Module Name: src
Committed By: sborrill
Date: Thu Jul 7 12:44:27 UTC 2011
Modified Files:
src/dist/bind [netbsd-5]: CHANGES version
src/dist/bind/lib/dns [netbsd-5]: api masterdump.c message.c ncache.c
nsec3.c rbtdb.c rdataset.c resolver.c validator.c
src/dist/bind/lib/dns/include/dns [netbsd-5]: rdataset.h
src/distrib/sets/lists/base [netbsd-5]: md.amd64 md.sparc64 shl.mi
src/lib/libdns [netbsd-5]: shlib_version
Log Message:
Pull up the following revisions(s) (requested by spz in ticket #1647):
dist/bind/CHANGES: patch
dist/bind/version: patch
dist/bind/lib/dns/api: patch
dist/bind/lib/dns/masterdump.c: patch
dist/bind/lib/dns/message.c: patch
dist/bind/lib/dns/ncache.c: patch
dist/bind/lib/dns/nsec3.c: patch
dist/bind/lib/dns/rbtdb.c: patch
dist/bind/lib/dns/rdataset.c: patch
dist/bind/lib/dns/resolver.c: patch
dist/bind/lib/dns/validator.c: patch
dist/bind/lib/dns/include/dns/rdataset.h: patch
distrib/sets/lists/base/md.amd64: patch
distrib/sets/lists/base/md.sparc64: patch
distrib/sets/lists/base/shl.mi: patch
lib/libdns/shlib_version: patch
Update bind to 9.7.3-P3 fixing CVE-2011-2464
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.11.4.4 -r1.1.1.11.4.5 src/dist/bind/CHANGES \
src/dist/bind/version
cvs rdiff -u -r1.1.1.9.4.3 -r1.1.1.9.4.4 src/dist/bind/lib/dns/api
cvs rdiff -u -r1.1.1.6.4.3 -r1.1.1.6.4.4 src/dist/bind/lib/dns/masterdump.c
cvs rdiff -u -r1.5.4.3 -r1.5.4.4 src/dist/bind/lib/dns/message.c
cvs rdiff -u -r1.1.1.5.4.2 -r1.1.1.5.4.3 src/dist/bind/lib/dns/ncache.c
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 src/dist/bind/lib/dns/nsec3.c
cvs rdiff -u -r1.1.1.6.4.4 -r1.1.1.6.4.5 src/dist/bind/lib/dns/rbtdb.c
cvs rdiff -u -r1.1.1.5.4.3 -r1.1.1.5.4.4 src/dist/bind/lib/dns/rdataset.c
cvs rdiff -u -r1.8.4.4 -r1.8.4.5 src/dist/bind/lib/dns/resolver.c
cvs rdiff -u -r1.6.4.4 -r1.6.4.5 src/dist/bind/lib/dns/validator.c
cvs rdiff -u -r1.1.1.5.4.3 -r1.1.1.5.4.4 \
src/dist/bind/lib/dns/include/dns/rdataset.h
cvs rdiff -u -r1.25.2.11 -r1.25.2.12 src/distrib/sets/lists/base/md.amd64
cvs rdiff -u -r1.23.2.10 -r1.23.2.11 src/distrib/sets/lists/base/md.sparc64
cvs rdiff -u -r1.450.2.8 -r1.450.2.9 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.3.4.2 -r1.3.4.3 src/lib/libdns/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.11.4.4 src/dist/bind/CHANGES:1.1.1.11.4.5
--- src/dist/bind/CHANGES:1.1.1.11.4.4 Sat Jun 18 11:19:39 2011
+++ src/dist/bind/CHANGES Thu Jul 7 12:44:24 2011
@@ -1,3 +1,16 @@
+ --- 9.7.3-P3 released ---
+
+3124. [bug] Use an rdataset attribute flag to indicate
+ negative-cache records rather than using rrtype 0;
+ this will prevent problems when that rrtype is
+ used in actual DNS packets. [RT #24777]
+
+ --- 9.7.3-P2 released (withdrawn) ---
+
+3123. [security] Change #2912 exposed a latent flaw in
+ dns_rdataset_totext() that could cause named to
+ crash with an assertion failure. [RT #24777]
+
--- 9.7.3-P1 released ---
3121. [security] An authoritative name server sending a negative
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.11.4.4 src/dist/bind/version:1.1.1.11.4.5
--- src/dist/bind/version:1.1.1.11.4.4 Sat Jun 18 11:19:44 2011
+++ src/dist/bind/version Thu Jul 7 12:44:24 2011
@@ -1,4 +1,4 @@
-# Id: version,v 1.51.2.11.12.1 2011-05-27 00:43:04 each Exp
+# Id: version,v 1.51.2.11.12.3 2011-06-21 20:36:58 each Exp
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -7,4 +7,4 @@
MINORVER=7
PATCHVER=3
RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=3
Index: src/dist/bind/lib/dns/api
diff -u src/dist/bind/lib/dns/api:1.1.1.9.4.3 src/dist/bind/lib/dns/api:1.1.1.9.4.4
--- src/dist/bind/lib/dns/api:1.1.1.9.4.3 Sat Jun 18 11:20:26 2011
+++ src/dist/bind/lib/dns/api Thu Jul 7 12:44:24 2011
@@ -1,3 +1,3 @@
LIBINTERFACE = 70
-LIBREVISION = 3
+LIBREVISION = 4
LIBAGE = 1
Index: src/dist/bind/lib/dns/masterdump.c
diff -u src/dist/bind/lib/dns/masterdump.c:1.1.1.6.4.3 src/dist/bind/lib/dns/masterdump.c:1.1.1.6.4.4
--- src/dist/bind/lib/dns/masterdump.c:1.1.1.6.4.3 Sat Jun 18 11:20:28 2011
+++ src/dist/bind/lib/dns/masterdump.c Thu Jul 7 12:44:24 2011
@@ -1,7 +1,7 @@
-/* $NetBSD: masterdump.c,v 1.1.1.6.4.3 2011/06/18 11:20:28 bouyer Exp $ */
+/* $NetBSD: masterdump.c,v 1.1.1.6.4.4 2011/07/07 12:44:24 sborrill Exp $ */
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: masterdump.c,v 1.99.334.1 2011-05-27 00:43:06 each Exp */
+/* Id: masterdump.c,v 1.99.334.3 2011-06-21 20:14:46 each Exp */
/*! \file */
@@ -412,6 +412,7 @@
isc_uint32_t current_ttl;
isc_boolean_t current_ttl_valid;
dns_rdatatype_t type;
+ unsigned int type_start;
REQUIRE(DNS_RDATASET_VALID(rdataset));
@@ -493,29 +494,26 @@
* Type.
*/
- if (rdataset->type == 0) {
+ if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
type = rdataset->covers;
} else {
type = rdataset->type;
}
- {
- unsigned int type_start;
- INDENT_TO(type_column);
- type_start = target->used;
- if (rdataset->type == 0)
- RETERR(str_totext("\\-", target));
- result = dns_rdatatype_totext(type, target);
- if (result != ISC_R_SUCCESS)
- return (result);
- column += (target->used - type_start);
- }
+ INDENT_TO(type_column);
+ type_start = target->used;
+ if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
+ RETERR(str_totext("\\-", target));
+ result = dns_rdatatype_totext(type, target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ column += (target->used - type_start);
/*
* Rdata.
*/
INDENT_TO(rdata_column);
- if (rdataset->type == 0) {
+ if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
if (NXDOMAIN(rdataset))
RETERR(str_totext(";-$NXDOMAIN\n", target));
else
@@ -878,7 +876,7 @@
if (ctx->style.flags & DNS_STYLEFLAG_TRUST) {
fprintf(f, "; %s\n", dns_trust_totext(rds->trust));
}
- if (rds->type == 0 &&
+ if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) &&
(ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
/* Omit negative cache entries */
} else {
@@ -1043,7 +1041,7 @@
dns_rdataset_init(&rdataset);
dns_rdatasetiter_current(rdsiter, &rdataset);
- if (rdataset.type == 0 &&
+ if (((rdataset.attributes & DNS_RDATASETATTR_NEGATIVE) != 0) &&
(ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
/* Omit negative cache entries */
} else {
Index: src/dist/bind/lib/dns/message.c
diff -u src/dist/bind/lib/dns/message.c:1.5.4.3 src/dist/bind/lib/dns/message.c:1.5.4.4
--- src/dist/bind/lib/dns/message.c:1.5.4.3 Sat Jun 18 11:20:28 2011
+++ src/dist/bind/lib/dns/message.c Thu Jul 7 12:44:25 2011
@@ -1,7 +1,7 @@
-/* $NetBSD: message.c,v 1.5.4.3 2011/06/18 11:20:28 bouyer Exp $ */
+/* $NetBSD: message.c,v 1.5.4.4 2011/07/07 12:44:25 sborrill Exp $ */
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: message.c,v 1.249.10.4 2010-06-03 05:27:59 marka Exp */
+/* Id: message.c,v 1.249.10.4.36.3 2011-06-21 20:14:46 each Exp */
/*! \file */
@@ -2518,7 +2518,7 @@
isc_result_t
dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) {
- unsigned int first_section;
+ unsigned int clear_after;
isc_result_t result;
REQUIRE(DNS_MESSAGE_VALID(msg));
@@ -2530,15 +2530,15 @@
msg->opcode != dns_opcode_notify)
want_question_section = ISC_FALSE;
if (msg->opcode == dns_opcode_update)
- first_section = DNS_SECTION_ADDITIONAL;
+ clear_after = DNS_SECTION_PREREQUISITE;
else if (want_question_section) {
if (!msg->question_ok)
return (DNS_R_FORMERR);
- first_section = DNS_SECTION_ANSWER;
+ clear_after = DNS_SECTION_ANSWER;
} else
- first_section = DNS_SECTION_QUESTION;
+ clear_after = DNS_SECTION_QUESTION;
msg->from_to_wire = DNS_MESSAGE_INTENTRENDER;
- msgresetnames(msg, first_section);
+ msgresetnames(msg, clear_after);
msgresetopt(msg);
msgresetsigs(msg, ISC_TRUE);
msginitprivate(msg);
Index: src/dist/bind/lib/dns/ncache.c
diff -u src/dist/bind/lib/dns/ncache.c:1.1.1.5.4.2 src/dist/bind/lib/dns/ncache.c:1.1.1.5.4.3
--- src/dist/bind/lib/dns/ncache.c:1.1.1.5.4.2 Sat Jun 18 11:20:28 2011
+++ src/dist/bind/lib/dns/ncache.c Thu Jul 7 12:44:25 2011
@@ -1,7 +1,7 @@
-/* $NetBSD: ncache.c,v 1.1.1.5.4.2 2011/06/18 11:20:28 bouyer Exp $ */
+/* $NetBSD: ncache.c,v 1.1.1.5.4.3 2011/07/07 12:44:25 sborrill Exp $ */
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: ncache.c,v 1.43.268.7.46.1 2011-05-27 00:43:06 each Exp */
+/* Id: ncache.c,v 1.43.268.7.46.3 2011-06-21 20:14:46 each Exp */
/*! \file */
@@ -296,6 +296,7 @@
RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset)
== ISC_R_SUCCESS);
ncrdataset.trust = trust;
+ ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE;
if (message->rcode == dns_rcode_nxdomain)
ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN;
if (optout)
@@ -326,6 +327,7 @@
REQUIRE(rdataset != NULL);
REQUIRE(rdataset->type == 0);
+ REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
savedbuffer = *target;
count = 0;
@@ -554,6 +556,7 @@
REQUIRE(ncacherdataset != NULL);
REQUIRE(ncacherdataset->type == 0);
+ REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
REQUIRE(name != NULL);
REQUIRE(!dns_rdataset_isassociated(rdataset));
REQUIRE(type != dns_rdatatype_rrsig);
@@ -630,6 +633,7 @@
REQUIRE(ncacherdataset != NULL);
REQUIRE(ncacherdataset->type == 0);
+ REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
REQUIRE(name != NULL);
REQUIRE(!dns_rdataset_isassociated(rdataset));
@@ -729,6 +733,7 @@
REQUIRE(ncacherdataset != NULL);
REQUIRE(ncacherdataset->type == 0);
+ REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
REQUIRE(found != NULL);
REQUIRE(!dns_rdataset_isassociated(rdataset));
Index: src/dist/bind/lib/dns/nsec3.c
diff -u src/dist/bind/lib/dns/nsec3.c:1.1.2.2 src/dist/bind/lib/dns/nsec3.c:1.1.2.3
--- src/dist/bind/lib/dns/nsec3.c:1.1.2.2 Sat Jun 18 11:20:28 2011
+++ src/dist/bind/lib/dns/nsec3.c Thu Jul 7 12:44:25 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: nsec3.c,v 1.1.2.2 2011/06/18 11:20:28 bouyer Exp $ */
+/* $NetBSD: nsec3.c,v 1.1.2.3 2011/07/07 12:44:25 sborrill Exp $ */
/*
* Copyright (C) 2006, 2008-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: nsec3.c,v 1.13.6.6 2010-12-07 03:01:40 marka Exp */
+/* Id: nsec3.c,v 1.13.6.6.12.1 2011-06-21 20:14:47 each Exp */
#include <config.h>
@@ -1581,7 +1581,7 @@
isc_result_t
dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
- dns_rdatatype_t type, dns_diff_t *diff)
+ dns_rdatatype_t privatetype, dns_diff_t *diff)
{
dns_dbnode_t *node = NULL;
dns_rdata_nsec3param_t nsec3param;
@@ -1626,9 +1626,9 @@
dns_rdataset_disassociate(&rdataset);
try_private:
- if (type == 0)
+ if (privatetype == 0)
goto success;
- result = dns_db_findrdataset(db, node, version, type, 0, 0,
+ result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
&rdataset, NULL);
if (result == ISC_R_NOTFOUND)
goto success;
@@ -1683,7 +1683,7 @@
isc_result_t
dns_nsec3_activex(dns_db_t *db, dns_dbversion_t *version,
- isc_boolean_t complete, dns_rdatatype_t type,
+ isc_boolean_t complete, dns_rdatatype_t privatetype,
isc_boolean_t *answer)
{
dns_dbnode_t *node = NULL;
@@ -1732,11 +1732,11 @@
*answer = ISC_FALSE;
try_private:
- if (type == 0 || complete) {
+ if (privatetype == 0 || complete) {
*answer = ISC_FALSE;
return (ISC_R_SUCCESS);
}
- result = dns_db_findrdataset(db, node, version, type, 0, 0,
+ result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
&rdataset, NULL);
dns_db_detachnode(db, &node);
Index: src/dist/bind/lib/dns/rbtdb.c
diff -u src/dist/bind/lib/dns/rbtdb.c:1.1.1.6.4.4 src/dist/bind/lib/dns/rbtdb.c:1.1.1.6.4.5
--- src/dist/bind/lib/dns/rbtdb.c:1.1.1.6.4.4 Sat Jun 18 11:20:29 2011
+++ src/dist/bind/lib/dns/rbtdb.c Thu Jul 7 12:44:25 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: rbtdb.c,v 1.1.1.6.4.4 2011/06/18 11:20:29 bouyer Exp $ */
+/* $NetBSD: rbtdb.c,v 1.1.1.6.4.5 2011/07/07 12:44:25 sborrill Exp $ */
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: rbtdb.c,v 1.292.8.15 2010-12-02 05:07:03 marka Exp */
+/* Id: rbtdb.c,v 1.292.8.15.10.1 2011-06-21 20:14:47 each Exp */
/*! \file */
@@ -280,6 +280,7 @@
#define RDATASET_ATTR_RESIGN 0x0020
#define RDATASET_ATTR_STATCOUNT 0x0040
#define RDATASET_ATTR_OPTOUT 0x0080
+#define RDATASET_ATTR_NEGATIVE 0x0100
typedef struct acache_cbarg {
dns_rdatasetadditional_t type;
@@ -318,6 +319,8 @@
(((header)->attributes & RDATASET_ATTR_RESIGN) != 0)
#define OPTOUT(header) \
(((header)->attributes & RDATASET_ATTR_OPTOUT) != 0)
+#define NEGATIVE(header) \
+ (((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0)
#define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */
@@ -693,11 +696,13 @@
/* At the moment we count statistics only for cache DB */
INSIST(IS_CACHE(rbtdb));
- if (NXDOMAIN(header))
- statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;
- else if (RBTDB_RDATATYPE_BASE(header->type) == 0) {
- statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;
- base = RBTDB_RDATATYPE_EXT(header->type);
+ if (NEGATIVE(header)) {
+ if (NXDOMAIN(header))
+ statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;
+ else {
+ statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;
+ base = RBTDB_RDATATYPE_EXT(header->type);
+ }
} else
base = RBTDB_RDATATYPE_BASE(header->type);
@@ -2750,6 +2755,8 @@
rdataset->covers = RBTDB_RDATATYPE_EXT(header->type);
rdataset->ttl = header->rdh_ttl - now;
rdataset->trust = header->trust;
+ if (NEGATIVE(header))
+ rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE;
if (NXDOMAIN(header))
rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN;
if (OPTOUT(header))
@@ -4787,7 +4794,7 @@
*nodep = node;
}
- if (RBTDB_RDATATYPE_BASE(found->type) == 0) {
+ if (NEGATIVE(found)) {
/*
* We found a negative cache entry.
*/
@@ -5456,7 +5463,7 @@
if (found == NULL)
return (ISC_R_NOTFOUND);
- if (RBTDB_RDATATYPE_BASE(found->type) == 0) {
+ if (NEGATIVE(found)) {
/*
* We found a negative cache entry.
*/
@@ -5667,7 +5674,7 @@
negtype = 0;
if (rbtversion == NULL && !newheader_nx) {
rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
- if (rdtype == 0) {
+ if (NEGATIVE(newheader)) {
/*
* We're adding a negative cache entry.
*/
@@ -6209,6 +6216,8 @@
} else {
newheader->serial = 1;
newheader->resign = 0;
+ if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
+ newheader->attributes |= RDATASET_ATTR_NEGATIVE;
if ((rdataset->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
newheader->attributes |= RDATASET_ATTR_NXDOMAIN;
if ((rdataset->attributes & DNS_RDATASETATTR_OPTOUT) != 0)
@@ -7901,7 +7910,7 @@
type = header->type;
rdtype = RBTDB_RDATATYPE_BASE(header->type);
- if (rdtype == 0) {
+ if (NEGATIVE(header)) {
covers = RBTDB_RDATATYPE_EXT(header->type);
negtype = RBTDB_RDATATYPE_VALUE(covers, 0);
} else
Index: src/dist/bind/lib/dns/rdataset.c
diff -u src/dist/bind/lib/dns/rdataset.c:1.1.1.5.4.3 src/dist/bind/lib/dns/rdataset.c:1.1.1.5.4.4
--- src/dist/bind/lib/dns/rdataset.c:1.1.1.5.4.3 Sat Jun 18 11:20:29 2011
+++ src/dist/bind/lib/dns/rdataset.c Thu Jul 7 12:44:25 2011
@@ -1,7 +1,7 @@
-/* $NetBSD: rdataset.c,v 1.1.1.5.4.3 2011/06/18 11:20:29 bouyer Exp $ */
+/* $NetBSD: rdataset.c,v 1.1.1.5.4.4 2011/07/07 12:44:25 sborrill Exp $ */
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: rdataset.c,v 1.84.186.2.48.1 2011-05-27 00:43:06 each Exp */
+/* Id: rdataset.c,v 1.84.186.2.48.3 2011-06-21 20:14:47 each Exp */
/*! \file */
@@ -347,7 +347,7 @@
count = 1;
result = dns_rdataset_first(rdataset);
INSIST(result == ISC_R_NOMORE);
- } else if (rdataset->type == 0) {
+ } else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
/*
* This is a negative caching rdataset.
*/
Index: src/dist/bind/lib/dns/resolver.c
diff -u src/dist/bind/lib/dns/resolver.c:1.8.4.4 src/dist/bind/lib/dns/resolver.c:1.8.4.5
--- src/dist/bind/lib/dns/resolver.c:1.8.4.4 Sat Jun 18 11:20:29 2011
+++ src/dist/bind/lib/dns/resolver.c Thu Jul 7 12:44:25 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.8.4.4 2011/06/18 11:20:29 bouyer Exp $ */
+/* $NetBSD: resolver.c,v 1.8.4.5 2011/07/07 12:44:25 sborrill Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: resolver.c,v 1.413.14.15 2011-01-27 23:46:37 tbox Exp */
+/* Id: resolver.c,v 1.413.14.15.12.1 2011-06-21 20:14:47 each Exp */
/*! \file */
@@ -428,6 +428,7 @@
FCTX_ADDRINFO_TRIED) != 0)
#define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
+#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
static void destroy(dns_resolver_t *res);
static void empty_bucket(dns_resolver_t *res);
@@ -1052,7 +1053,7 @@
* Negative results must be indicated in event->result.
*/
if (dns_rdataset_isassociated(event->rdataset) &&
- event->rdataset->type == dns_rdatatype_none) {
+ NEGATIVE(event->rdataset)) {
INSIST(event->result == DNS_R_NCACHENXDOMAIN ||
event->result == DNS_R_NCACHENXRRSET);
}
@@ -4221,7 +4222,7 @@
if (result != ISC_R_SUCCESS &&
result != DNS_R_UNCHANGED)
goto noanswer_response;
- if (ardataset != NULL && ardataset->type == 0) {
+ if (ardataset != NULL && NEGATIVE(ardataset)) {
if (NXDOMAIN(ardataset))
eresult = DNS_R_NCACHENXDOMAIN;
else
@@ -4542,7 +4543,7 @@
result = ISC_R_SUCCESS;
if (!need_validation &&
ardataset != NULL &&
- ardataset->type == 0) {
+ NEGATIVE(ardataset)) {
/*
* The answer in the cache is
* better than the answer we
@@ -4672,7 +4673,7 @@
if (result == DNS_R_UNCHANGED) {
if (ANSWER(rdataset) &&
ardataset != NULL &&
- ardataset->type == 0) {
+ NEGATIVE(ardataset)) {
/*
* The answer in the cache is better
* than the answer we found, and is
@@ -4702,7 +4703,7 @@
* Negative results must be indicated in event->result.
*/
if (dns_rdataset_isassociated(event->rdataset) &&
- event->rdataset->type == dns_rdatatype_none) {
+ NEGATIVE(event->rdataset)) {
INSIST(eresult == DNS_R_NCACHENXDOMAIN ||
eresult == DNS_R_NCACHENXRRSET);
}
@@ -4782,7 +4783,7 @@
* care about whether it is DNS_R_NCACHENXDOMAIN or
* DNS_R_NCACHENXRRSET then extract it.
*/
- if (ardataset->type == 0) {
+ if (NEGATIVE(ardataset)) {
/*
* The cache data is a negative cache entry.
*/
Index: src/dist/bind/lib/dns/validator.c
diff -u src/dist/bind/lib/dns/validator.c:1.6.4.4 src/dist/bind/lib/dns/validator.c:1.6.4.5
--- src/dist/bind/lib/dns/validator.c:1.6.4.4 Sat Jun 18 11:20:30 2011
+++ src/dist/bind/lib/dns/validator.c Thu Jul 7 12:44:25 2011
@@ -1,7 +1,7 @@
-/* $NetBSD: validator.c,v 1.6.4.4 2011/06/18 11:20:30 bouyer Exp $ */
+/* $NetBSD: validator.c,v 1.6.4.5 2011/07/07 12:44:25 sborrill Exp $ */
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: validator.c,v 1.182.16.14.10.1 2011-05-27 00:43:06 each Exp */
+/* Id: validator.c,v 1.182.16.14.10.3 2011-06-21 20:14:47 each Exp */
#include <config.h>
@@ -131,6 +131,8 @@
#define SHUTDOWN(v) (((v)->attributes & VALATTR_SHUTDOWN) != 0)
#define CANCELED(v) (((v)->attributes & VALATTR_CANCELED) != 0)
+#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
+
static void
destroy(dns_validator_t *val);
@@ -736,7 +738,7 @@
name = dns_fixedname_name(&val->fname);
if ((val->attributes & VALATTR_INSECURITY) != 0 &&
val->frdataset.covers == dns_rdatatype_ds &&
- val->frdataset.type == 0 &&
+ NEGATIVE(&val->frdataset) &&
isdelegation(name, &val->frdataset, DNS_R_NCACHENXRRSET)) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
@@ -3968,7 +3970,7 @@
val->attributes |= VALATTR_NEEDNODATA;
result = nsecvalidate(val, ISC_FALSE);
} else if (val->event->rdataset != NULL &&
- val->event->rdataset->type == 0)
+ NEGATIVE(val->event->rdataset))
{
/*
* This is a nonexistence validation.
Index: src/dist/bind/lib/dns/include/dns/rdataset.h
diff -u src/dist/bind/lib/dns/include/dns/rdataset.h:1.1.1.5.4.3 src/dist/bind/lib/dns/include/dns/rdataset.h:1.1.1.5.4.4
--- src/dist/bind/lib/dns/include/dns/rdataset.h:1.1.1.5.4.3 Sat Jun 18 11:20:32 2011
+++ src/dist/bind/lib/dns/include/dns/rdataset.h Thu Jul 7 12:44:26 2011
@@ -1,7 +1,7 @@
-/* $NetBSD: rdataset.h,v 1.1.1.5.4.3 2011/06/18 11:20:32 bouyer Exp $ */
+/* $NetBSD: rdataset.h,v 1.1.1.5.4.4 2011/07/07 12:44:26 sborrill Exp $ */
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: rdataset.h,v 1.67.186.2.48.1 2011-05-27 00:43:06 each Exp */
+/* Id: rdataset.h,v 1.67.186.2.48.3 2011-06-21 20:14:48 each Exp */
#ifndef DNS_RDATASET_H
#define DNS_RDATASET_H 1
@@ -205,6 +205,7 @@
#define DNS_RDATASETATTR_RESIGN 0x00040000
#define DNS_RDATASETATTR_CLOSEST 0x00080000
#define DNS_RDATASETATTR_OPTOUT 0x00100000 /*%< OPTOUT proof */
+#define DNS_RDATASETATTR_NEGATIVE 0x00200000
/*%
* _OMITDNSSEC:
Index: src/distrib/sets/lists/base/md.amd64
diff -u src/distrib/sets/lists/base/md.amd64:1.25.2.11 src/distrib/sets/lists/base/md.amd64:1.25.2.12
--- src/distrib/sets/lists/base/md.amd64:1.25.2.11 Sat Jun 18 11:20:55 2011
+++ src/distrib/sets/lists/base/md.amd64 Thu Jul 7 12:44:26 2011
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.25.2.11 2011/06/18 11:20:55 bouyer Exp $
+# $NetBSD: md.amd64,v 1.25.2.12 2011/07/07 12:44:26 sborrill Exp $
./@MODULEDIR@/adosfs base-kernel-modules
./@MODULEDIR@/adosfs/adosfs.kmod base-kernel-modules
./@MODULEDIR@/azalia base-kernel-modules
@@ -142,7 +142,7 @@
./usr/lib/i386/libdes.so.7 base-compat-shlib compat,pic
./usr/lib/i386/libdes.so.7.0 base-compat-shlib compat,pic
./usr/lib/i386/libdns.so.1 base-compat-shlib compat,pic
-./usr/lib/i386/libdns.so.1.3 base-compat-shlib compat,pic
+./usr/lib/i386/libdns.so.1.4 base-compat-shlib compat,pic
./usr/lib/i386/libedit.so.2 base-compat-shlib compat,pic
./usr/lib/i386/libedit.so.2.11 base-compat-shlib compat,pic
./usr/lib/i386/libevent.so.2 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/md.sparc64
diff -u src/distrib/sets/lists/base/md.sparc64:1.23.2.10 src/distrib/sets/lists/base/md.sparc64:1.23.2.11
--- src/distrib/sets/lists/base/md.sparc64:1.23.2.10 Sat Jun 18 11:20:55 2011
+++ src/distrib/sets/lists/base/md.sparc64 Thu Jul 7 12:44:26 2011
@@ -1,4 +1,4 @@
-# $NetBSD: md.sparc64,v 1.23.2.10 2011/06/18 11:20:55 bouyer Exp $
+# $NetBSD: md.sparc64,v 1.23.2.11 2011/07/07 12:44:26 sborrill Exp $
./libexec/ld.elf_so-sparc base-sysutil-bin compat,pic
./sbin/edlabel base-sysutil-root
./usr/bin/fdformat base-util-bin
@@ -75,7 +75,7 @@
./usr/lib/sparc/libdes.so.7 base-compat-shlib compat,pic
./usr/lib/sparc/libdes.so.7.0 base-compat-shlib compat,pic
./usr/lib/sparc/libdns.so.1 base-compat-shlib compat,pic
-./usr/lib/sparc/libdns.so.1.3 base-compat-shlib compat,pic
+./usr/lib/sparc/libdns.so.1.4 base-compat-shlib compat,pic
./usr/lib/sparc/libedit.so.2 base-compat-shlib compat,pic
./usr/lib/sparc/libedit.so.2.11 base-compat-shlib compat,pic
./usr/lib/sparc/libevent.so.2 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.450.2.8 src/distrib/sets/lists/base/shl.mi:1.450.2.9
--- src/distrib/sets/lists/base/shl.mi:1.450.2.8 Sat Jun 18 11:20:55 2011
+++ src/distrib/sets/lists/base/shl.mi Thu Jul 7 12:44:26 2011
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.450.2.8 2011/06/18 11:20:55 bouyer Exp $
+# $NetBSD: shl.mi,v 1.450.2.9 2011/07/07 12:44:26 sborrill Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -64,7 +64,7 @@
./usr/lib/libcrypto.so.4.2 base-crypto-shlib crypto
./usr/lib/libcurses.so.6.4 base-sys-shlib
./usr/lib/libdes.so.7.0 base-crypto-shlib crypto
-./usr/lib/libdns.so.1.3 base-bind-shlib
+./usr/lib/libdns.so.1.4 base-bind-shlib
./usr/lib/libedit.so.2.11 base-sys-shlib
./usr/lib/libevent.so.2.1 base-sys-shlib
./usr/lib/libfetch.so.1.0 base-sys-shlib
Index: src/lib/libdns/shlib_version
diff -u src/lib/libdns/shlib_version:1.3.4.2 src/lib/libdns/shlib_version:1.3.4.3
--- src/lib/libdns/shlib_version:1.3.4.2 Sat Jun 18 11:20:55 2011
+++ src/lib/libdns/shlib_version Thu Jul 7 12:44:27 2011
@@ -1,5 +1,5 @@
-# $NetBSD: shlib_version,v 1.3.4.2 2011/06/18 11:20:55 bouyer Exp $
+# $NetBSD: shlib_version,v 1.3.4.3 2011/07/07 12:44:27 sborrill Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=1
-minor=3
+minor=4
