From f93f010473bc89b6dc6f4c1e06679bf04c44d7ee Mon Sep 17 00:00:00 2001 From: spz Date: Sun, 29 May 2011 15:17:08 +0000 Subject: [PATCH] merge 9.8.0-P2: - fixes CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named - fixes CVE-2011-0414: bind lockup during IXFR - return a more correct error in case of policy violation bump version of libdns and libisc --- distrib/sets/lists/base/ad.mips64eb | 8 +- distrib/sets/lists/base/ad.mips64el | 10 +- distrib/sets/lists/base/md.amd64 | 6 +- distrib/sets/lists/base/md.sparc64 | 6 +- distrib/sets/lists/base/shl.mi | 6 +- external/bsd/bind/dist/bin/named/bind.keys.h | 6 +- external/bsd/bind/dist/bin/named/query.c | 8 +- external/bsd/bind/dist/bin/named/server.c | 5 +- external/bsd/bind/dist/lib/dns/ncache.c | 6 +- external/bsd/bind/dist/lib/dns/rbtdb.c | 15 +-- external/bsd/bind/dist/lib/dns/resolver.c | 84 ++------------- external/bsd/bind/dist/lib/dns/validator.c | 35 +++--- external/bsd/bind/dist/lib/dns/xfrin.c | 43 ++++++-- external/bsd/bind/dist/lib/dns/zone.c | 108 ++++++++++++++----- external/bsd/bind/dist/lib/isc/unix/socket.c | 7 +- external/bsd/bind/lib/libdns/shlib_version | 4 +- external/bsd/bind/lib/libisc/shlib_version | 4 +- 17 files changed, 192 insertions(+), 169 deletions(-) diff --git a/distrib/sets/lists/base/ad.mips64eb b/distrib/sets/lists/base/ad.mips64eb index ea8cd664b3af..09eb14226f53 100644 --- a/distrib/sets/lists/base/ad.mips64eb +++ b/distrib/sets/lists/base/ad.mips64eb @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64eb,v 1.49 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: ad.mips64eb,v 1.50 2011/05/29 15:17:08 spz Exp $ ./libexec/ld.elf_so-64 base-compat-shlib compat,pic ./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -82,7 +82,7 @@ ./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic @@ -116,7 +116,7 @@ ./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic @@ -393,7 +393,7 @@ ./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic diff --git a/distrib/sets/lists/base/ad.mips64el b/distrib/sets/lists/base/ad.mips64el index 5d01104242ba..dbb7da7a7708 100644 --- a/distrib/sets/lists/base/ad.mips64el +++ b/distrib/sets/lists/base/ad.mips64el @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64el,v 1.47 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: ad.mips64el,v 1.48 2011/05/29 15:17:09 spz Exp $ ./libexec/ld.elf_so-64 base-compat-shlib compat,pic ./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -82,7 +82,7 @@ ./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic @@ -116,7 +116,7 @@ ./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic @@ -359,7 +359,7 @@ ./usr/lib/o32/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/o32/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/o32/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/o32/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/o32/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/o32/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/o32/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/o32/libdwarf.so.0 base-compat-shlib compat,pic @@ -393,7 +393,7 @@ ./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic diff --git a/distrib/sets/lists/base/md.amd64 b/distrib/sets/lists/base/md.amd64 index 70aad3d843e7..35f36a40794e 100644 --- a/distrib/sets/lists/base/md.amd64 +++ b/distrib/sets/lists/base/md.amd64 @@ -1,4 +1,4 @@ -# $NetBSD: md.amd64,v 1.122 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: md.amd64,v 1.123 2011/05/29 15:17:09 spz Exp $ ./dev/lms0 base-obsolete obsolete ./dev/mms0 base-obsolete obsolete ./libexec/ld.elf_so-i386 base-sys-shlib compat,pic @@ -85,7 +85,7 @@ ./usr/lib/i386/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/i386/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/i386/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/i386/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/i386/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/i386/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/i386/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/i386/libdwarf.so.0 base-compat-shlib compat,pic @@ -121,7 +121,7 @@ ./usr/lib/i386/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/i386/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/i386/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/i386/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/i386/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/i386/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/i386/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/i386/libisccfg.so.5 base-compat-shlib compat,pic diff --git a/distrib/sets/lists/base/md.sparc64 b/distrib/sets/lists/base/md.sparc64 index facd056963fb..9796b1fc0464 100644 --- a/distrib/sets/lists/base/md.sparc64 +++ b/distrib/sets/lists/base/md.sparc64 @@ -1,4 +1,4 @@ -# $NetBSD: md.sparc64,v 1.115 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: md.sparc64,v 1.116 2011/05/29 15:17:09 spz Exp $ ./libexec/ld.elf_so-sparc base-sysutil-bin compat,pic ./sbin/edlabel base-sysutil-root obsolete ./usr/bin/fdformat base-util-bin @@ -83,7 +83,7 @@ ./usr/lib/sparc/libdm.so.0 base-compat-shlib compat,pic ./usr/lib/sparc/libdm.so.0.0 base-compat-shlib compat,pic ./usr/lib/sparc/libdns.so.5 base-compat-shlib compat,pic -./usr/lib/sparc/libdns.so.5.3 base-compat-shlib compat,pic +./usr/lib/sparc/libdns.so.5.4 base-compat-shlib compat,pic ./usr/lib/sparc/libdns_sd.so.0 base-compat-shlib compat,pic,mdns ./usr/lib/sparc/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns ./usr/lib/sparc/libdwarf.so.0 base-compat-shlib compat,pic @@ -117,7 +117,7 @@ ./usr/lib/sparc/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/sparc/libipsec.so.3.0 base-compat-shlib compat,pic ./usr/lib/sparc/libisc.so.5 base-compat-shlib compat,pic -./usr/lib/sparc/libisc.so.5.3 base-compat-shlib compat,pic +./usr/lib/sparc/libisc.so.5.4 base-compat-shlib compat,pic ./usr/lib/sparc/libisccc.so.5 base-compat-shlib compat,pic ./usr/lib/sparc/libisccc.so.5.3 base-compat-shlib compat,pic ./usr/lib/sparc/libisccfg.so.5 base-compat-shlib compat,pic diff --git a/distrib/sets/lists/base/shl.mi b/distrib/sets/lists/base/shl.mi index a2e2052d5e21..cfbdd0152dc5 100644 --- a/distrib/sets/lists/base/shl.mi +++ b/distrib/sets/lists/base/shl.mi @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.584 2011/05/13 01:56:27 christos Exp $ +# $NetBSD: shl.mi,v 1.585 2011/05/29 15:17:09 spz Exp $ # # Note: Don't delete entries from here - mark them as "obsolete" instead, # unless otherwise stated below. @@ -198,7 +198,7 @@ ./usr/lib/libdm.so.0.0 base-sys-shlib ./usr/lib/libdns.so base-bind-shlib ./usr/lib/libdns.so.5 base-bind-shlib -./usr/lib/libdns.so.5.3 base-bind-shlib +./usr/lib/libdns.so.5.4 base-bind-shlib ./usr/lib/libdns_sd.so base-mdns-shlib mdns ./usr/lib/libdns_sd.so.0 base-mdns-shlib mdns ./usr/lib/libdns_sd.so.0.0 base-mdns-shlib mdns @@ -255,7 +255,7 @@ ./usr/lib/libipsec.so.3.0 base-net-shlib ./usr/lib/libisc.so base-bind-shlib ./usr/lib/libisc.so.5 base-bind-shlib -./usr/lib/libisc.so.5.3 base-bind-shlib +./usr/lib/libisc.so.5.4 base-bind-shlib ./usr/lib/libisccc.so base-bind-shlib ./usr/lib/libisccc.so.5 base-bind-shlib ./usr/lib/libisccc.so.5.3 base-bind-shlib diff --git a/external/bsd/bind/dist/bin/named/bind.keys.h b/external/bsd/bind/dist/bin/named/bind.keys.h index f50b3ec29470..83cb57a0560b 100644 --- a/external/bsd/bind/dist/bin/named/bind.keys.h +++ b/external/bsd/bind/dist/bin/named/bind.keys.h @@ -1,8 +1,8 @@ -/* $NetBSD: bind.keys.h,v 1.2 2011/02/16 03:46:45 christos Exp $ */ +/* $NetBSD: bind.keys.h,v 1.3 2011/05/29 15:17:09 spz Exp $ */ /* - * Generated by bindkeys.pl 1.7 2011/01/04 23:47:13 tbox Exp - * From bind.keys 1.7 2011/01/03 23:45:07 each Exp + * Generated by bindkeys.pl 1.7 2011-01-04 23:47:13 tbox Exp + * From bind.keys 1.7 2011-01-03 23:45:07 each Exp */ #define TRUSTED_KEYS "\ # The bind.keys file is used to override the built-in DNSSEC trust anchors\n\ diff --git a/external/bsd/bind/dist/bin/named/query.c b/external/bsd/bind/dist/bin/named/query.c index 6cc11f045cbc..c8e6f6db982e 100644 --- a/external/bsd/bind/dist/bin/named/query.c +++ b/external/bsd/bind/dist/bin/named/query.c @@ -1,4 +1,4 @@ -/* $NetBSD: query.c,v 1.3 2011/05/06 15:28:19 taca Exp $ */ +/* $NetBSD: query.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: query.c,v 1.353.8.1 2011-02-03 07:39:02 marka Exp */ +/* Id: query.c,v 1.353.8.2.2.1 2011-04-27 17:06:27 each Exp */ /*! \file */ @@ -4043,8 +4043,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, version = NULL; result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version); if (result != ISC_R_SUCCESS) { - *policyp = DNS_RPZ_POLICY_ERROR; - return (DNS_R_SERVFAIL); + *policyp = DNS_RPZ_POLICY_MISS; + return (DNS_R_NXDOMAIN); } dns_fixedname_init(&fixed); diff --git a/external/bsd/bind/dist/bin/named/server.c b/external/bsd/bind/dist/bin/named/server.c index e3dbf4021d1f..c7cbf21c52a3 100644 --- a/external/bsd/bind/dist/bin/named/server.c +++ b/external/bsd/bind/dist/bin/named/server.c @@ -1,4 +1,4 @@ -/* $NetBSD: server.c,v 1.8 2011/02/16 03:46:46 christos Exp $ */ +/* $NetBSD: server.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: server.c,v 1.599.8.3 2011-02-03 12:17:49 tbox Exp */ +/* Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp */ /*! \file */ @@ -3478,6 +3478,7 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) { if (pview != NULL && pview->managed_keys != NULL) { dns_zone_attach(pview->managed_keys, &view->managed_keys); + dns_zone_setview(pview->managed_keys, view); dns_view_detach(&pview); return (ISC_R_SUCCESS); } diff --git a/external/bsd/bind/dist/lib/dns/ncache.c b/external/bsd/bind/dist/lib/dns/ncache.c index 974868ac7f7b..4017b14a3c98 100644 --- a/external/bsd/bind/dist/lib/dns/ncache.c +++ b/external/bsd/bind/dist/lib/dns/ncache.c @@ -1,4 +1,4 @@ -/* $NetBSD: ncache.c,v 1.2 2011/02/16 03:47:04 christos Exp $ */ +/* $NetBSD: ncache.c,v 1.3 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp */ +/* Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp */ /*! \file */ @@ -188,7 +188,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); diff --git a/external/bsd/bind/dist/lib/dns/rbtdb.c b/external/bsd/bind/dist/lib/dns/rbtdb.c index 8e9520aa94e1..5260251fac28 100644 --- a/external/bsd/bind/dist/lib/dns/rbtdb.c +++ b/external/bsd/bind/dist/lib/dns/rbtdb.c @@ -1,4 +1,4 @@ -/* $NetBSD: rbtdb.c,v 1.7 2011/02/16 03:47:04 christos Exp $ */ +/* $NetBSD: rbtdb.c,v 1.8 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: rbtdb.c,v 1.310 2011-01-13 09:53:04 marka Exp */ +/* Id: rbtdb.c,v 1.310.8.1 2011-02-18 23:23:08 each Exp */ /*! \file */ @@ -394,12 +394,15 @@ typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t; typedef struct { /* Unlocked. */ dns_db_t common; + /* Locks the data in this struct */ #if DNS_RBTDB_USERWLOCK isc_rwlock_t lock; #else isc_mutex_t lock; #endif + /* Locks the tree structure (prevents nodes appearing/disappearing) */ isc_rwlock_t tree_lock; + /* Locks for individual tree nodes */ unsigned int node_lock_count; rbtdb_nodelock_t * node_locks; dns_rbtnode_t * origin_node; @@ -7266,7 +7269,7 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, REQUIRE(VALID_RBTDB(rbtdb)); - RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read); + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); for (i = 0; i < rbtdb->node_lock_count; i++) { NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_read); @@ -7302,7 +7305,7 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, result = ISC_R_SUCCESS; unlock: - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); return (result); } @@ -7324,7 +7327,7 @@ resigned(dns_db_t *db, dns_rdataset_t *rdataset, dns_dbversion_t *version) header = rdataset->private3; header--; - RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); NODE_LOCK(&rbtdb->node_locks[node->locknum].lock, isc_rwlocktype_write); /* @@ -7338,7 +7341,7 @@ resigned(dns_db_t *db, dns_rdataset_t *rdataset, dns_dbversion_t *version) NODE_UNLOCK(&rbtdb->node_locks[node->locknum].lock, isc_rwlocktype_write); - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); } static dns_stats_t * diff --git a/external/bsd/bind/dist/lib/dns/resolver.c b/external/bsd/bind/dist/lib/dns/resolver.c index 5fbf84f03127..fa2b86ed9d9c 100644 --- a/external/bsd/bind/dist/lib/dns/resolver.c +++ b/external/bsd/bind/dist/lib/dns/resolver.c @@ -1,4 +1,4 @@ -/* $NetBSD: resolver.c,v 1.8 2011/02/16 03:47:04 christos Exp $ */ +/* $NetBSD: resolver.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: resolver.c,v 1.428.6.3 2011-02-08 22:56:53 marka Exp */ +/* Id: resolver.c,v 1.428.6.5 2011-02-18 23:41:51 mgraff Exp */ /*! \file */ @@ -2366,77 +2366,13 @@ add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason, } /* - * Return 'bits' bits of random entropy from fctx->rand_buf, - * refreshing it by calling isc_random_get() whenever the requested - * number of bits is greater than the number in the buffer. - */ -static inline isc_uint32_t -random_bits(fetchctx_t *fctx, isc_uint32_t bits) { - isc_uint32_t ret = 0; - - REQUIRE(VALID_FCTX(fctx)); - REQUIRE(bits <= 32); - if (bits == 0) - return (0); - - if (bits >= fctx->rand_bits) { - /* if rand_bits == 0, this is unnecessary but harmless */ - bits -= fctx->rand_bits; - ret = fctx->rand_buf << bits; - - /* refresh random buffer now */ - isc_random_get(&fctx->rand_buf); - fctx->rand_bits = sizeof(fctx->rand_buf) * CHAR_BIT; - } - - if (bits > 0) { - isc_uint32_t mask = 0xffffffff; - if (bits < 32) { - mask = (1 << bits) - 1; - } - - ret |= fctx->rand_buf & mask; - fctx->rand_buf >>= bits; - fctx->rand_bits -= bits; - } - - return (ret); -} - -/* - * Add some random jitter to a server's RTT value so that the - * order of queries will be unpredictable. - * - * RTT values of servers which have been tried are fuzzed by 128 ms. - * Servers that haven't been tried yet have their RTT set to a random - * value between 0 ms and 7 ms; they should get to go first, but in - * unpredictable order. - */ -static inline void -randomize_srtt(fetchctx_t *fctx, dns_adbaddrinfo_t *ai) { - if (TRIED(ai)) { - ai->srtt >>= 10; /* convert to milliseconds, near enough */ - ai->srtt |= (ai->srtt & 0x80) | random_bits(fctx, 7); - ai->srtt <<= 10; /* now back to microseconds */ - } else - ai->srtt = random_bits(fctx, 3) << 10; -} - -/* - * Sort addrinfo list by RTT (with random jitter) + * Sort addrinfo list by RTT. */ static void -sort_adbfind(fetchctx_t *fctx, dns_adbfind_t *find) { +sort_adbfind(dns_adbfind_t *find) { dns_adbaddrinfo_t *best, *curr; dns_adbaddrinfolist_t sorted; - /* Add jitter to SRTT values */ - curr = ISC_LIST_HEAD(find->list); - while (curr != NULL) { - randomize_srtt(fctx, curr); - curr = ISC_LIST_NEXT(curr, publink); - } - /* Lame N^2 bubble sort. */ ISC_LIST_INIT(sorted); while (!ISC_LIST_EMPTY(find->list)) { @@ -2454,19 +2390,19 @@ sort_adbfind(fetchctx_t *fctx, dns_adbfind_t *find) { } /* - * Sort a list of finds by server RTT (with random jitter) + * Sort a list of finds by server RTT. */ static void -sort_finds(fetchctx_t *fctx, dns_adbfindlist_t *findlist) { +sort_finds(dns_adbfindlist_t *findlist) { dns_adbfind_t *best, *curr; dns_adbfindlist_t sorted; dns_adbaddrinfo_t *addrinfo, *bestaddrinfo; - /* Sort each find's addrinfo list by SRTT (after adding jitter) */ + /* Sort each find's addrinfo list by SRTT. */ for (curr = ISC_LIST_HEAD(*findlist); curr != NULL; curr = ISC_LIST_NEXT(curr, publink)) - sort_adbfind(fctx, curr); + sort_adbfind(curr); /* Lame N^2 bubble sort. */ ISC_LIST_INIT(sorted); @@ -2851,8 +2787,8 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) { * We've found some addresses. We might still be looking * for more addresses. */ - sort_finds(fctx, &fctx->finds); - sort_finds(fctx, &fctx->altfinds); + sort_finds(&fctx->finds); + sort_finds(&fctx->altfinds); result = ISC_R_SUCCESS; } diff --git a/external/bsd/bind/dist/lib/dns/validator.c b/external/bsd/bind/dist/lib/dns/validator.c index a2383e1b5018..9e3d8bb388f9 100644 --- a/external/bsd/bind/dist/lib/dns/validator.c +++ b/external/bsd/bind/dist/lib/dns/validator.c @@ -1,4 +1,4 @@ -/* $NetBSD: validator.c,v 1.3 2011/02/16 03:47:05 christos Exp $ */ +/* $NetBSD: validator.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */ /* * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: validator.c,v 1.197 2010-12-23 04:07:58 marka Exp */ +/* Id: validator.c,v 1.197.40.1 2011-05-27 00:57:31 each Exp */ #include @@ -430,7 +430,8 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", rdataset->trust); + "keyset with trust %s", + dns_trust_totext(rdataset->trust)); /* * Only extract the dst key if the keyset is secure. */ @@ -507,7 +508,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "dsset with trust %d", rdataset->trust); + "dsset with trust %s", + dns_trust_totext(rdataset->trust)); val->dsset = &val->frdataset; result = validatezonekey(val); if (result != DNS_R_WAIT) @@ -662,7 +664,8 @@ keyvalidated(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", val->frdataset.trust); + "keyset with trust %s", + dns_trust_totext(val->frdataset.trust)); /* * Only extract the dst key if the keyset is secure. */ @@ -733,10 +736,10 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { isc_boolean_t have_dsset; dns_name_t *name; validator_log(val, ISC_LOG_DEBUG(3), - "%s with trust %d", + "%s with trust %s", val->frdataset.type == dns_rdatatype_ds ? "dsset" : "ds non-existance", - val->frdataset.trust); + dns_trust_totext(val->frdataset.trust)); have_dsset = ISC_TF(val->frdataset.type == dns_rdatatype_ds); name = dns_fixedname_name(&val->fname); if ((val->attributes & VALATTR_INSECURITY) != 0 && @@ -1387,8 +1390,8 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { INSIST(type == dns_rdatatype_dlv); if (val->frdataset.trust != dns_trust_secure) { validator_log(val, ISC_LOG_DEBUG(3), - "covering nsec: trust %u", - val->frdataset.trust); + "covering nsec: trust %s", + dns_trust_totext(val->frdataset.trust)); goto notfound; } result = dns_rdataset_first(&val->frdataset); @@ -1723,8 +1726,8 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { * See if we've got the key used in the signature. */ validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", - val->frdataset.trust); + "keyset with trust %s", + dns_trust_totext(val->frdataset.trust)); result = get_dst_key(val, siginfo, val->keyset); if (result != ISC_R_SUCCESS) { /* @@ -2494,8 +2497,11 @@ validatezonekey(dns_validator_t *val) { " insecure DS"); return (DNS_R_MUSTBESECURE); } - markanswer(val, "validatezonekey (2)"); - return (ISC_R_SUCCESS); + if (val->view->dlv == NULL || DLVTRIED(val)) { + markanswer(val, "validatezonekey (2)"); + return (ISC_R_SUCCESS); + } + return (startfinddlvsep(val, val->event->name)); } /* @@ -3233,7 +3239,8 @@ dlvvalidated(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "dlvset with trust %d", val->frdataset.trust); + "dlvset with trust %s", + dns_trust_totext(val->frdataset.trust)); dns_rdataset_clone(&val->frdataset, &val->dlv); val->havedlvsep = ISC_TRUE; if (dlv_algorithm_supported(val)) diff --git a/external/bsd/bind/dist/lib/dns/xfrin.c b/external/bsd/bind/dist/lib/dns/xfrin.c index 508f471399e3..7b7a9c940263 100644 --- a/external/bsd/bind/dist/lib/dns/xfrin.c +++ b/external/bsd/bind/dist/lib/dns/xfrin.c @@ -1,4 +1,4 @@ -/* $NetBSD: xfrin.c,v 1.2 2011/02/16 03:47:05 christos Exp $ */ +/* $NetBSD: xfrin.c,v 1.3 2011/05/29 15:17:10 spz Exp $ */ /* * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: xfrin.c,v 1.166 2008-09-25 04:12:39 marka Exp */ +/* Id: xfrin.c,v 1.166.522.2 2011-02-19 01:21:27 each Exp */ /*! \file */ @@ -85,8 +85,9 @@ typedef enum { XFRST_IXFR_DEL, XFRST_IXFR_ADDSOA, XFRST_IXFR_ADD, + XFRST_IXFR_END, XFRST_AXFR, - XFRST_END + XFRST_AXFR_END } xfrin_state_t; /*% @@ -205,6 +206,7 @@ static isc_result_t axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_rdata_t *rdata); static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr); static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr); +static isc_result_t axfr_finalize(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr); @@ -320,6 +322,16 @@ axfr_commit(dns_xfrin_ctx_t *xfr) { CHECK(axfr_apply(xfr)); CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private)); + + result = ISC_R_SUCCESS; + failure: + return (result); +} + +static isc_result_t +axfr_finalize(dns_xfrin_ctx_t *xfr) { + isc_result_t result; + CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE)); result = ISC_R_SUCCESS; @@ -543,7 +555,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, isc_uint32_t soa_serial = dns_soa_getserial(rdata); if (soa_serial == xfr->end_serial) { CHECK(ixfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_IXFR_END; break; } else if (soa_serial != xfr->ixfr.current_serial) { xfrin_log(xfr, ISC_LOG_ERROR, @@ -574,11 +586,12 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); if (rdata->type == dns_rdatatype_soa) { CHECK(axfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_AXFR_END; break; } break; - case XFRST_END: + case XFRST_AXFR_END: + case XFRST_IXFR_END: FAIL(DNS_R_EXTRADATA); default: INSIST(0); @@ -1320,8 +1333,9 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { } else if (dns_message_gettsigkey(msg) != NULL) { xfr->sincetsig++; - if (xfr->sincetsig > 100 || - xfr->nmsg == 0 || xfr->state == XFRST_END) + if (xfr->sincetsig > 100 || xfr->nmsg == 0 || + xfr->state == XFRST_AXFR_END || + xfr->state == XFRST_IXFR_END) { result = DNS_R_EXPECTEDTSIG; goto failure; @@ -1347,16 +1361,22 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { dns_message_destroy(&msg); - if (xfr->state == XFRST_GOTSOA) { + switch (xfr->state) { + case XFRST_GOTSOA: xfr->reqtype = dns_rdatatype_axfr; xfr->state = XFRST_INITIALSOA; CHECK(xfrin_send_request(xfr)); - } else if (xfr->state == XFRST_END) { + break; + case XFRST_AXFR_END: + CHECK(axfr_finalize(xfr)); + /* FALLTHROUGH */ + case XFRST_IXFR_END: /* * Close the journal. */ if (xfr->ixfr.journal != NULL) dns_journal_destroy(&xfr->ixfr.journal); + /* * Inform the caller we succeeded. */ @@ -1370,7 +1390,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { */ xfr->shuttingdown = ISC_TRUE; maybe_free(xfr); - } else { + break; + default: /* * Read the next message. */ diff --git a/external/bsd/bind/dist/lib/dns/zone.c b/external/bsd/bind/dist/lib/dns/zone.c index dd1e4d9de06e..6b634e45a384 100644 --- a/external/bsd/bind/dist/lib/dns/zone.c +++ b/external/bsd/bind/dist/lib/dns/zone.c @@ -1,4 +1,4 @@ -/* $NetBSD: zone.c,v 1.2 2011/02/16 03:47:05 christos Exp $ */ +/* $NetBSD: zone.c,v 1.3 2011/05/29 15:17:10 spz Exp $ */ /* * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: zone.c,v 1.582.8.2 2011-02-07 00:14:30 marka Exp */ +/* Id: zone.c,v 1.582.8.7 2011-02-18 23:23:08 each Exp */ /*! \file */ @@ -7918,7 +7918,8 @@ void dns_zone_markdirty(dns_zone_t *zone) { LOCK_ZONE(zone); - set_resigntime(zone); /* XXXMPA make separate call back */ + if (zone->type == dns_zone_master) + set_resigntime(zone); /* XXXMPA make separate call back */ zone_needdump(zone, DNS_DUMP_DELAY); UNLOCK_ZONE(zone); } @@ -13605,7 +13606,8 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, if (tuple->rdata.type != dns_rdatatype_dnskey) continue; - dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); + result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if ((dnskey.flags & (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH)) != DNS_KEYOWNER_ZONE) @@ -13651,13 +13653,14 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, static isc_result_t sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, - dns_rdatatype_t type, dns_diff_t *diff) + dns_diff_t *diff, dns_diff_t *sig_diff) { isc_result_t result; isc_stdtime_t now, inception, soaexpire; isc_boolean_t check_ksk, keyset_kskonly; dst_key_t *zone_keys[MAXZONEKEYS]; unsigned int nkeys = 0, i; + dns_difftuple_t *tuple; result = find_zone_keys(zone, db, ver, zone->mctx, MAXZONEKEYS, zone_keys, &nkeys); @@ -13675,22 +13678,52 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK); keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY); - result = del_sigs(zone, db, ver, &zone->origin, type, diff, - zone_keys, nkeys, now); + /* + * See if update_sigs will update DNSKEY signature and if not + * cause them to sign so that so that newly activated keys + * are used. + */ + for (tuple = ISC_LIST_HEAD(diff->tuples); + tuple != NULL; + tuple = ISC_LIST_NEXT(tuple, link)) { + if (tuple->rdata.type == dns_rdatatype_dnskey && + dns_name_equal(&tuple->name, &zone->origin)) + break; + } + + if (tuple == NULL) { + result = del_sigs(zone, db, ver, &zone->origin, + dns_rdatatype_dnskey, sig_diff, + zone_keys, nkeys, now); + if (result != ISC_R_SUCCESS) { + dns_zone_log(zone, ISC_LOG_ERROR, + "sign_apex:del_sigs -> %s\n", + dns_result_totext(result)); + goto failure; + } + result = add_sigs(db, ver, &zone->origin, dns_rdatatype_dnskey, + sig_diff, zone_keys, nkeys, zone->mctx, + inception, soaexpire, check_ksk, + keyset_kskonly); + if (result != ISC_R_SUCCESS) { + dns_zone_log(zone, ISC_LOG_ERROR, + "sign_apex:add_sigs -> %s\n", + dns_result_totext(result)); + goto failure; + } + } + + result = update_sigs(diff, db, ver, zone_keys, nkeys, zone, + inception, soaexpire, now, check_ksk, + keyset_kskonly, sig_diff); + if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sign_apex:del_sigs -> %s\n", + "sign_apex:update_sigs -> %s\n", dns_result_totext(result)); goto failure; } - result = add_sigs(db, ver, &zone->origin, type, diff, zone_keys, - nkeys, zone->mctx, inception, soaexpire, - check_ksk, keyset_kskonly); - - if (result != ISC_R_SUCCESS) - dns_zone_log(zone, ISC_LOG_ERROR, "sign_apex:add_sigs -> %s\n", - dns_result_totext(result)); failure: for (i = 0; i < nkeys; i++) dst_key_free(&zone_keys[i]); @@ -13806,6 +13839,26 @@ signed_with_alg(dns_rdataset_t *rdataset, dns_secalg_t alg) { return (ISC_FALSE); } +static isc_result_t +add_chains(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, + dns_diff_t *diff) +{ + dns_name_t *origin; + isc_boolean_t build_nsec3; + isc_result_t result; + + origin = dns_db_origin(db); + CHECK(dns_private_chains(db, ver, zone->privatetype, NULL, + &build_nsec3)); + if (build_nsec3) + CHECK(dns_nsec3_addnsec3sx(db, ver, origin, zone->minimum, + ISC_FALSE, zone->privatetype, diff)); + CHECK(updatesecure(db, ver, origin, zone->minimum, ISC_TRUE, diff)); + + failure: + return (result); +} + static void zone_rekey(dns_zone_t *zone) { isc_result_t result; @@ -13815,7 +13868,7 @@ zone_rekey(dns_zone_t *zone) { dns_rdataset_t soaset, soasigs, keyset, keysigs; dns_dnsseckeylist_t dnskeys, keys, rmkeys; dns_dnsseckey_t *key; - dns_diff_t diff; + dns_diff_t diff, sig_diff; isc_boolean_t commit = ISC_FALSE, newactive = ISC_FALSE; isc_boolean_t fullsign; dns_ttl_t ttl = 3600; @@ -13838,6 +13891,7 @@ zone_rekey(dns_zone_t *zone) { dir = dns_zone_getkeydirectory(zone); mctx = zone->mctx; dns_diff_init(mctx, &diff); + dns_diff_init(mctx, &sig_diff); CHECK(dns_zone_getdb(zone, &db)); CHECK(dns_db_newversion(db, &ver)); @@ -13906,14 +13960,12 @@ zone_rekey(dns_zone_t *zone) { dnskey_sane(zone, db, ver, &diff)) { CHECK(dns_diff_apply(&diff, db, ver)); CHECK(clean_nsec3param(zone, db, ver, &diff)); - CHECK(sign_apex(zone, db, ver, dns_rdatatype_dnskey, - &diff)); CHECK(add_signing_records(db, zone->privatetype, ver, &diff)); CHECK(increment_soa_serial(db, ver, &diff, mctx)); - CHECK(sign_apex(zone, db, ver, dns_rdatatype_soa, - &diff)); - CHECK(zone_journal(zone, &diff, "zone_rekey")); + CHECK(add_chains(zone, db, ver, &diff)); + CHECK(sign_apex(zone, db, ver, &diff, &sig_diff)); + CHECK(zone_journal(zone, &sig_diff, "zone_rekey")); commit = ISC_TRUE; } } @@ -13938,7 +13990,7 @@ zone_rekey(dns_zone_t *zone) { * Has a new key become active? If so, is it for * a new algorithm? */ - for (tuple = ISC_LIST_HEAD(diff.tuples); + for (tuple = ISC_LIST_HEAD(sig_diff.tuples); tuple != NULL; tuple = ISC_LIST_NEXT(tuple, link)) { dns_rdata_dnskey_t dnskey; @@ -14017,7 +14069,7 @@ zone_rekey(dns_zone_t *zone) { * the full zone, but only with the newly-added * keys. */ - for (tuple = ISC_LIST_HEAD(diff.tuples); + for (tuple = ISC_LIST_HEAD(sig_diff.tuples); tuple != NULL; tuple = ISC_LIST_NEXT(tuple, link)) { dns_rdata_dnskey_t dnskey; @@ -14037,9 +14089,7 @@ zone_rekey(dns_zone_t *zone) { keyid = dst_region_computeid(&r, algorithm); result = zone_signwithkey(zone, algorithm, - keyid, - ISC_TF(tuple->op == - DNS_DIFFOP_DEL)); + keyid, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_signwithkey failed: %s", @@ -14058,7 +14108,7 @@ zone_rekey(dns_zone_t *zone) { * Cause the zone to add/delete NSEC3 chains for the * deferred NSEC3PARAM changes. */ - for (tuple = ISC_LIST_HEAD(diff.tuples); + for (tuple = ISC_LIST_HEAD(sig_diff.tuples); tuple != NULL; tuple = ISC_LIST_NEXT(tuple, link)) { unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE]; @@ -14072,7 +14122,8 @@ zone_rekey(dns_zone_t *zone) { if (!dns_nsec3param_fromprivate(&tuple->rdata, &rdata, buf, sizeof(buf))) continue; - dns_rdata_tostruct(&rdata, &nsec3param, NULL); + result = dns_rdata_tostruct(&rdata, &nsec3param, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3param.flags == 0) continue; @@ -14131,6 +14182,7 @@ zone_rekey(dns_zone_t *zone) { failure: dns_diff_clear(&diff); + dns_diff_clear(&sig_diff); clear_keylist(&dnskeys, mctx); clear_keylist(&keys, mctx); diff --git a/external/bsd/bind/dist/lib/isc/unix/socket.c b/external/bsd/bind/dist/lib/isc/unix/socket.c index 5c85d63415c2..aa15ad3bf68b 100644 --- a/external/bsd/bind/dist/lib/isc/unix/socket.c +++ b/external/bsd/bind/dist/lib/isc/unix/socket.c @@ -1,4 +1,4 @@ -/* $NetBSD: socket.c,v 1.5 2011/02/16 03:47:15 christos Exp $ */ +/* $NetBSD: socket.c,v 1.6 2011/05/29 15:17:10 spz Exp $ */ /* * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") @@ -17,7 +17,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* Id: socket.c,v 1.333.14.1 2011-02-03 05:50:07 marka Exp */ +/* Id: socket.c,v 1.333.14.2 2011-02-18 04:01:16 marka Exp */ /*! \file */ @@ -688,6 +688,8 @@ static const isc_statscounter_t fdwatchstatsindex[] = { isc_sockstatscounter_fdwatchrecvfail }; +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) || \ + defined(USE_WATCHER_THREAD) static void manager_log(isc__socketmgr_t *sockmgr, isc_logcategory_t *category, isc_logmodule_t *module, int level, @@ -710,6 +712,7 @@ manager_log(isc__socketmgr_t *sockmgr, isc_log_write(isc_lctx, category, module, level, "sockmgr %p: %s", sockmgr, msgbuf); } +#endif static void socket_log(isc__socket_t *sock, isc_sockaddr_t *address, diff --git a/external/bsd/bind/lib/libdns/shlib_version b/external/bsd/bind/lib/libdns/shlib_version index f49a08f0c570..a3d5f5d22115 100644 --- a/external/bsd/bind/lib/libdns/shlib_version +++ b/external/bsd/bind/lib/libdns/shlib_version @@ -1,5 +1,5 @@ -# $NetBSD: shlib_version,v 1.6 2011/02/16 03:47:21 christos Exp $ +# $NetBSD: shlib_version,v 1.7 2011/05/29 15:17:10 spz Exp $ # Remember to update distrib/sets/lists/base/shl.* when changing # major=5 -minor=3 +minor=4 diff --git a/external/bsd/bind/lib/libisc/shlib_version b/external/bsd/bind/lib/libisc/shlib_version index f49a08f0c570..a3d5f5d22115 100644 --- a/external/bsd/bind/lib/libisc/shlib_version +++ b/external/bsd/bind/lib/libisc/shlib_version @@ -1,5 +1,5 @@ -# $NetBSD: shlib_version,v 1.6 2011/02/16 03:47:21 christos Exp $ +# $NetBSD: shlib_version,v 1.7 2011/05/29 15:17:10 spz Exp $ # Remember to update distrib/sets/lists/base/shl.* when changing # major=5 -minor=3 +minor=4