBSD: md.sparc64,v 1.115 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: md.sparc64,v 1.116 2011/05/29 15:17:09 spz Exp $
./libexec/ld.elf_so-sparc base-sysutil-bin compat,pic
./sbin/edlabel base-sysutil-root obsolete
./usr/bin/fdformat base-util-bin
@@ -83,7 +83,7 @@
./usr/lib/sparc/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/sparc/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/sparc/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/sparc/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/sparc/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/sparc/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/sparc/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/sparc/libdwarf.so.0 base-compat-shlib compat,pic
@@ -117,7 +117,7 @@
./usr/lib/sparc/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/sparc/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/sparc/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/sparc/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/sparc/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/sparc/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/sparc/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/sparc/libisccfg.so.5 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.584 src/distrib/sets/lists/base/shl.mi:1.585
--- src/distrib/sets/lists/base/shl.mi:1.584 Fri May 13 01:56:27 2011
+++ src/distrib/sets/lists/base/shl.mi Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.584 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: shl.mi,v 1.585 2011/05/29 15:17:09 spz Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -198,7 +198,7 @@
./usr/lib/libdm.so.0.0 base-sys-shlib
./usr/lib/libdns.so base-bind-shlib
./usr/lib/libdns.so.5 base-bind-shlib
-./usr/lib/libdns.so.5.3 base-bind-shlib
+./usr/lib/libdns.so.5.4 base-bind-shlib
./usr/lib/libdns_sd.so base-mdns-shlib mdns
./usr/lib/libdns_sd.so.0 base-mdns-shlib mdns
./usr/lib/libdns_sd.so.0.0 base-mdns-shlib mdns
@@ -255,7 +255,7 @@
./usr/lib/libipsec.so.3.0 base-net-shlib
./usr/lib/libisc.so base-bind-shlib
./usr/lib/libisc.so.5 base-bind-shlib
-./usr/lib/libisc.so.5.3 base-bind-shlib
+./usr/lib/libisc.so.5.4 base-bind-shlib
./usr/lib/libisccc.so base-bind-shlib
./usr/lib/libisccc.so.5 base-bind-shlib
./usr/lib/libisccc.so.5.3 base-bind-shlib
Index: src/external/bsd/bind/dist/bin/named/bind.keys.h
diff -u src/external/bsd/bind/dist/bin/named/bind.keys.h:1.2 src/external/bsd/bind/dist/bin/named/bind.keys.h:1.3
--- src/external/bsd/bind/dist/bin/named/bind.keys.h:1.2 Wed Feb 16 03:46:45 2011
+++ src/external/bsd/bind/dist/bin/named/bind.keys.h Sun May 29 15:17:09 2011
@@ -1,8 +1,8 @@
-/* $NetBSD: bind.keys.h,v 1.2 2011/02/16 03:46:45 christos Exp $ */
+/* $NetBSD: bind.keys.h,v 1.3 2011/05/29 15:17:09 spz Exp $ */
/*
- * Generated by bindkeys.pl 1.7 2011/01/04 23:47:13 tbox Exp
- * From bind.keys 1.7 2011/01/03 23:45:07 each Exp
+ * Generated by bindkeys.pl 1.7 2011-01-04 23:47:13 tbox Exp
+ * From bind.keys 1.7 2011-01-03 23:45:07 each Exp
*/
#define TRUSTED_KEYS "\
# The bind.keys file is used to override the built-in DNSSEC trust anchors\n\
Index: src/external/bsd/bind/dist/bin/named/query.c
diff -u src/external/bsd/bind/dist/bin/named/query.c:1.3 src/external/bsd/bind/dist/bin/named/query.c:1.4
--- src/external/bsd/bind/dist/bin/named/query.c:1.3 Fri May 6 15:28:19 2011
+++ src/external/bsd/bind/dist/bin/named/query.c Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.3 2011/05/06 15:28:19 taca Exp $ */
+/* $NetBSD: query.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: query.c,v 1.353.8.1 2011-02-03 07:39:02 marka Exp */
+/* Id: query.c,v 1.353.8.2.2.1 2011-04-27 17:06:27 each Exp */
/*! \file */
@@ -4043,8 +4043,8 @@
version = NULL;
result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version);
if (result != ISC_R_SUCCESS) {
- *policyp = DNS_RPZ_POLICY_ERROR;
- return (DNS_R_SERVFAIL);
+ *policyp = DNS_RPZ_POLICY_MISS;
+ return (DNS_R_NXDOMAIN);
}
dns_fixedname_init(&fixed);
Index: src/external/bsd/bind/dist/bin/named/server.c
diff -u src/external/bsd/bind/dist/bin/named/server.c:1.8 src/external/bsd/bind/dist/bin/named/server.c:1.9
--- src/external/bsd/bind/dist/bin/named/server.c:1.8 Wed Feb 16 03:46:46 2011
+++ src/external/bsd/bind/dist/bin/named/server.c Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: server.c,v 1.8 2011/02/16 03:46:46 christos Exp $ */
+/* $NetBSD: server.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: server.c,v 1.599.8.3 2011-02-03 12:17:49 tbox Exp */
+/* Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp */
/*! \file */
@@ -3478,6 +3478,7 @@
if (pview != NULL && pview->managed_keys != NULL) {
dns_zone_attach(pview->managed_keys, &view->managed_keys);
+ dns_zone_setview(pview->managed_keys, view);
dns_view_detach(&pview);
return (ISC_R_SUCCESS);
}
Index: src/external/bsd/bind/dist/lib/dns/ncache.c
diff -u src/external/bsd/bind/dist/lib/dns/ncache.c:1.2 src/external/bsd/bind/dist/lib/dns/ncache.c:1.3
--- src/external/bsd/bind/dist/lib/dns/ncache.c:1.2 Wed Feb 16 03:47:04 2011
+++ src/external/bsd/bind/dist/lib/dns/ncache.c Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ncache.c,v 1.2 2011/02/16 03:47:04 christos Exp $ */
+/* $NetBSD: ncache.c,v 1.3 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp */
+/* Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp */
/*! \file */
@@ -188,7 +188,7 @@
*/
isc_buffer_availableregion(&buffer,
&r);
- if (r.length < 2)
+ if (r.length < 3)
return (ISC_R_NOSPACE);
isc_buffer_putuint16(&buffer,
rdataset->type);
Index: src/external/bsd/bind/dist/lib/dns/xfrin.c
diff -u src/external/bsd/bind/dist/lib/dns/xfrin.c:1.2 src/external/bsd/bind/dist/lib/dns/xfrin.c:1.3
--- src/external/bsd/bind/dist/lib/dns/xfrin.c:1.2 Wed Feb 16 03:47:05 2011
+++ src/external/bsd/bind/dist/lib/dns/xfrin.c Sun May 29 15:17:10 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: xfrin.c,v 1.2 2011/02/16 03:47:05 christos Exp $ */
+/* $NetBSD: xfrin.c,v 1.3 2011/05/29 15:17:10 spz Exp $ */
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: xfrin.c,v 1.166 2008-09-25 04:12:39 marka Exp */
+/* Id: xfrin.c,v 1.166.522.2 2011-02-19 01:21:27 each Exp */
/*! \file */
@@ -85,8 +85,9 @@
XFRST_IXFR_DEL,
XFRST_IXFR_ADDSOA,
XFRST_IXFR_ADD,
+ XFRST_IXFR_END,
XFRST_AXFR,
- XFRST_END
+ XFRST_AXFR_END
} xfrin_state_t;
/*%
@@ -205,6 +206,7 @@
dns_rdata_t *rdata);
static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr);
static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr);
+static isc_result_t axfr_finalize(dns_xfrin_ctx_t *xfr);
static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr);
static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr);
@@ -320,6 +322,16 @@
CHECK(axfr_apply(xfr));
CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private));
+
+ result = ISC_R_SUCCESS;
+ failure:
+ return (result);
+}
+
+static isc_result_t
+axfr_finalize(dns_xfrin_ctx_t *xfr) {
+ isc_result_t result;
+
CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE));
result = ISC_R_SUCCESS;
@@ -543,7 +555,7 @@
isc_uint32_t soa_serial = dns_soa_getserial(rdata);
if (soa_serial == xfr->end_serial) {
CHECK(ixfr_commit(xfr));
- xfr->state = XFRST_END;
+ xfr->state = XFRST_IXFR_END;
break;
} else if (soa_serial != xfr->ixfr.current_serial) {
xfrin_log(xfr, ISC_LOG_ERROR,
@@ -574,11 +586,12 @@
CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
if (rdata->type == dns_rdatatype_soa) {
CHECK(axfr_commit(xfr));
- xfr->state = XFRST_END;
+ xfr->state = XFRST_AXFR_END;
break;
}
break;
- case XFRST_END:
+ case XFRST_AXFR_END:
+ case XFRST_IXFR_END:
FAIL(DNS_R_EXTRADATA);
default:
INSIST(0);
@@ -1320,8 +1333,9 @@
} else if (dns_message_gettsigkey(msg) != NULL) {
xfr->sincetsig++;
- if (xfr->sincetsig > 100 ||
- xfr->nmsg == 0 || xfr->state == XFRST_END)
+ if (xfr->sincetsig > 100 || xfr->nmsg == 0 ||
+ xfr->state == XFRST_AXFR_END ||
+ xfr->state == XFRST_IXFR_END)
{
result = DNS_R_EXPECTEDTSIG;
goto failure;
@@ -1347,16 +1361,22 @@
dns_message_destroy(&msg);
- if (xfr->state == XFRST_GOTSOA) {
+ switch (xfr->state) {
+ case XFRST_GOTSOA:
xfr->reqtype = dns_rdatatype_axfr;
xfr->state = XFRST_INITIALSOA;
CHECK(xfrin_send_request(xfr));
- } else if (xfr->state == XFRST_END) {
+ break;
+ case XFRST_AXFR_END:
+ CHECK(axfr_finalize(xfr));
+ /* FALLTHROUGH */
+ case XFRST_IXFR_END:
/*
* Close the journal.
*/
if (xfr->ixfr.journal != NULL)
dns_journal_destroy(&xfr->ixfr.journal);
+
/*
* Inform the caller we succeeded.
*/
@@ -1370,7 +1390,8 @@
*/
xfr->shuttingdown = ISC_TRUE;
maybe_free(xfr);
- } else {
+ break;
+ default:
/*
* Read the next message.
*/
Index: src/external/bsd/bind/dist/lib/dns/zone.c
diff -u src/external/bsd/bind/dist/lib/dns/zone.c:1.2 src/external/bsd/bind/dist/lib/dns/zone.c:1.3
--- src/external/bsd/bind/dist/lib/dns/zone.c:1.2 Wed Feb 16 03:47:05 2011
+++ src/external/bsd/bind/dist/lib/dns/zone.c Sun May 29 15:17:10 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: zone.c,v 1.2 2011/02/16 03:47:05 christos Exp $ */
+/* $NetBSD: zone.c,v 1.3 2011/05/29 15:17:10 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: zone.c,v 1.582.8.2 2011-02-07 00:14:30 marka Exp */
+/* Id: zone.c,v 1.582.8.7 2011-02-18 23:23:08 each Exp */
/*! \file */
@@ -7918,7 +7918,8 @@
dns_zone_markdirty(dns_zone_t *zone) {
LOCK_ZONE(zone);
- set_resigntime(zone); /* XXXMPA make separate call back */
+ if (zone->type == dns_zone_master)
+ set_resigntime(zone); /* XXXMPA make separate call back */
zone_needdump(zone, DNS_DUMP_DELAY);
UNLOCK_ZONE(zone);
}
@@ -13605,7 +13606,8 @@
if (tuple->rdata.type != dns_rdatatype_dnskey)
continue;
- dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+ result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
if ((dnskey.flags &
(DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
!= DNS_KEYOWNER_ZONE)
@@ -13651,13 +13653,14 @@
static isc_result_t
sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
- dns_rdatatype_t type, dns_diff_t *diff)
+ dns_diff_t *diff, dns_diff_t *sig_diff)
{
isc_result_t result;
isc_stdtime_t now, inception, soaexpire;
isc_boolean_t check_ksk, keyset_kskonly;
dst_key_t *zone_keys[MAXZONEKEYS];
unsigned int nkeys = 0, i;
+ dns_difftuple_t *tuple;
result = find_zone_keys(zone, db, ver, zone->mctx, MAXZONEKEYS,
zone_keys, &nkeys);
@@ -13675,22 +13678,52 @@
check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
- result = del_sigs(zone, db, ver, &zone->origin, type, diff,
- zone_keys, nkeys, now);
+ /*
+ * See if update_sigs will update DNSKEY signature and if not
+ * cause them to sign so that so that newly activated keys
+ * are used.
+ */
+ for (tuple = ISC_LIST_HEAD(diff->tuples);
+ tuple != NULL;
+ tuple = ISC_LIST_NEXT(tuple, link)) {
+ if (tuple->rdata.type == dns_rdatatype_dnskey &&
+ dns_name_equal(&tuple->name, &zone->origin))
+ break;
+ }
+
+ if (tuple == NULL) {
+ result = del_sigs(zone, db, ver, &zone->origin,
+ dns_rdatatype_dnskey, sig_diff,
+ zone_keys, nkeys, now);
+ if (result != ISC_R_SUCCESS) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "sign_apex:del_sigs -> %s\n",
+ dns_result_totext(result));
+ goto failure;
+ }
+ result = add_sigs(db, ver, &zone->origin, dns_rdatatype_dnskey,
+ sig_diff, zone_keys, nkeys, zone->mctx,
+ inception, soaexpire, check_ksk,
+ keyset_kskonly);
+ if (result != ISC_R_SUCCESS) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "sign_apex:add_sigs -> %s\n",
+ dns_result_totext(result));
+ goto failure;
+ }
+ }
+
+ result = update_sigs(diff, db, ver, zone_keys, nkeys, zone,
+ inception, soaexpire, now, check_ksk,
+ keyset_kskonly, sig_diff);
+
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
- "sign_apex:del_sigs -> %s\n",
+ "sign_apex:update_sigs -> %s\n",
dns_result_totext(result));
goto failure;
}
- result = add_sigs(db, ver, &zone->origin, type, diff, zone_keys,
- nkeys, zone->mctx, inception, soaexpire,
- check_ksk, keyset_kskonly);
-
- if (result != ISC_R_SUCCESS)
- dns_zone_log(zone, ISC_LOG_ERROR, "sign_apex:add_sigs -> %s\n",
- dns_result_totext(result));
failure:
for (i = 0; i < nkeys; i++)
dst_key_free(&zone_keys[i]);
@@ -13806,6 +13839,26 @@
return (ISC_FALSE);
}
+static isc_result_t
+add_chains(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
+ dns_diff_t *diff)
+{
+ dns_name_t *origin;
+ isc_boolean_t build_nsec3;
+ isc_result_t result;
+
+ origin = dns_db_origin(db);
+ CHECK(dns_private_chains(db, ver, zone->privatetype, NULL,
+ &build_nsec3));
+ if (build_nsec3)
+ CHECK(dns_nsec3_addnsec3sx(db, ver, origin, zone->minimum,
+ ISC_FALSE, zone->privatetype, diff));
+ CHECK(updatesecure(db, ver, origin, zone->minimum, ISC_TRUE, diff));
+
+ failure:
+ return (result);
+}
+
static void
zone_rekey(dns_zone_t *zone) {
isc_result_t result;
@@ -13815,7 +13868,7 @@
dns_rdataset_t soaset, soasigs, keyset, keysigs;
dns_dnsseckeylist_t dnskeys, keys, rmkeys;
dns_dnsseckey_t *key;
- dns_diff_t diff;
+ dns_diff_t diff, sig_diff;
isc_boolean_t commit = ISC_FALSE, newactive = ISC_FALSE;
isc_boolean_t fullsign;
dns_ttl_t ttl = 3600;
@@ -13838,6 +13891,7 @@
dir = dns_zone_getkeydirectory(zone);
mctx = zone->mctx;
dns_diff_init(mctx, &diff);
+ dns_diff_init(mctx, &sig_diff);
CHECK(dns_zone_getdb(zone, &db));
CHECK(dns_db_newversion(db, &ver));
@@ -13906,14 +13960,12 @@
dnskey_sane(zone, db, ver, &diff)) {
CHECK(dns_diff_apply(&diff, db, ver));
CHECK(clean_nsec3param(zone, db, ver, &diff));
- CHECK(sign_apex(zone, db, ver, dns_rdatatype_dnskey,
- &diff));
CHECK(add_signing_records(db, zone->privatetype, ver,
&diff));
CHECK(increment_soa_serial(db, ver, &diff, mctx));
- CHECK(sign_apex(zone, db, ver, dns_rdatatype_soa,
- &diff));
- CHECK(zone_journal(zone, &diff, "zone_rekey"));
+ CHECK(add_chains(zone, db, ver, &diff));
+ CHECK(sign_apex(zone, db, ver, &diff, &sig_diff));
+ CHECK(zone_journal(zone, &sig_diff, "zone_rekey"));
commit = ISC_TRUE;
}
}
@@ -13938,7 +13990,7 @@
* Has a new key become active? If so, is it for
* a new algorithm?
*/
- for (tuple = ISC_LIST_HEAD(diff.tuples);
+ for (tuple = ISC_LIST_HEAD(sig_diff.tuples);
tuple != NULL;
tuple = ISC_LIST_NEXT(tuple, link)) {
dns_rdata_dnskey_t dnskey;
@@ -14017,7 +14069,7 @@
* the full zone, but only with the newly-added
* keys.
*/
- for (tuple = ISC_LIST_HEAD(diff.tuples);
+ for (tuple = ISC_LIST_HEAD(sig_diff.tuples);
tuple != NULL;
tuple = ISC_LIST_NEXT(tuple, link)) {
dns_rdata_dnskey_t dnskey;
@@ -14037,9 +14089,7 @@
keyid = dst_region_computeid(&r, algorithm);
result = zone_signwithkey(zone, algorithm,
- keyid,
- ISC_TF(tuple->op ==
- DNS_DIFFOP_DEL));
+ keyid, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_signwithkey failed: %s",
@@ -14058,7 +14108,7 @@
* Cause the zone to add/delete NSEC3 chains for the
* deferred NSEC3PARAM changes.
*/
- for (tuple = ISC_LIST_HEAD(diff.tuples);
+ for (tuple = ISC_LIST_HEAD(sig_diff.tuples);
tuple != NULL;
tuple = ISC_LIST_NEXT(tuple, link)) {
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
@@ -14072,7 +14122,8 @@
if (!dns_nsec3param_fromprivate(&tuple->rdata, &rdata,
buf, sizeof(buf)))
continue;
- dns_rdata_tostruct(&rdata, &nsec3param, NULL);
+ result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (nsec3param.flags == 0)
continue;
@@ -14131,6 +14182,7 @@
failure:
dns_diff_clear(&diff);
+ dns_diff_clear(&sig_diff);
clear_keylist(&dnskeys, mctx);
clear_keylist(&keys, mctx);
Index: src/external/bsd/bind/dist/lib/dns/rbtdb.c
diff -u src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.7 src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.8
--- src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.7 Wed Feb 16 03:47:04 2011
+++ src/external/bsd/bind/dist/lib/dns/rbtdb.c Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: rbtdb.c,v 1.7 2011/02/16 03:47:04 christos Exp $ */
+/* $NetBSD: rbtdb.c,v 1.8 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: rbtdb.c,v 1.310 2011-01-13 09:53:04 marka Exp */
+/* Id: rbtdb.c,v 1.310.8.1 2011-02-18 23:23:08 each Exp */
/*! \file */
@@ -394,12 +394,15 @@
typedef struct {
/* Unlocked. */
dns_db_t common;
+ /* Locks the data in this struct */
#if DNS_RBTDB_USERWLOCK
isc_rwlock_t lock;
#else
isc_mutex_t lock;
#endif
+ /* Locks the tree structure (prevents nodes appearing/disappearing) */
isc_rwlock_t tree_lock;
+ /* Locks for individual tree nodes */
unsigned int node_lock_count;
rbtdb_nodelock_t * node_locks;
dns_rbtnode_t * origin_node;
@@ -7266,7 +7269,7 @@
REQUIRE(VALID_RBTDB(rbtdb));
- RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
+ RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
for (i = 0; i < rbtdb->node_lock_count; i++) {
NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_read);
@@ -7302,7 +7305,7 @@
result = ISC_R_SUCCESS;
unlock:
- RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read);
+ RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
return (result);
}
@@ -7324,7 +7327,7 @@
header = rdataset->private3;
header--;
- RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
+ RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
NODE_LOCK(&rbtdb->node_locks[node->locknum].lock,
isc_rwlocktype_write);
/*
@@ -7338,7 +7341,7 @@
NODE_UNLOCK(&rbtdb->node_locks[node->locknum].lock,
isc_rwlocktype_write);
- RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
+ RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
}
static dns_stats_t *
Index: src/external/bsd/bind/dist/lib/dns/resolver.c
diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.8 src/external/bsd/bind/dist/lib/dns/resolver.c:1.9
--- src/external/bsd/bind/dist/lib/dns/resolver.c:1.8 Wed Feb 16 03:47:04 2011
+++ src/external/bsd/bind/dist/lib/dns/resolver.c Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.8 2011/02/16 03:47:04 christos Exp $ */
+/* $NetBSD: resolver.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: resolver.c,v 1.428.6.3 2011-02-08 22:56:53 marka Exp */
+/* Id: resolver.c,v 1.428.6.5 2011-02-18 23:41:51 mgraff Exp */
/*! \file */
@@ -2366,77 +2366,13 @@
}
/*
- * Return 'bits' bits of random entropy from fctx->rand_buf,
- * refreshing it by calling isc_random_get() whenever the requested
- * number of bits is greater than the number in the buffer.
- */
-static inline isc_uint32_t
-random_bits(fetchctx_t *fctx, isc_uint32_t bits) {
- isc_uint32_t ret = 0;
-
- REQUIRE(VALID_FCTX(fctx));
- REQUIRE(bits <= 32);
- if (bits == 0)
- return (0);
-
- if (bits >= fctx->rand_bits) {
- /* if rand_bits == 0, this is unnecessary but harmless */
- bits -= fctx->rand_bits;
- ret = fctx->rand_buf << bits;
-
- /* refresh random buffer now */
- isc_random_get(&fctx->rand_buf);
- fctx->rand_bits = sizeof(fctx->rand_buf) * CHAR_BIT;
- }
-
- if (bits > 0) {
- isc_uint32_t mask = 0xffffffff;
- if (bits < 32) {
- mask = (1 << bits) - 1;
- }
-
- ret |= fctx->rand_buf & mask;
- fctx->rand_buf >>= bits;
- fctx->rand_bits -= bits;
- }
-
- return (ret);
-}
-
-/*
- * Add some random jitter to a server's RTT value so that the
- * order of queries will be unpredictable.
- *
- * RTT values of servers which have been tried are fuzzed by 128 ms.
- * Servers that haven't been tried yet have their RTT set to a random
- * value between 0 ms and 7 ms; they should get to go first, but in
- * unpredictable order.
- */
-static inline void
-randomize_srtt(fetchctx_t *fctx, dns_adbaddrinfo_t *ai) {
- if (TRIED(ai)) {
- ai->srtt >>= 10; /* convert to milliseconds, near enough */
- ai->srtt |= (ai->srtt & 0x80) | random_bits(fctx, 7);
- ai->srtt <<= 10; /* now back to microseconds */
- } else
- ai->srtt = random_bits(fctx, 3) << 10;
-}
-
-/*
- * Sort addrinfo list by RTT (with random jitter)
+ * Sort addrinfo list by RTT.
*/
static void
-sort_adbfind(fetchctx_t *fctx, dns_adbfind_t *find) {
+sort_adbfind(dns_adbfind_t *find) {
dns_adbaddrinfo_t *best, *curr;
dns_adbaddrinfolist_t sorted;
- /* Add jitter to SRTT values */
- curr = ISC_LIST_HEAD(find->list);
- while (curr != NULL) {
- randomize_srtt(fctx, curr);
- curr = ISC_LIST_NEXT(curr, publink);
- }
-
/* Lame N^2 bubble sort. */
ISC_LIST_INIT(sorted);
while (!ISC_LIST_EMPTY(find->list)) {
@@ -2454,19 +2390,19 @@
}
/*
- * Sort a list of finds by server RTT (with random jitter)
+ * Sort a list of finds by server RTT.
*/
static void
-sort_finds(fetchctx_t *fctx, dns_adbfindlist_t *findlist) {
+sort_finds(dns_adbfindlist_t *findlist) {
dns_adbfind_t *best, *curr;
dns_adbfindlist_t sorted;
dns_adbaddrinfo_t *addrinfo, *bestaddrinfo;
- /* Sort each find's addrinfo list by SRTT (after adding jitter) */
+ /* Sort each find's addrinfo list by SRTT. */
for (curr = ISC_LIST_HEAD(*findlist);
curr != NULL;
curr = ISC_LIST_NEXT(curr, publink))
- sort_adbfind(fctx, curr);
+ sort_adbfind(curr);
/* Lame N^2 bubble sort. */
ISC_LIST_INIT(sorted);
@@ -2851,8 +2787,8 @@
* We've found some addresses. We might still be looking
* for more addresses.
*/
- sort_finds(fctx, &fctx->finds);
- sort_finds(fctx, &fctx->altfinds);
+ sort_finds(&fctx->finds);
+ sort_finds(&fctx->altfinds);
result = ISC_R_SUCCESS;
}
Index: src/external/bsd/bind/dist/lib/dns/validator.c
diff -u src/external/bsd/bind/dist/lib/dns/validator.c:1.3 src/external/bsd/bind/dist/lib/dns/validator.c:1.4
--- src/external/bsd/bind/dist/lib/dns/validator.c:1.3 Wed Feb 16 03:47:05 2011
+++ src/external/bsd/bind/dist/lib/dns/validator.c Sun May 29 15:17:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: validator.c,v 1.3 2011/02/16 03:47:05 christos Exp $ */
+/* $NetBSD: validator.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: validator.c,v 1.197 2010-12-23 04:07:58 marka Exp */
+/* Id: validator.c,v 1.197.40.1 2011-05-27 00:57:31 each Exp */
#include <config.h>
@@ -430,7 +430,8 @@
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "keyset with trust %d", rdataset->trust);
+ "keyset with trust %s",
+ dns_trust_totext(rdataset->trust));
/*
* Only extract the dst key if the keyset is secure.
*/
@@ -507,7 +508,8 @@
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "dsset with trust %d", rdataset->trust);
+ "dsset with trust %s",
+ dns_trust_totext(rdataset->trust));
val->dsset = &val->frdataset;
result = validatezonekey(val);
if (result != DNS_R_WAIT)
@@ -662,7 +664,8 @@
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "keyset with trust %d", val->frdataset.trust);
+ "keyset with trust %s",
+ dns_trust_totext(val->frdataset.trust));
/*
* Only extract the dst key if the keyset is secure.
*/
@@ -733,10 +736,10 @@
isc_boolean_t have_dsset;
dns_name_t *name;
validator_log(val, ISC_LOG_DEBUG(3),
- "%s with trust %d",
+ "%s with trust %s",
val->frdataset.type == dns_rdatatype_ds ?
"dsset" : "ds non-existance",
- val->frdataset.trust);
+ dns_trust_totext(val->frdataset.trust));
have_dsset = ISC_TF(val->frdataset.type == dns_rdatatype_ds);
name = dns_fixedname_name(&val->fname);
if ((val->attributes & VALATTR_INSECURITY) != 0 &&
@@ -1387,8 +1390,8 @@
INSIST(type == dns_rdatatype_dlv);
if (val->frdataset.trust != dns_trust_secure) {
validator_log(val, ISC_LOG_DEBUG(3),
- "covering nsec: trust %u",
- val->frdataset.trust);
+ "covering nsec: trust %s",
+ dns_trust_totext(val->frdataset.trust));
goto notfound;
}
result = dns_rdataset_first(&val->frdataset);
@@ -1723,8 +1726,8 @@
* See if we've got the key used in the signature.
*/
validator_log(val, ISC_LOG_DEBUG(3),
- "keyset with trust %d",
- val->frdataset.trust);
+ "keyset with trust %s",
+ dns_trust_totext(val->frdataset.trust));
result = get_dst_key(val, siginfo, val->keyset);
if (result != ISC_R_SUCCESS) {
/*
@@ -2494,8 +2497,11 @@
" insecure DS");
return (DNS_R_MUSTBESECURE);
}
- markanswer(val, "validatezonekey (2)");
- return (ISC_R_SUCCESS);
+ if (val->view->dlv == NULL || DLVTRIED(val)) {
+ markanswer(val, "validatezonekey (2)");
+ return (ISC_R_SUCCESS);
+ }
+ return (startfinddlvsep(val, val->event->name));
}
/*
@@ -3233,7 +3239,8 @@
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "dlvset with trust %d", val->frdataset.trust);
+ "dlvset with trust %s",
+ dns_trust_totext(val->frdataset.trust));
dns_rdataset_clone(&val->frdataset, &val->dlv);
val->havedlvsep = ISC_TRUE;
if (dlv_algorithm_supported(val))
Index: src/external/bsd/bind/dist/lib/isc/unix/socket.c
diff -u src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.5 src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.6
--- src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.5 Wed Feb 16 03:47:15 2011
+++ src/external/bsd/bind/dist/lib/isc/unix/socket.c Sun May 29 15:17:10 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: socket.c,v 1.5 2011/02/16 03:47:15 christos Exp $ */
+/* $NetBSD: socket.c,v 1.6 2011/05/29 15:17:10 spz Exp $ */
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: socket.c,v 1.333.14.1 2011-02-03 05:50:07 marka Exp */
+/* Id: socket.c,v 1.333.14.2 2011-02-18 04:01:16 marka Exp */
/*! \file */
@@ -688,6 +688,8 @@
isc_sockstatscounter_fdwatchrecvfail
};
+#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) || \
+ defined(USE_WATCHER_THREAD)
static void
manager_log(isc__socketmgr_t *sockmgr,
isc_logcategory_t *category, isc_logmodule_t *module, int level,
@@ -710,6 +712,7 @@
isc_log_write(isc_lctx, category, module, level,
"sockmgr %p: %s", sockmgr, msgbuf);
}
+#endif
static void
socket_log(isc__socket_t *sock, isc_sockaddr_t *address,
Index: src/external/bsd/bind/lib/libdns/shlib_version
diff -u src/external/bsd/bind/lib/libdns/shlib_version:1.6 src/external/bsd/bind/lib/libdns/shlib_version:1.7
--- src/external/bsd/bind/lib/libdns/shlib_version:1.6 Wed Feb 16 03:47:21 2011
+++ src/external/bsd/bind/lib/libdns/shlib_version Sun May 29 15:17:10 2011
@@ -1,5 +1,5 @@
-# $NetBSD: shlib_version,v 1.6 2011/02/16 03:47:21 christos Exp $
+# $NetBSD: shlib_version,v 1.7 2011/05/29 15:17:10 spz Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=5
-minor=3
+minor=4
Index: src/external/bsd/bind/lib/libisc/shlib_version
diff -u src/external/bsd/bind/lib/libisc/shlib_version:1.6 src/external/bsd/bind/lib/libisc/shlib_version:1.7
--- src/external/bsd/bind/lib/libisc/shlib_version:1.6 Wed Feb 16 03:47:21 2011
+++ src/external/bsd/bind/lib/libisc/shlib_version Sun May 29 15:17:10 2011
@@ -1,5 +1,5 @@
-# $NetBSD: shlib_version,v 1.6 2011/02/16 03:47:21 christos Exp $
+# $NetBSD: shlib_version,v 1.7 2011/05/29 15:17:10 spz Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=5
-minor=3
+minor=4
