From ec7a9a52ec8b5dcef6164e34bf669755c674a8a0 Mon Sep 17 00:00:00 2001
From: erwin
Date: Fri, 4 Jan 2013 13:36:31 +0000
Subject: [PATCH] Update to 9.6-ESV-R8.
All security fixes were previously merged.
Release notes: https://kb.isc.org/article/AA-00795
Approved by: delphij (mentor)
git-svn-id: svn://svn.freebsd.org/base/stable/8@245039 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
contrib/bind9/CHANGES | 66 +-
contrib/bind9/README | 9 +-
contrib/bind9/bin/check/check-tool.c | 5 +-
contrib/bind9/bin/dig/nslookup.c | 9 +-
contrib/bind9/bin/dnssec/dnssec-signzone.c | 5 +-
contrib/bind9/bin/named/controlconf.c | 6 +-
contrib/bind9/bin/named/convertxsl.pl | 2 +-
contrib/bind9/bin/named/statschannel.c | 35 +
contrib/bind9/bin/nsupdate/nsupdate.c | 51 +-
contrib/bind9/configure.in | 4 +-
contrib/bind9/doc/Makefile.in | 2 +-
contrib/bind9/doc/arm/Bv9ARM-book.xml | 8 +-
contrib/bind9/doc/arm/Bv9ARM.ch06.html | 8 +-
contrib/bind9/doc/arm/Bv9ARM.pdf | 2251 ++++++++---------
contrib/bind9/doc/misc/format-options.pl | 2 +-
contrib/bind9/doc/misc/sort-options.pl | 2 +-
contrib/bind9/isc-config.sh.in | 2 +-
contrib/bind9/lib/Makefile.in | 2 +-
contrib/bind9/lib/bind9/api | 2 +-
contrib/bind9/lib/bind9/check.c | 70 +-
contrib/bind9/lib/bind9/include/Makefile.in | 2 +-
.../bind9/lib/bind9/include/bind9/Makefile.in | 2 +-
contrib/bind9/lib/dns/adb.c | 19 +-
contrib/bind9/lib/dns/api | 4 +-
contrib/bind9/lib/dns/dnssec.c | 100 +-
contrib/bind9/lib/dns/dst_openssl.h | 3 +
contrib/bind9/lib/dns/dst_parse.c | 35 +-
contrib/bind9/lib/dns/dst_result.c | 4 +-
contrib/bind9/lib/dns/include/Makefile.in | 2 +-
contrib/bind9/lib/dns/include/dns/dnssec.h | 13 +-
contrib/bind9/lib/dns/include/dns/iptable.h | 4 +-
contrib/bind9/lib/dns/include/dns/log.h | 2 +
contrib/bind9/lib/dns/include/dns/stats.h | 10 +
contrib/bind9/lib/dns/include/dns/zone.h | 2 +-
contrib/bind9/lib/dns/include/dst/Makefile.in | 2 +-
contrib/bind9/lib/dns/include/dst/result.h | 6 +-
contrib/bind9/lib/dns/log.c | 2 +
contrib/bind9/lib/dns/master.c | 48 +-
contrib/bind9/lib/dns/masterdump.c | 12 +-
contrib/bind9/lib/dns/openssl_link.c | 42 +-
contrib/bind9/lib/dns/openssldh_link.c | 16 +-
contrib/bind9/lib/dns/openssldsa_link.c | 34 +-
contrib/bind9/lib/dns/opensslrsa_link.c | 52 +-
contrib/bind9/lib/dns/rbtdb.c | 27 +-
contrib/bind9/lib/dns/rdata.c | 12 +-
contrib/bind9/lib/dns/spnego_asn1.pl | 2 +-
contrib/bind9/lib/dns/zone.c | 80 +-
contrib/bind9/lib/isc/alpha/Makefile.in | 2 +-
.../bind9/lib/isc/alpha/include/Makefile.in | 2 +-
.../lib/isc/alpha/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/api | 6 +-
contrib/bind9/lib/isc/ia64/Makefile.in | 2 +-
.../bind9/lib/isc/ia64/include/Makefile.in | 2 +-
.../lib/isc/ia64/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/include/Makefile.in | 2 +-
contrib/bind9/lib/isc/include/isc/file.h | 5 +-
contrib/bind9/lib/isc/mem.c | 6 +-
contrib/bind9/lib/isc/mips/Makefile.in | 2 +-
.../bind9/lib/isc/mips/include/Makefile.in | 2 +-
.../lib/isc/mips/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/noatomic/Makefile.in | 2 +-
.../lib/isc/noatomic/include/Makefile.in | 2 +-
.../lib/isc/noatomic/include/isc/Makefile.in | 2 +-
.../lib/isc/nothreads/include/Makefile.in | 2 +-
.../lib/isc/nothreads/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/powerpc/Makefile.in | 2 +-
.../bind9/lib/isc/powerpc/include/Makefile.in | 2 +-
.../lib/isc/powerpc/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/pthreads/condition.c | 11 +-
.../lib/isc/pthreads/include/Makefile.in | 2 +-
.../lib/isc/pthreads/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/sparc64/Makefile.in | 2 +-
.../bind9/lib/isc/sparc64/include/Makefile.in | 2 +-
.../lib/isc/sparc64/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/unix/file.c | 5 +
.../bind9/lib/isc/unix/include/Makefile.in | 2 +-
.../lib/isc/unix/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/x86_32/Makefile.in | 2 +-
.../bind9/lib/isc/x86_32/include/Makefile.in | 2 +-
.../lib/isc/x86_32/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isc/x86_64/Makefile.in | 2 +-
.../bind9/lib/isc/x86_64/include/Makefile.in | 2 +-
.../lib/isc/x86_64/include/isc/Makefile.in | 2 +-
contrib/bind9/lib/isccc/api | 2 +-
contrib/bind9/lib/isccc/cc.c | 6 +-
contrib/bind9/lib/isccc/include/Makefile.in | 2 +-
.../bind9/lib/isccc/include/isccc/Makefile.in | 2 +-
contrib/bind9/lib/isccfg/include/Makefile.in | 2 +-
.../lib/isccfg/include/isccfg/Makefile.in | 2 +-
contrib/bind9/lib/lwres/Makefile.in | 2 +-
contrib/bind9/lib/lwres/api | 2 +-
contrib/bind9/lib/lwres/getaddrinfo.c | 6 +-
contrib/bind9/lib/lwres/include/Makefile.in | 2 +-
.../bind9/lib/lwres/include/lwres/Makefile.in | 2 +-
contrib/bind9/lib/lwres/man/Makefile.in | 2 +-
contrib/bind9/lib/lwres/unix/Makefile.in | 2 +-
.../bind9/lib/lwres/unix/include/Makefile.in | 2 +-
.../lib/lwres/unix/include/lwres/Makefile.in | 2 +-
contrib/bind9/make/rules.in | 2 +-
contrib/bind9/version | 2 +-
100 files changed, 1791 insertions(+), 1424 deletions(-)
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES
index 19f47f7ac..6e8b138a8 100644
--- a/contrib/bind9/CHANGES
+++ b/contrib/bind9/CHANGES
@@ -1,33 +1,87 @@
- --- 9.6-ESV-R7-P4 released ---
+ --- 9.6-ESV-R8 released ---
3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
- --- 9.6-ESV-R7-P3 released ---
+3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
-3358 [bug] Fix declaration of fatal in bin/named/server.c
+ --- 9.6-ESV-R8rc1 released ---
+
+3369. [bug] nsupdate terminated unexpectedly in interactive mode
+ if built with readline support. [RT #29550]
+
+3368. [bug] and were not C++ safe.
+
+3366. [bug] Fixed Read-After-Write dependency violation for IA64
+ atomic operations. [RT #25181]
+
+3365. [bug] Removed spurious newlines from log messages in
+ zone.c [RT #30675]
+
+3362. [bug] Setting some option values to 0 in named.conf
+ could trigger an assertion failure on startup.
+ [RT #27730]
+
+3360. [bug] 'host -w' could die. [RT #18723]
+
+3359. [bug] An improperly-formed TSIG secret could cause a
+ memory leak. [RT #30607]
+
+3358. [bug] Fix declaration of fatal in bin/named/server.c
and bin/nsupdate/main.c. [RT #30522]
- --- 9.6-ESV-R7-P2 released ---
+3357. [port] Add support for libxml2-2.8.x [RT #30440]
+
+ --- 9.6-ESV-R8b1 released ---
+
+3354. [func] Improve OpenSSL error logging. [RT #29932]
+
+3352. [bug] Ensure that learned server attributes timeout of the
+ adb cache. [RT #29856]
+
+3350. [bug] Memory read overrun in isc___mem_reallocate if
+ ISC_MEM_DEBUGCTX memory debugging flag is set.
+ [RT #30240]
+
+3348. [bug] Prevent RRSIG data from being cached if a negative
+ record matching the covering type exists at a higher
+ trust level. Such data already can't be retrieved from
+ the cache since change 3218 -- this prevents it
+ being inserted into the cache as well. [RT #26809]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
-3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821]
+3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
- --- 9.6-ESV-R7-P1 released ---
+3337. [bug] Change #3294 broke support for the multiple keys
+ in controls. [RT #29694]
+
+3335. [func] nslookup: return a nonzero exit code when unable
+ to get an answer. [RT #29492]
+
+3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
+3329. [bug] Handle RRSIG signer-name case consistently: We
+ generate RRSIG records with the signer-name in
+ lower case. We accept them with any case, but if
+ they fail to validate, we try again in lower case.
+ [RT #27451]
+
+3328. [bug] Fixed inconsistent data checking in dst_parse.c.
+ [RT #29401]
+
--- 9.6-ESV-R7 released ---
3318. [tuning] Reduce the amount of work performed while holding a
diff --git a/contrib/bind9/README b/contrib/bind9/README
index 28750be5d..23c48ea5e 100644
--- a/contrib/bind9/README
+++ b/contrib/bind9/README
@@ -48,9 +48,14 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.6-ESV-R8 (Extended Support Version)
+
+ BIND 9.6-ESV-R8 includes several bug fixes and patches security
+ flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
+
BIND 9.6-ESV-R7 (Extended Support Version)
- BIND 9.4-ESV-R7 is a maintenance release, fixing bugs in BIND
+ BIND 9.6-ESV-R7 is a maintenance release, fixing bugs in BIND
9.6-ESV-R6.
BIND 9.6-ESV-R6 (Extended Support Version)
@@ -60,7 +65,7 @@ BIND 9.6-ESV-R6 (Extended Support Version)
BIND 9.6-ESV-R5 (Extended Support Version)
- BIND 9.4-ESV-R5 is a maintenance release, fixing bugs in BIND
+ BIND 9.6-ESV-R5 is a maintenance release, fixing bugs in BIND
9.6-ESV-R4.
BIND 9.6.3/BIND 9.6-ESV-R4
diff --git a/contrib/bind9/bin/check/check-tool.c b/contrib/bind9/bin/check/check-tool.c
index e936b7cc9..cb330f2f7 100644
--- a/contrib/bind9/bin/check/check-tool.c
+++ b/contrib/bind9/bin/check/check-tool.c
@@ -640,6 +640,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
{
isc_result_t result;
FILE *output = stdout;
+ const char *flags;
+
+ flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
if (debug) {
if (filename != NULL && strcmp(filename, "-") != 0)
@@ -650,7 +653,7 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
}
if (filename != NULL && strcmp(filename, "-") != 0) {
- result = isc_stdio_open(filename, "w+", &output);
+ result = isc_stdio_open(filename, flags, &output);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not open output "
diff --git a/contrib/bind9/bin/dig/nslookup.c b/contrib/bind9/bin/dig/nslookup.c
index e990055ab..ba586195e 100644
--- a/contrib/bind9/bin/dig/nslookup.c
+++ b/contrib/bind9/bin/dig/nslookup.c
@@ -57,6 +57,7 @@ static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
static isc_event_t *global_event = NULL;
+static int query_error = 1, print_error = 0;
static char domainopt[DNS_NAME_MAXTEXT];
@@ -406,6 +407,9 @@ isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char servtext[ISC_SOCKADDR_FORMATSIZE];
+ /* I've we've gotten this far, we've reached a server. */
+ query_error = 0;
+
debug("printmessage()");
isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
@@ -433,6 +437,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
(msg->rcode != dns_rcode_nxdomain) ? nametext :
query->lookup->textname, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
+
+ /* the lookup failed */
+ print_error |= 1;
return (ISC_R_SUCCESS);
}
@@ -903,5 +910,5 @@ main(int argc, char **argv) {
destroy_libs();
isc_app_finish();
- return (0);
+ return (query_error | print_error);
}
diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.c b/contrib/bind9/bin/dnssec/dnssec-signzone.c
index 92697100c..4b2188699 100644
--- a/contrib/bind9/bin/dnssec/dnssec-signzone.c
+++ b/contrib/bind9/bin/dnssec/dnssec-signzone.c
@@ -3520,7 +3520,10 @@ main(int argc, char *argv[]) {
check_result(result, "isc_file_mktemplate");
fp = NULL;
- result = isc_file_openunique(tempfile, &fp);
+ if (outputformat == dns_masterformat_text)
+ result = isc_file_openunique(tempfile, &fp);
+ else
+ result = isc_file_bopenunique(tempfile, &fp);
if (result != ISC_R_SUCCESS)
fatal("failed to open temporary output file: %s",
isc_result_totext(result));
diff --git a/contrib/bind9/bin/named/controlconf.c b/contrib/bind9/bin/named/controlconf.c
index 2dede0d59..98f2f1516 100644
--- a/contrib/bind9/bin/named/controlconf.c
+++ b/contrib/bind9/bin/named/controlconf.c
@@ -373,8 +373,10 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (result == ISC_R_SUCCESS)
break;
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
- log_invalid(&conn->ccmsg, result);
- goto cleanup;
+ if (result != ISCCC_R_BADAUTH) {
+ log_invalid(&conn->ccmsg, result);
+ goto cleanup;
+ }
}
if (key == NULL) {
diff --git a/contrib/bind9/bin/named/convertxsl.pl b/contrib/bind9/bin/named/convertxsl.pl
index 87550b3c1..f3553685b 100755
--- a/contrib/bind9/bin/named/convertxsl.pl
+++ b/contrib/bind9/bin/named/convertxsl.pl
@@ -1,6 +1,6 @@
#!/usr/bin/env perl
#
-# Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2006-2008, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
diff --git a/contrib/bind9/bin/named/statschannel.c b/contrib/bind9/bin/named/statschannel.c
index 633ccc964..8d8f108fd 100644
--- a/contrib/bind9/bin/named/statschannel.c
+++ b/contrib/bind9/bin/named/statschannel.c
@@ -84,16 +84,19 @@ static const char *nsstats_desc[dns_nsstatscounter_max];
static const char *resstats_desc[dns_resstatscounter_max];
static const char *zonestats_desc[dns_zonestatscounter_max];
static const char *sockstats_desc[isc_sockstatscounter_max];
+static const char *dnssecstats_desc[dns_dnssecstats_max];
#ifdef HAVE_LIBXML2
static const char *nsstats_xmldesc[dns_nsstatscounter_max];
static const char *resstats_xmldesc[dns_resstatscounter_max];
static const char *zonestats_xmldesc[dns_zonestatscounter_max];
static const char *sockstats_xmldesc[isc_sockstatscounter_max];
+static const char *dnssecstats_xmldesc[dns_dnssecstats_max];
#else
#define nsstats_xmldesc NULL
#define resstats_xmldesc NULL
#define zonestats_xmldesc NULL
#define sockstats_xmldesc NULL
+#define dnssecstats_xmldesc NULL
#endif /* HAVE_LIBXML2 */
#define TRY0(a) do { xmlrc = (a); if (xmlrc < 0) goto error; } while(0)
@@ -107,6 +110,7 @@ static int nsstats_index[dns_nsstatscounter_max];
static int resstats_index[dns_resstatscounter_max];
static int zonestats_index[dns_zonestatscounter_max];
static int sockstats_index[isc_sockstatscounter_max];
+static int dnssecstats_index[dns_dnssecstats_max];
static inline void
set_desc(int counter, int maxcounter, const char *fdesc, const char **fdescs,
@@ -408,6 +412,33 @@ init_desc(void) {
"FDwatchRecvErr");
INSIST(i == isc_sockstatscounter_max);
+ /* Initialize DNSSEC statistics */
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ dnssecstats_desc[i] = NULL;
+#ifdef HAVE_LIBXML2
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ dnssecstats_xmldesc[i] = NULL;
+#endif
+
+#define SET_DNSSECSTATDESC(counterid, desc, xmldesc) \
+ do { \
+ set_desc(dns_dnssecstats_ ## counterid, \
+ dns_dnssecstats_max, \
+ desc, dnssecstats_desc,\
+ xmldesc, dnssecstats_xmldesc); \
+ dnssecstats_index[i++] = dns_dnssecstats_ ## counterid; \
+ } while (0)
+
+ i = 0;
+ SET_DNSSECSTATDESC(asis, "dnssec validation success with signer "
+ "\"as is\"", "DNSSECasis");
+ SET_DNSSECSTATDESC(downcase, "dnssec validation success with signer "
+ "lower cased", "DNSSECdowncase");
+ SET_DNSSECSTATDESC(wildcard, "dnssec validation of wildcard signature",
+ "DNSSECwild");
+ SET_DNSSECSTATDESC(fail, "dnssec validation failures", "DNSSECfail");
+ INSIST(i == dns_dnssecstats_max);
+
/* Sanity check */
for (i = 0; i < dns_nsstatscounter_max; i++)
INSIST(nsstats_desc[i] != NULL);
@@ -417,6 +448,8 @@ init_desc(void) {
INSIST(zonestats_desc[i] != NULL);
for (i = 0; i < isc_sockstatscounter_max; i++)
INSIST(sockstats_desc[i] != NULL);
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ INSIST(dnssecstats_desc[i] != NULL);
#ifdef HAVE_LIBXML2
for (i = 0; i < dns_nsstatscounter_max; i++)
INSIST(nsstats_xmldesc[i] != NULL);
@@ -426,6 +459,8 @@ init_desc(void) {
INSIST(zonestats_xmldesc[i] != NULL);
for (i = 0; i < isc_sockstatscounter_max; i++)
INSIST(sockstats_xmldesc[i] != NULL);
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ INSIST(dnssecstats_xmldesc[i] != NULL);
#endif
}
diff --git a/contrib/bind9/bin/nsupdate/nsupdate.c b/contrib/bind9/bin/nsupdate/nsupdate.c
index 3c10b5fd3..5f25d3c68 100644
--- a/contrib/bind9/bin/nsupdate/nsupdate.c
+++ b/contrib/bind9/bin/nsupdate/nsupdate.c
@@ -1011,7 +1011,7 @@ parse_name(char **cmdlinep, dns_message_t *msg, dns_name_t **namep) {
isc_buffer_t source;
word = nsu_strsep(cmdlinep, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read owner name\n");
return (STATUS_SYNTAX);
}
@@ -1044,6 +1044,11 @@ parse_rdata(char **cmdlinep, dns_rdataclass_t rdataclass,
dns_rdatacallbacks_t callbacks;
isc_result_t result;
+ if (cmdline == NULL) {
+ rdata->flags = DNS_RDATA_UPDATE;
+ return (STATUS_MORE);
+ }
+
while (*cmdline != 0 && isspace((unsigned char)*cmdline))
cmdline++;
@@ -1110,7 +1115,7 @@ make_prereq(char *cmdline, isc_boolean_t ispositive, isc_boolean_t isrrset) {
*/
if (isrrset) {
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read class or type\n");
goto failure;
}
@@ -1126,7 +1131,7 @@ make_prereq(char *cmdline, isc_boolean_t ispositive, isc_boolean_t isrrset) {
* Now read the type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read type\n");
goto failure;
}
@@ -1200,7 +1205,7 @@ evaluate_prereq(char *cmdline) {
ddebug("evaluate_prereq()");
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read operation code\n");
return (STATUS_SYNTAX);
}
@@ -1229,14 +1234,14 @@ evaluate_server(char *cmdline) {
long port;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read server name\n");
return (STATUS_SYNTAX);
}
server = word;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0)
+ if (word == NULL || *word == 0)
port = DNSDEFAULTPORT;
else {
char *endp;
@@ -1270,14 +1275,14 @@ evaluate_local(char *cmdline) {
struct in6_addr in6;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read server name\n");
return (STATUS_SYNTAX);
}
local = word;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0)
+ if (word == NULL || *word == 0)
port = 0;
else {
char *endp;
@@ -1326,7 +1331,7 @@ evaluate_key(char *cmdline) {
char *n;
namestr = nsu_strsep(&cmdline, " \t\r\n");
- if (*namestr == 0) {
+ if (namestr == NULL || *namestr == 0) {
fprintf(stderr, "could not read key name\n");
return (STATUS_SYNTAX);
}
@@ -1350,7 +1355,7 @@ evaluate_key(char *cmdline) {
}
secretstr = nsu_strsep(&cmdline, "\r\n");
- if (*secretstr == 0) {
+ if (secretstr == NULL || *secretstr == 0) {
fprintf(stderr, "could not read key secret\n");
return (STATUS_SYNTAX);
}
@@ -1391,7 +1396,7 @@ evaluate_zone(char *cmdline) {
isc_result_t result;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read zone name\n");
return (STATUS_SYNTAX);
}
@@ -1418,7 +1423,7 @@ evaluate_realm(char *cmdline) {
char buf[1024];
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (realm != NULL)
isc_mem_free(mctx, realm);
realm = NULL;
@@ -1443,7 +1448,7 @@ evaluate_ttl(char *cmdline) {
isc_uint32_t ttl;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not ttl\n");
return (STATUS_SYNTAX);
}
@@ -1477,7 +1482,7 @@ evaluate_class(char *cmdline) {
dns_rdataclass_t rdclass;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read class name\n");
return (STATUS_SYNTAX);
}
@@ -1535,7 +1540,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) {
* If it's a delete, ignore a TTL if present (for compatibility).
*/
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (!isdelete) {
fprintf(stderr, "could not read owner ttl\n");
goto failure;
@@ -1576,7 +1581,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) {
*/
word = nsu_strsep(&cmdline, " \t\r\n");
parseclass:
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (isdelete) {
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
@@ -1600,7 +1605,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) {
* Now read the type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (isdelete) {
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
@@ -1680,7 +1685,7 @@ evaluate_update(char *cmdline) {
ddebug("evaluate_update()");
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read operation code\n");
return (STATUS_SYNTAX);
}
@@ -1770,6 +1775,7 @@ get_next_command(void) {
char cmdlinebuf[MAXCMD];
char *cmdline;
char *word;
+ char *tmp;
ddebug("get_next_command()");
if (interactive) {
@@ -1781,11 +1787,18 @@ get_next_command(void) {
isc_app_unblock();
if (cmdline == NULL)
return (STATUS_QUIT);
+
+ /*
+ * Normalize input by removing any eol.
+ */
+ tmp = cmdline;
+ (void)nsu_strsep(&tmp, "\r\n");
+
word = nsu_strsep(&cmdline, " \t\r\n");
if (feof(input))
return (STATUS_QUIT);
- if (*word == 0)
+ if (word == NULL || *word == 0)
return (STATUS_SEND);
if (word[0] == ';')
return (STATUS_MORE);
diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in
index c4ff207b7..7e7079b62 100644
--- a/contrib/bind9/configure.in
+++ b/contrib/bind9/configure.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -1090,7 +1090,7 @@ case "$use_libxml2" in
;;
auto|yes)
case X`(xml2-config --version) 2>/dev/null` in
- X2.[[67]].*)
+ X2.[[678]].*)
libxml2_libs=`xml2-config --libs`
libxml2_cflags=`xml2-config --cflags`
;;
diff --git a/contrib/bind9/doc/Makefile.in b/contrib/bind9/doc/Makefile.in
index 14d35bc2d..29074b53f 100644
--- a/contrib/bind9/doc/Makefile.in
+++ b/contrib/bind9/doc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
diff --git a/contrib/bind9/doc/arm/Bv9ARM-book.xml b/contrib/bind9/doc/arm/Bv9ARM-book.xml
index 5719397b9..5d179d9a0 100644
--- a/contrib/bind9/doc/arm/Bv9ARM-book.xml
+++ b/contrib/bind9/doc/arm/Bv9ARM-book.xml
@@ -9978,7 +9978,7 @@ zone zone_name classidentity
+ is specified in the identity
field.
@@ -9995,7 +9995,7 @@ zone zone_name classidentity field.
+ identity field.
@@ -10010,7 +10010,7 @@ zone zone_name classidentity
+ is specified in the identity
field.
@@ -10027,7 +10027,7 @@ zone zone_name classidentity field.
+ identity field.
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch06.html b/contrib/bind9/doc/arm/Bv9ARM.ch06.html
index 679c08722..ba8f9e10d 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.ch06.html
+++ b/contrib/bind9/doc/arm/Bv9ARM.ch06.html
@@ -6255,7 +6255,7 @@ zone zone_name
[<replacable>identity</replacable>
+ is specified in the identity
field.
@@ -6273,7 +6273,7 @@ zone zone_name
[<replacable>identity</replacable> field.
+ identity
field.
@@ -6289,7 +6289,7 @@ zone zone_name
[<replacable>identity</replacable>
+ is specified in the identity
field.
@@ -6307,7 +6307,7 @@ zone zone_name
[<replacable>identity</replacable> field.
+ identity
field.
diff --git a/contrib/bind9/doc/arm/Bv9ARM.pdf b/contrib/bind9/doc/arm/Bv9ARM.pdf
index 87a4d6f16..60a5658c1 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.pdf
+++ b/contrib/bind9/doc/arm/Bv9ARM.pdf
@@ -7371,29 +7371,19 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1521 0 obj <<
-/Length 3196
-/Filter /FlateDecode
->>
-stream
-xÚÍZ[oÛÈ~÷¯}áÜ}Úì®f/Ië¸XÙ