Module Name: src Committed By: spz Date: Sun May 29 15:17:10 UTC 2011
Modified Files: src/distrib/sets/lists/base: ad.mips64eb ad.mips64el md.amd64 md.sparc64 shl.mi src/external/bsd/bind/dist/bin/named: bind.keys.h query.c server.c src/external/bsd/bind/dist/lib/dns: ncache.c rbtdb.c resolver.c validator.c xfrin.c zone.c src/external/bsd/bind/dist/lib/isc/unix: socket.c src/external/bsd/bind/lib/libdns: shlib_version src/external/bsd/bind/lib/libisc: shlib_version Log Message: merge 9.8.0-P2: - fixes CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named - fixes CVE-2011-0414: bind lockup during IXFR - return a more correct error in case of policy violation bump version of libdns and libisc To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/distrib/sets/lists/base/ad.mips64eb cvs rdiff -u -r1.47 -r1.48 src/distrib/sets/lists/base/ad.mips64el cvs rdiff -u -r1.122 -r1.123 src/distrib/sets/lists/base/md.amd64 cvs rdiff -u -r1.115 -r1.116 src/distrib/sets/lists/base/md.sparc64 cvs rdiff -u -r1.584 -r1.585 src/distrib/sets/lists/base/shl.mi cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/dist/bin/named/bind.keys.h cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/dist/bin/named/query.c cvs rdiff -u -r1.8 -r1.9 src/external/bsd/bind/dist/bin/named/server.c cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/dist/lib/dns/ncache.c \ src/external/bsd/bind/dist/lib/dns/xfrin.c \ src/external/bsd/bind/dist/lib/dns/zone.c cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/lib/dns/rbtdb.c cvs rdiff -u -r1.8 -r1.9 src/external/bsd/bind/dist/lib/dns/resolver.c cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/dist/lib/dns/validator.c cvs rdiff -u -r1.5 -r1.6 src/external/bsd/bind/dist/lib/isc/unix/socket.c cvs rdiff -u -r1.6 -r1.7 src/external/bsd/bind/lib/libdns/shlib_version cvs rdiff -u -r1.6 -r1.7 src/external/bsd/bind/lib/libisc/shlib_version Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/distrib/sets/lists/base/ad.mips64eb diff -u src/distrib/sets/lists/base/ad.mips64eb:1.49 src/distrib/sets/lists/base/ad.mips64eb:1.50 --- src/distrib/sets/lists/base/ad.mips64eb:1.49 Fri May 13 01:56:27 2011 +++ src/distrib/sets/lists/base/ad.mips64eb Sun May 29 15:17:08 2011 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64eb,v 1.49 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: ad.mips64eb,v 1.50 2011/05/29 15:17:08 spz Exp $ ./libexec/ld.elf_so-64 base-compat-shlib compat,pic ./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -82,7 +82,7 @@ ./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic @@ -116,7 +116,7 @@ ./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic @@ -393,7 +393,7 @@ ./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic Index: src/distrib/sets/lists/base/ad.mips64el diff -u src/distrib/sets/lists/base/ad.mips64el:1.47 src/distrib/sets/lists/base/ad.mips64el:1.48 --- src/distrib/sets/lists/base/ad.mips64el:1.47 Fri May 13 01:56:27 2011 +++ src/distrib/sets/lists/base/ad.mips64el Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64el,v 1.47 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: ad.mips64el,v 1.48 2011/05/29 15:17:09 spz Exp $ ./libexec/ld.elf_so-64 base-compat-shlib compat,pic ./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -82,7 +82,7 @@ ./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic @@ -116,7 +116,7 @@ ./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic @@ -359,7 +359,7 @@ ./usr/lib/o32/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/o32/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/o32/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/o32/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/o32/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/o32/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/o32/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/o32/libdwarf.so.0 base-compat-shlib compat,pic @@ -393,7 +393,7 @@ ./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic Index: src/distrib/sets/lists/base/md.amd64 diff -u src/distrib/sets/lists/base/md.amd64:1.122 src/distrib/sets/lists/base/md.amd64:1.123 --- src/distrib/sets/lists/base/md.amd64:1.122 Fri May 13 01:56:27 2011 +++ src/distrib/sets/lists/base/md.amd64 Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -# $NetBSD: md.amd64,v 1.122 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: md.amd64,v 1.123 2011/05/29 15:17:09 spz Exp $ ./dev/lms0 base-obsolete obsolete ./dev/mms0 base-obsolete obsolete ./libexec/ld.elf_so-i386 base-sys-shlib compat,pic @@ -85,7 +85,7 @@ ./usr/lib/i386/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/i386/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/i386/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/i386/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/i386/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/i386/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/i386/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/i386/libdwarf.so.0 base-compat-shlib compat,pic @@ -121,7 +121,7 @@ ./usr/lib/i386/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/i386/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/i386/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/i386/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/i386/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/i386/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/i386/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/i386/libisccfg.so.5 base-compat-shlib compat,pic Index: src/distrib/sets/lists/base/md.sparc64 diff -u src/distrib/sets/lists/base/md.sparc64:1.115 src/distrib/sets/lists/base/md.sparc64:1.116 --- src/distrib/sets/lists/base/md.sparc64:1.115 Fri May 13 01:56:27 2011 +++ src/distrib/sets/lists/base/md.sparc64 Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -# $NetBSD: md.sparc64,v 1.115 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: md.sparc64,v 1.116 2011/05/29 15:17:09 spz Exp $ ./libexec/ld.elf_so-sparc base-sysutil-bin compat,pic ./sbin/edlabel base-sysutil-root obsolete ./usr/bin/fdformat base-util-bin @@ -83,7 +83,7 @@ ./usr/lib/sparc/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/sparc/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/sparc/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/sparc/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/sparc/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/sparc/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/sparc/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/sparc/libdwarf.so.0 base-compat-shlib compat,pic @@ -117,7 +117,7 @@ ./usr/lib/sparc/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/sparc/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/sparc/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/sparc/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/sparc/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/sparc/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/sparc/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/sparc/libisccfg.so.5 base-compat-shlib compat,pic Index: src/distrib/sets/lists/base/shl.mi diff -u src/distrib/sets/lists/base/shl.mi:1.584 src/distrib/sets/lists/base/shl.mi:1.585 --- src/distrib/sets/lists/base/shl.mi:1.584 Fri May 13 01:56:27 2011 +++ src/distrib/sets/lists/base/shl.mi Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.584 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: shl.mi,v 1.585 2011/05/29 15:17:09 spz Exp $ # # Note: Don't delete entries from here - mark them as "obsolete" instead, # unless otherwise stated below. @@ -198,7 +198,7 @@ ./usr/lib/libdm.so.0.0 base-sys-shlib ./usr/lib/libdns.so base-bind-shlib ./usr/lib/libdns.so.5 base-bind-shlib -./usr/lib/libdns.so.5.3 base-bind-shlib +./usr/lib/libdns.so.5.4 base-bind-shlib ./usr/lib/libdns_sd.so base-mdns-shlib mdns ./usr/lib/libdns_sd.so.0 base-mdns-shlib mdns ./usr/lib/libdns_sd.so.0.0 base-mdns-shlib mdns @@ -255,7 +255,7 @@ ./usr/lib/libipsec.so.3.0 base-net-shlib ./usr/lib/libisc.so base-bind-shlib ./usr/lib/libisc.so.5 base-bind-shlib -./usr/lib/libisc.so.5.3 base-bind-shlib +./usr/lib/libisc.so.5.4 base-bind-shlib ./usr/lib/libisccc.so base-bind-shlib ./usr/lib/libisccc.so.5 base-bind-shlib ./usr/lib/libisccc.so.5.3 base-bind-shlib Index: src/external/bsd/bind/dist/bin/named/bind.keys.h diff -u src/external/bsd/bind/dist/bin/named/bind.keys.h:1.2 src/external/bsd/bind/dist/bin/named/bind.keys.h:1.3 --- src/external/bsd/bind/dist/bin/named/bind.keys.h:1.2 Wed Feb 16 03:46:45 2011 +++ src/external/bsd/bind/dist/bin/named/bind.keys.h Sun May 29 15:17:09 2011 @@ -1,8 +1,8 @@ -/* $NetBSD: bind.keys.h,v 1.2 2011/02/16 03:46:45 christos Exp $ */ +/* $NetBSD: bind.keys.h,v 1.3 2011/05/29 15:17:09 spz Exp $ */ /* - * Generated by bindkeys.pl 1.7 2011/01/04 23:47:13 tbox Exp - * From bind.keys 1.7 2011/01/03 23:45:07 each Exp + * Generated by bindkeys.pl 1.7 2011-01-04 23:47:13 tbox Exp + * From bind.keys 1.7 2011-01-03 23:45:07 each Exp */ #define TRUSTED_KEYS "\ # The bind.keys file is used to override the built-in DNSSEC trust anchors\n\ Index: src/external/bsd/bind/dist/bin/named/query.c diff -u src/external/bsd/bind/dist/bin/named/query.c:1.3 src/external/bsd/bind/dist/bin/named/query.c:1.4 --- src/external/bsd/bind/dist/bin/named/query.c:1.3 Fri May 6 15:28:19 2011 +++ src/external/bsd/bind/dist/bin/named/query.c Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: query.c,v 1.3 2011/05/06 15:28:19 taca Exp $ */ +/* $NetBSD: query.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: query.c,v 1.353.8.1 2011-02-03 07:39:02 marka Exp */ +/* Id: query.c,v 1.353.8.2.2.1 2011-04-27 17:06:27 each Exp */ /*! \file */ @@ -4043,8 +4043,8 @@ version = NULL; result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version); if (result != ISC_R_SUCCESS) { - *policyp = DNS_RPZ_POLICY_ERROR; - return (DNS_R_SERVFAIL); + *policyp = DNS_RPZ_POLICY_MISS; + return (DNS_R_NXDOMAIN); } dns_fixedname_init(&fixed); Index: src/external/bsd/bind/dist/bin/named/server.c diff -u src/external/bsd/bind/dist/bin/named/server.c:1.8 src/external/bsd/bind/dist/bin/named/server.c:1.9 --- src/external/bsd/bind/dist/bin/named/server.c:1.8 Wed Feb 16 03:46:46 2011 +++ src/external/bsd/bind/dist/bin/named/server.c Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: server.c,v 1.8 2011/02/16 03:46:46 christos Exp $ */ +/* $NetBSD: server.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: server.c,v 1.599.8.3 2011-02-03 12:17:49 tbox Exp */ +/* Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp */ /*! \file */ @@ -3478,6 +3478,7 @@ if (pview != NULL && pview->managed_keys != NULL) { dns_zone_attach(pview->managed_keys, &view->managed_keys); + dns_zone_setview(pview->managed_keys, view); dns_view_detach(&pview); return (ISC_R_SUCCESS); } Index: src/external/bsd/bind/dist/lib/dns/ncache.c diff -u src/external/bsd/bind/dist/lib/dns/ncache.c:1.2 src/external/bsd/bind/dist/lib/dns/ncache.c:1.3 --- src/external/bsd/bind/dist/lib/dns/ncache.c:1.2 Wed Feb 16 03:47:04 2011 +++ src/external/bsd/bind/dist/lib/dns/ncache.c Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: ncache.c,v 1.2 2011/02/16 03:47:04 christos Exp $ */ +/* $NetBSD: ncache.c,v 1.3 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp */ +/* Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp */ /*! \file */ @@ -188,7 +188,7 @@ */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); Index: src/external/bsd/bind/dist/lib/dns/xfrin.c diff -u src/external/bsd/bind/dist/lib/dns/xfrin.c:1.2 src/external/bsd/bind/dist/lib/dns/xfrin.c:1.3 --- src/external/bsd/bind/dist/lib/dns/xfrin.c:1.2 Wed Feb 16 03:47:05 2011 +++ src/external/bsd/bind/dist/lib/dns/xfrin.c Sun May 29 15:17:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xfrin.c,v 1.2 2011/02/16 03:47:05 christos Exp $ */ +/* $NetBSD: xfrin.c,v 1.3 2011/05/29 15:17:10 spz Exp $ */ /* * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: xfrin.c,v 1.166 2008-09-25 04:12:39 marka Exp */ +/* Id: xfrin.c,v 1.166.522.2 2011-02-19 01:21:27 each Exp */ /*! \file */ @@ -85,8 +85,9 @@ XFRST_IXFR_DEL, XFRST_IXFR_ADDSOA, XFRST_IXFR_ADD, + XFRST_IXFR_END, XFRST_AXFR, - XFRST_END + XFRST_AXFR_END } xfrin_state_t; /*% @@ -205,6 +206,7 @@ dns_rdata_t *rdata); static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr); static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr); +static isc_result_t axfr_finalize(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr); @@ -320,6 +322,16 @@ CHECK(axfr_apply(xfr)); CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private)); + + result = ISC_R_SUCCESS; + failure: + return (result); +} + +static isc_result_t +axfr_finalize(dns_xfrin_ctx_t *xfr) { + isc_result_t result; + CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE)); result = ISC_R_SUCCESS; @@ -543,7 +555,7 @@ isc_uint32_t soa_serial = dns_soa_getserial(rdata); if (soa_serial == xfr->end_serial) { CHECK(ixfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_IXFR_END; break; } else if (soa_serial != xfr->ixfr.current_serial) { xfrin_log(xfr, ISC_LOG_ERROR, @@ -574,11 +586,12 @@ CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); if (rdata->type == dns_rdatatype_soa) { CHECK(axfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_AXFR_END; break; } break; - case XFRST_END: + case XFRST_AXFR_END: + case XFRST_IXFR_END: FAIL(DNS_R_EXTRADATA); default: INSIST(0); @@ -1320,8 +1333,9 @@ } else if (dns_message_gettsigkey(msg) != NULL) { xfr->sincetsig++; - if (xfr->sincetsig > 100 || - xfr->nmsg == 0 || xfr->state == XFRST_END) + if (xfr->sincetsig > 100 || xfr->nmsg == 0 || + xfr->state == XFRST_AXFR_END || + xfr->state == XFRST_IXFR_END) { result = DNS_R_EXPECTEDTSIG; goto failure; @@ -1347,16 +1361,22 @@ dns_message_destroy(&msg); - if (xfr->state == XFRST_GOTSOA) { + switch (xfr->state) { + case XFRST_GOTSOA: xfr->reqtype = dns_rdatatype_axfr; xfr->state = XFRST_INITIALSOA; CHECK(xfrin_send_request(xfr)); - } else if (xfr->state == XFRST_END) { + break; + case XFRST_AXFR_END: + CHECK(axfr_finalize(xfr)); + /* FALLTHROUGH */ + case XFRST_IXFR_END: /* * Close the journal. */ if (xfr->ixfr.journal != NULL) dns_journal_destroy(&xfr->ixfr.journal); + /* * Inform the caller we succeeded. */ @@ -1370,7 +1390,8 @@ */ xfr->shuttingdown = ISC_TRUE; maybe_free(xfr); - } else { + break; + default: /* * Read the next message. */ Index: src/external/bsd/bind/dist/lib/dns/zone.c diff -u src/external/bsd/bind/dist/lib/dns/zone.c:1.2 src/external/bsd/bind/dist/lib/dns/zone.c:1.3 --- src/external/bsd/bind/dist/lib/dns/zone.c:1.2 Wed Feb 16 03:47:05 2011 +++ src/external/bsd/bind/dist/lib/dns/zone.c Sun May 29 15:17:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: zone.c,v 1.2 2011/02/16 03:47:05 christos Exp $ */ +/* $NetBSD: zone.c,v 1.3 2011/05/29 15:17:10 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: zone.c,v 1.582.8.2 2011-02-07 00:14:30 marka Exp */ +/* Id: zone.c,v 1.582.8.7 2011-02-18 23:23:08 each Exp */ /*! \file */ @@ -7918,7 +7918,8 @@ dns_zone_markdirty(dns_zone_t *zone) { LOCK_ZONE(zone); - set_resigntime(zone); /* XXXMPA make separate call back */ + if (zone->type == dns_zone_master) + set_resigntime(zone); /* XXXMPA make separate call back */ zone_needdump(zone, DNS_DUMP_DELAY); UNLOCK_ZONE(zone); } @@ -13605,7 +13606,8 @@ if (tuple->rdata.type != dns_rdatatype_dnskey) continue; - dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); + result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if ((dnskey.flags & (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH)) != DNS_KEYOWNER_ZONE) @@ -13651,13 +13653,14 @@ static isc_result_t sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, - dns_rdatatype_t type, dns_diff_t *diff) + dns_diff_t *diff, dns_diff_t *sig_diff) { isc_result_t result; isc_stdtime_t now, inception, soaexpire; isc_boolean_t check_ksk, keyset_kskonly; dst_key_t *zone_keys[MAXZONEKEYS]; unsigned int nkeys = 0, i; + dns_difftuple_t *tuple; result = find_zone_keys(zone, db, ver, zone->mctx, MAXZONEKEYS, zone_keys, &nkeys); @@ -13675,22 +13678,52 @@ check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK); keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY); - result = del_sigs(zone, db, ver, &zone->origin, type, diff, - zone_keys, nkeys, now); + /* + * See if update_sigs will update DNSKEY signature and if not + * cause them to sign so that so that newly activated keys + * are used. + */ + for (tuple = ISC_LIST_HEAD(diff->tuples); + tuple != NULL; + tuple = ISC_LIST_NEXT(tuple, link)) { + if (tuple->rdata.type == dns_rdatatype_dnskey && + dns_name_equal(&tuple->name, &zone->origin)) + break; + } + + if (tuple == NULL) { + result = del_sigs(zone, db, ver, &zone->origin, + dns_rdatatype_dnskey, sig_diff, + zone_keys, nkeys, now); + if (result != ISC_R_SUCCESS) { + dns_zone_log(zone, ISC_LOG_ERROR, + "sign_apex:del_sigs -> %s\n", + dns_result_totext(result)); + goto failure; + } + result = add_sigs(db, ver, &zone->origin, dns_rdatatype_dnskey, + sig_diff, zone_keys, nkeys, zone->mctx, + inception, soaexpire, check_ksk, + keyset_kskonly); + if (result != ISC_R_SUCCESS) { + dns_zone_log(zone, ISC_LOG_ERROR, + "sign_apex:add_sigs -> %s\n", + dns_result_totext(result)); + goto failure; + } + } + + result = update_sigs(diff, db, ver, zone_keys, nkeys, zone, + inception, soaexpire, now, check_ksk, + keyset_kskonly, sig_diff); + if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sign_apex:del_sigs -> %s\n", + "sign_apex:update_sigs -> %s\n", dns_result_totext(result)); goto failure; } - result = add_sigs(db, ver, &zone->origin, type, diff, zone_keys, - nkeys, zone->mctx, inception, soaexpire, - check_ksk, keyset_kskonly); - - if (result != ISC_R_SUCCESS) - dns_zone_log(zone, ISC_LOG_ERROR, "sign_apex:add_sigs -> %s\n", - dns_result_totext(result)); failure: for (i = 0; i < nkeys; i++) dst_key_free(&zone_keys[i]); @@ -13806,6 +13839,26 @@ return (ISC_FALSE); } +static isc_result_t +add_chains(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, + dns_diff_t *diff) +{ + dns_name_t *origin; + isc_boolean_t build_nsec3; + isc_result_t result; + + origin = dns_db_origin(db); + CHECK(dns_private_chains(db, ver, zone->privatetype, NULL, + &build_nsec3)); + if (build_nsec3) + CHECK(dns_nsec3_addnsec3sx(db, ver, origin, zone->minimum, + ISC_FALSE, zone->privatetype, diff)); + CHECK(updatesecure(db, ver, origin, zone->minimum, ISC_TRUE, diff)); + + failure: + return (result); +} + static void zone_rekey(dns_zone_t *zone) { isc_result_t result; @@ -13815,7 +13868,7 @@ dns_rdataset_t soaset, soasigs, keyset, keysigs; dns_dnsseckeylist_t dnskeys, keys, rmkeys; dns_dnsseckey_t *key; - dns_diff_t diff; + dns_diff_t diff, sig_diff; isc_boolean_t commit = ISC_FALSE, newactive = ISC_FALSE; isc_boolean_t fullsign; dns_ttl_t ttl = 3600; @@ -13838,6 +13891,7 @@ dir = dns_zone_getkeydirectory(zone); mctx = zone->mctx; dns_diff_init(mctx, &diff); + dns_diff_init(mctx, &sig_diff); CHECK(dns_zone_getdb(zone, &db)); CHECK(dns_db_newversion(db, &ver)); @@ -13906,14 +13960,12 @@ dnskey_sane(zone, db, ver, &diff)) { CHECK(dns_diff_apply(&diff, db, ver)); CHECK(clean_nsec3param(zone, db, ver, &diff)); - CHECK(sign_apex(zone, db, ver, dns_rdatatype_dnskey, - &diff)); CHECK(add_signing_records(db, zone->privatetype, ver, &diff)); CHECK(increment_soa_serial(db, ver, &diff, mctx)); - CHECK(sign_apex(zone, db, ver, dns_rdatatype_soa, - &diff)); - CHECK(zone_journal(zone, &diff, "zone_rekey")); + CHECK(add_chains(zone, db, ver, &diff)); + CHECK(sign_apex(zone, db, ver, &diff, &sig_diff)); + CHECK(zone_journal(zone, &sig_diff, "zone_rekey")); commit = ISC_TRUE; } } @@ -13938,7 +13990,7 @@ * Has a new key become active? If so, is it for * a new algorithm? */ - for (tuple = ISC_LIST_HEAD(diff.tuples); + for (tuple = ISC_LIST_HEAD(sig_diff.tuples); tuple != NULL; tuple = ISC_LIST_NEXT(tuple, link)) { dns_rdata_dnskey_t dnskey; @@ -14017,7 +14069,7 @@ * the full zone, but only with the newly-added * keys. */ - for (tuple = ISC_LIST_HEAD(diff.tuples); + for (tuple = ISC_LIST_HEAD(sig_diff.tuples); tuple != NULL; tuple = ISC_LIST_NEXT(tuple, link)) { dns_rdata_dnskey_t dnskey; @@ -14037,9 +14089,7 @@ keyid = dst_region_computeid(&r, algorithm); result = zone_signwithkey(zone, algorithm, - keyid, - ISC_TF(tuple->op == - DNS_DIFFOP_DEL)); + keyid, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_signwithkey failed: %s", @@ -14058,7 +14108,7 @@ * Cause the zone to add/delete NSEC3 chains for the * deferred NSEC3PARAM changes. */ - for (tuple = ISC_LIST_HEAD(diff.tuples); + for (tuple = ISC_LIST_HEAD(sig_diff.tuples); tuple != NULL; tuple = ISC_LIST_NEXT(tuple, link)) { unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE]; @@ -14072,7 +14122,8 @@ if (!dns_nsec3param_fromprivate(&tuple->rdata, &rdata, buf, sizeof(buf))) continue; - dns_rdata_tostruct(&rdata, &nsec3param, NULL); + result = dns_rdata_tostruct(&rdata, &nsec3param, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3param.flags == 0) continue; @@ -14131,6 +14182,7 @@ failure: dns_diff_clear(&diff); + dns_diff_clear(&sig_diff); clear_keylist(&dnskeys, mctx); clear_keylist(&keys, mctx); Index: src/external/bsd/bind/dist/lib/dns/rbtdb.c diff -u src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.7 src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.8 --- src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.7 Wed Feb 16 03:47:04 2011 +++ src/external/bsd/bind/dist/lib/dns/rbtdb.c Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: rbtdb.c,v 1.7 2011/02/16 03:47:04 christos Exp $ */ +/* $NetBSD: rbtdb.c,v 1.8 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: rbtdb.c,v 1.310 2011-01-13 09:53:04 marka Exp */ +/* Id: rbtdb.c,v 1.310.8.1 2011-02-18 23:23:08 each Exp */ /*! \file */ @@ -394,12 +394,15 @@ typedef struct { /* Unlocked. */ dns_db_t common; + /* Locks the data in this struct */ #if DNS_RBTDB_USERWLOCK isc_rwlock_t lock; #else isc_mutex_t lock; #endif + /* Locks the tree structure (prevents nodes appearing/disappearing) */ isc_rwlock_t tree_lock; + /* Locks for individual tree nodes */ unsigned int node_lock_count; rbtdb_nodelock_t * node_locks; dns_rbtnode_t * origin_node; @@ -7266,7 +7269,7 @@ REQUIRE(VALID_RBTDB(rbtdb)); - RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read); + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); for (i = 0; i < rbtdb->node_lock_count; i++) { NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_read); @@ -7302,7 +7305,7 @@ result = ISC_R_SUCCESS; unlock: - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); return (result); } @@ -7324,7 +7327,7 @@ header = rdataset->private3; header--; - RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); NODE_LOCK(&rbtdb->node_locks[node->locknum].lock, isc_rwlocktype_write); /* @@ -7338,7 +7341,7 @@ NODE_UNLOCK(&rbtdb->node_locks[node->locknum].lock, isc_rwlocktype_write); - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); } static dns_stats_t * Index: src/external/bsd/bind/dist/lib/dns/resolver.c diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.8 src/external/bsd/bind/dist/lib/dns/resolver.c:1.9 --- src/external/bsd/bind/dist/lib/dns/resolver.c:1.8 Wed Feb 16 03:47:04 2011 +++ src/external/bsd/bind/dist/lib/dns/resolver.c Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: resolver.c,v 1.8 2011/02/16 03:47:04 christos Exp $ */ +/* $NetBSD: resolver.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: resolver.c,v 1.428.6.3 2011-02-08 22:56:53 marka Exp */ +/* Id: resolver.c,v 1.428.6.5 2011-02-18 23:41:51 mgraff Exp */ /*! \file */ @@ -2366,77 +2366,13 @@ } /* - * Return 'bits' bits of random entropy from fctx->rand_buf, - * refreshing it by calling isc_random_get() whenever the requested - * number of bits is greater than the number in the buffer. - */ -static inline isc_uint32_t -random_bits(fetchctx_t *fctx, isc_uint32_t bits) { - isc_uint32_t ret = 0; - - REQUIRE(VALID_FCTX(fctx)); - REQUIRE(bits <= 32); - if (bits == 0) - return (0); - - if (bits >= fctx->rand_bits) { - /* if rand_bits == 0, this is unnecessary but harmless */ - bits -= fctx->rand_bits; - ret = fctx->rand_buf << bits; - - /* refresh random buffer now */ - isc_random_get(&fctx->rand_buf); - fctx->rand_bits = sizeof(fctx->rand_buf) * CHAR_BIT; - } - - if (bits > 0) { - isc_uint32_t mask = 0xffffffff; - if (bits < 32) { - mask = (1 << bits) - 1; - } - - ret |= fctx->rand_buf & mask; - fctx->rand_buf >>= bits; - fctx->rand_bits -= bits; - } - - return (ret); -} - -/* - * Add some random jitter to a server's RTT value so that the - * order of queries will be unpredictable. - * - * RTT values of servers which have been tried are fuzzed by 128 ms. - * Servers that haven't been tried yet have their RTT set to a random - * value between 0 ms and 7 ms; they should get to go first, but in - * unpredictable order. - */ -static inline void -randomize_srtt(fetchctx_t *fctx, dns_adbaddrinfo_t *ai) { - if (TRIED(ai)) { - ai->srtt >>= 10; /* convert to milliseconds, near enough */ - ai->srtt |= (ai->srtt & 0x80) | random_bits(fctx, 7); - ai->srtt <<= 10; /* now back to microseconds */ - } else - ai->srtt = random_bits(fctx, 3) << 10; -} - -/* - * Sort addrinfo list by RTT (with random jitter) + * Sort addrinfo list by RTT. */ static void -sort_adbfind(fetchctx_t *fctx, dns_adbfind_t *find) { +sort_adbfind(dns_adbfind_t *find) { dns_adbaddrinfo_t *best, *curr; dns_adbaddrinfolist_t sorted; - /* Add jitter to SRTT values */ - curr = ISC_LIST_HEAD(find->list); - while (curr != NULL) { - randomize_srtt(fctx, curr); - curr = ISC_LIST_NEXT(curr, publink); - } - /* Lame N^2 bubble sort. */ ISC_LIST_INIT(sorted); while (!ISC_LIST_EMPTY(find->list)) { @@ -2454,19 +2390,19 @@ } /* - * Sort a list of finds by server RTT (with random jitter) + * Sort a list of finds by server RTT. */ static void -sort_finds(fetchctx_t *fctx, dns_adbfindlist_t *findlist) { +sort_finds(dns_adbfindlist_t *findlist) { dns_adbfind_t *best, *curr; dns_adbfindlist_t sorted; dns_adbaddrinfo_t *addrinfo, *bestaddrinfo; - /* Sort each find's addrinfo list by SRTT (after adding jitter) */ + /* Sort each find's addrinfo list by SRTT. */ for (curr = ISC_LIST_HEAD(*findlist); curr != NULL; curr = ISC_LIST_NEXT(curr, publink)) - sort_adbfind(fctx, curr); + sort_adbfind(curr); /* Lame N^2 bubble sort. */ ISC_LIST_INIT(sorted); @@ -2851,8 +2787,8 @@ * We've found some addresses. We might still be looking * for more addresses. */ - sort_finds(fctx, &fctx->finds); - sort_finds(fctx, &fctx->altfinds); + sort_finds(&fctx->finds); + sort_finds(&fctx->altfinds); result = ISC_R_SUCCESS; } Index: src/external/bsd/bind/dist/lib/dns/validator.c diff -u src/external/bsd/bind/dist/lib/dns/validator.c:1.3 src/external/bsd/bind/dist/lib/dns/validator.c:1.4 --- src/external/bsd/bind/dist/lib/dns/validator.c:1.3 Wed Feb 16 03:47:05 2011 +++ src/external/bsd/bind/dist/lib/dns/validator.c Sun May 29 15:17:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: validator.c,v 1.3 2011/02/16 03:47:05 christos Exp $ */ +/* $NetBSD: validator.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: validator.c,v 1.197 2010-12-23 04:07:58 marka Exp */ +/* Id: validator.c,v 1.197.40.1 2011-05-27 00:57:31 each Exp */ #include <config.h> @@ -430,7 +430,8 @@ validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", rdataset->trust); + "keyset with trust %s", + dns_trust_totext(rdataset->trust)); /* * Only extract the dst key if the keyset is secure. */ @@ -507,7 +508,8 @@ validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "dsset with trust %d", rdataset->trust); + "dsset with trust %s", + dns_trust_totext(rdataset->trust)); val->dsset = &val->frdataset; result = validatezonekey(val); if (result != DNS_R_WAIT) @@ -662,7 +664,8 @@ validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", val->frdataset.trust); + "keyset with trust %s", + dns_trust_totext(val->frdataset.trust)); /* * Only extract the dst key if the keyset is secure. */ @@ -733,10 +736,10 @@ isc_boolean_t have_dsset; dns_name_t *name; validator_log(val, ISC_LOG_DEBUG(3), - "%s with trust %d", + "%s with trust %s", val->frdataset.type == dns_rdatatype_ds ? "dsset" : "ds non-existance", - val->frdataset.trust); + dns_trust_totext(val->frdataset.trust)); have_dsset = ISC_TF(val->frdataset.type == dns_rdatatype_ds); name = dns_fixedname_name(&val->fname); if ((val->attributes & VALATTR_INSECURITY) != 0 && @@ -1387,8 +1390,8 @@ INSIST(type == dns_rdatatype_dlv); if (val->frdataset.trust != dns_trust_secure) { validator_log(val, ISC_LOG_DEBUG(3), - "covering nsec: trust %u", - val->frdataset.trust); + "covering nsec: trust %s", + dns_trust_totext(val->frdataset.trust)); goto notfound; } result = dns_rdataset_first(&val->frdataset); @@ -1723,8 +1726,8 @@ * See if we've got the key used in the signature. */ validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", - val->frdataset.trust); + "keyset with trust %s", + dns_trust_totext(val->frdataset.trust)); result = get_dst_key(val, siginfo, val->keyset); if (result != ISC_R_SUCCESS) { /* @@ -2494,8 +2497,11 @@ " insecure DS"); return (DNS_R_MUSTBESECURE); } - markanswer(val, "validatezonekey (2)"); - return (ISC_R_SUCCESS); + if (val->view->dlv == NULL || DLVTRIED(val)) { + markanswer(val, "validatezonekey (2)"); + return (ISC_R_SUCCESS); + } + return (startfinddlvsep(val, val->event->name)); } /* @@ -3233,7 +3239,8 @@ validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "dlvset with trust %d", val->frdataset.trust); + "dlvset with trust %s", + dns_trust_totext(val->frdataset.trust)); dns_rdataset_clone(&val->frdataset, &val->dlv); val->havedlvsep = ISC_TRUE; if (dlv_algorithm_supported(val)) Index: src/external/bsd/bind/dist/lib/isc/unix/socket.c diff -u src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.5 src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.6 --- src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.5 Wed Feb 16 03:47:15 2011 +++ src/external/bsd/bind/dist/lib/isc/unix/socket.c Sun May 29 15:17:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: socket.c,v 1.5 2011/02/16 03:47:15 christos Exp $ */ +/* $NetBSD: socket.c,v 1.6 2011/05/29 15:17:10 spz Exp $ */ /* * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: socket.c,v 1.333.14.1 2011-02-03 05:50:07 marka Exp */ +/* Id: socket.c,v 1.333.14.2 2011-02-18 04:01:16 marka Exp */ /*! \file */ @@ -688,6 +688,8 @@ isc_sockstatscounter_fdwatchrecvfail }; +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) || \ + defined(USE_WATCHER_THREAD) static void manager_log(isc__socketmgr_t *sockmgr, isc_logcategory_t *category, isc_logmodule_t *module, int level, @@ -710,6 +712,7 @@ isc_log_write(isc_lctx, category, module, level, "sockmgr %p: %s", sockmgr, msgbuf); } +#endif static void socket_log(isc__socket_t *sock, isc_sockaddr_t *address, Index: src/external/bsd/bind/lib/libdns/shlib_version diff -u src/external/bsd/bind/lib/libdns/shlib_version:1.6 src/external/bsd/bind/lib/libdns/shlib_version:1.7 --- src/external/bsd/bind/lib/libdns/shlib_version:1.6 Wed Feb 16 03:47:21 2011 +++ src/external/bsd/bind/lib/libdns/shlib_version Sun May 29 15:17:10 2011 @@ -1,5 +1,5 @@ -# $NetBSD: shlib_version,v 1.6 2011/02/16 03:47:21 christos Exp $ +# $NetBSD: shlib_version,v 1.7 2011/05/29 15:17:10 spz Exp $ # Remember to update distrib/sets/lists/base/shl.* when changing # major=5 -minor=3 +minor=4 Index: src/external/bsd/bind/lib/libisc/shlib_version diff -u src/external/bsd/bind/lib/libisc/shlib_version:1.6 src/external/bsd/bind/lib/libisc/shlib_version:1.7 --- src/external/bsd/bind/lib/libisc/shlib_version:1.6 Wed Feb 16 03:47:21 2011 +++ src/external/bsd/bind/lib/libisc/shlib_version Sun May 29 15:17:10 2011 @@ -1,5 +1,5 @@ -# $NetBSD: shlib_version,v 1.6 2011/02/16 03:47:21 christos Exp $ +# $NetBSD: shlib_version,v 1.7 2011/05/29 15:17:10 spz Exp $ # Remember to update distrib/sets/lists/base/shl.* when changing # major=5 -minor=3 +minor=4