* man page improvements
* dnsmasq + dbus + IPv6 linklocal support (requires dnsmasq-2.64)
* sort interface protocols as well as interface (bge0, bge0:ra, bge0:dhcp6)
* add interface scope to exported IPv6 link local addresses
* DUID feature works again
* If we receive >1 MTU in the RA we use the last one
* Expire RA options separately from the RA
* Merge multiple RA options together except when a single is needed
* Some memory leaks plugged
* Don't overwrite invalid memory when DNSSL options begin with a NULL
* Ensure we have a large enough buffer for an escaped DNSSL option from RA
--- 9.9.2-P1 released ---
3407. [security] Named could die on specific queries with dns64 enabled.
[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
--- 9.9.2 released ---
3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
--- 9.9.2rc1 released ---
3370. [bug] Address use after free while shutting down. [RT #30241]
3369. [bug] nsupdate terminated unexpectedly in interactive mode
if built with readline support. [RT #29550]
3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
were not C++ safe.
3367. [bug] dns_dnsseckey_create() result was not being checked.
[RT #30685]
3366. [bug] Fixed Read-After-Write dependency violation for IA64
atomic operations. [RT #25181]
3365. [bug] Removed spurious newlines from log messages in
zone.c [RT #30675]
3363. [bug] Need to allow "forward" and "fowarders" options
in static-stub zones; this had been overlooked.
[RT #30482]
3362. [bug] Setting some option values to 0 in named.conf
could trigger an assertion failure on startup.
[RT #27730]
3361. [bug] "rndc signing -nsec3param" didn't work correctly
when salt was set to '-' (no salt). [RT #30099]
3360. [bug] 'host -w' could die. [RT #18723]
3359. [bug] An improperly-formed TSIG secret could cause a
memory leak. [RT #30607]
3357. [port] Add support for libxml2-2.8.x [RT #30440]
3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
approaching their expiry, so they don't remain
in caches after expiry. [RT #26429]
3355. [port] Use more portable awk in verify system test.
3354. [func] Improve OpenSSL error logging. [RT #29932]
--- 9.9.2b1 released ---
3353. [bug] Use a single task for task exclusive operations.
[RT #29872]
3352. [bug] Ensure that learned server attributes timeout of the
adb cache. [RT #29856]
3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
memory debugging flags are set. [RT #30243]
3350. [bug] Memory read overrun in isc___mem_reallocate if
ISC_MEM_DEBUGCTX memory debugging flag is set.
[RT #30240]
3349. [bug] Change #3345 was incomplete. [RT #30233]
3348. [bug] Prevent RRSIG data from being cached if a negative
record matching the covering type exists at a higher
trust level. Such data already can't be retrieved from
the cache since change 3218 -- this prevents it
being inserted into the cache as well. [RT #26809]
3347. [bug] dnssec-settime: Issue a warning when writing a new
private key file would cause a change in the
permissions of the existing file. [RT #27724]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3344. [func] New "dnssec-checkds" command checks a zone to
determine which DS records should be published
in the parent zone, or which DLV records should be
published in a DLV zone, and queries the DNS to
ensure that it exists. (Note: This tool depends
on python; it will not be built or installed on
systems that do not have a python interpreter.)
[RT #28099]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
3341. [func] New "dnssec-verify" command checks a signed zone
to ensure correctness of signatures and of NSEC/NSEC3
chains. [RT #23673]
3339. [func] Allow the maximum supported rsa exponent size to be
specified: "max-rsa-exponent-size <value>;" [RT #29228]
3338. [bug] Address race condition in units tests: asyncload_zone
and asyncload_zt. [RT #26100]
3337. [bug] Change #3294 broke support for the multiple keys
in controls. [RT #29694]
3335. [func] nslookup: return a nonzero exit code when unable
to get an answer. [RT #29492]
3334. [bug] Hold a zone table reference while performing a
asyncronous load of a zone. [RT #28326]
3333. [bug] Setting resolver-query-timeout too low can cause
named to not recover if it loses connectivity.
[RT #29623]
3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
3330. [func] Fix missing signatures on NOERROR results despite
RPZ rewriting. Also
- add optional "recursive-only yes|no" to the
response-policy statement
- add optional "max-policy-ttl" to the response-policy
statement to limit the false data that
"recursive-only no" can introduce into
resolvers' caches
- add a RPZ performance test to bin/tests/system/rpz
when queryperf is available.
- the encoding of PASSTHRU action to "rpz-passthru".
(The old encoding is still accepted.)
[RT #26172]
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451]
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
[RT #29401]
3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
the TOOLDIR version of libnbcompat, associated include files,
and associated defs.mk file, instead of the version from the
.OBJDIR of src/tools/compat. This should fix PR 47188.
ppc64 toolchain where function names are prefixed with a period, so "data"
becomes ".data" and ".data" is confused by the assembler with the segment
directive with the same name. Clearly this is a toolchain issue; we should
be able to call functions "text" and "data" but it is simpler to fix the
code rather than the toolchain.
Elftosb is used to create a digitaly signed "secure boot" file.
This sb file can be booted by the first stage boot loader found in
Freescale i.MX23 and i.MX28 application processors.
Copyright (c) 2004-2010 Freescale Semiconductor, Inc.
The function uses a static variable (stringpool_contents)
and this is not allowed in an inline function with external linkage.
Found by clang -Wstatic-in-inline.
below.
OK'ed by board@ some time ago.
This version of the firmware allows the gpu/arm memory split to be
configured in config.txt using the gpu_mem= option.
Copyright (c) 2006, Broadcom Corporation.
All rights reserved.
Redistribution. Redistribution and use in binary form, without
modification, are permitted provided that the following conditions are
met:
* This software may only be used for the purposes of developing for,
running or using a Raspberry Pi device.
* Redistributions must reproduce the above copyright notice and the
following disclaimer in the documentation and/or other materials
provided with the distribution.
* Neither the name of Broadcom Corporation nor the names of its suppliers
may be used to endorse or promote products derived from this software
without specific prior written permission.
DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
christos