Commit Graph

122 Commits

Author SHA1 Message Date
christos
946275102f merge local changes between dhcp-4.4.2 and dhcp-4.4.2-P1 2021-05-26 22:52:31 +00:00
christos
2e8b2e06c5 Import dhcp-4.4.2-P1:
! Corrected a buffer overwrite possible when parsing hexadecimal
   literals with more than 1024 octets. Reported by Jon Franklin from Dell,
   and also by Pawel Wieczorkiewicz from Amazon Web Services.
   [Gitlab #182]
   CVE: CVE-2021-25217
2021-05-26 22:48:40 +00:00
christos
2f967ad4a3 Add missing call to libdhcp_callbacks_register(). Should stop
dhcrelay() crashing when accessing *libdhcp_callbacks.local_port.
(from mrg@)
2021-05-21 21:07:37 +00:00
rillig
2ef2b36bb5 bind: remove unnecessary CONSTCOND
Lint does not need this anymore, since 2021-01-31.
2021-05-04 13:40:34 +00:00
rillig
b640b0e245 bind: fix Clang build
I had already fixed this on 2021-03-27, but the fix was accidentally
reverted on 2021-04-29 when updating to bind 9.16.15.
2021-05-04 13:16:06 +00:00
christos
99a1c29847 Merge our changes between bind 9.16.12 and 9.16.15 2021-04-29 17:26:09 +00:00
christos
0c407023b5 Import bind-9.16.15
Changes since bind-9.16.12:

	--- 9.16.15 released ---

5621.	[bug]		Due to a backporting mistake in change 5609, named
			binaries built against a Kerberos/GSSAPI library whose
			header files did not define the GSS_SPNEGO_MECHANISM
			preprocessor macro were not able to start if their
			configuration included the "tkey-gssapi-credential"
			option. This has been fixed. [GL #2634]

5620.	[bug]		If zone journal files written by BIND 9.16.11 or earlier
			were present when BIND was upgraded, the zone file for
			that zone could have been inadvertently rewritten with
			the current zone contents. This caused the original zone
			file structure (e.g. comments, $INCLUDE directives) to
			be lost, although the zone data itself was preserved.
			This has been fixed. [GL #2623]

	--- 9.16.14 released ---

5617.	[security]	A specially crafted GSS-TSIG query could cause a buffer
			overflow in the ISC implementation of SPNEGO.
			(CVE-2021-25216) [GL #2604]

5616.	[security]	named crashed when a DNAME record placed in the ANSWER
			section during DNAME chasing turned out to be the final
			answer to a client query. (CVE-2021-25215) [GL #2540]

5615.	[security]	Insufficient IXFR checks could result in named serving a
			zone without an SOA record at the apex, leading to a
			RUNTIME_CHECK assertion failure when the zone was
			subsequently refreshed. This has been fixed by adding an
			owner name check for all SOA records which are included
			in a zone transfer. (CVE-2021-25214) [GL #2467]

5614.	[bug]		Ensure all resources are properly cleaned up when a call
			to gss_accept_sec_context() fails. [GL #2620]

5613.	[bug]		It was possible to write an invalid transaction header
			in the journal file for a managed-keys database after
			upgrading. This has been fixed. Invalid headers in
			existing journal files are detected and named is able
			to recover from them. [GL #2600]

5611.	[func]		Set "stale-answer-client-timeout" to "off" by default.
			[GL #2608]

5610.	[bug]		Prevent a crash which could happen when a lookup
			triggered by "stale-answer-client-timeout" was attempted
			right after recursion for a client query finished.
			[GL #2594]

5609.	[func]		The ISC implementation of SPNEGO was removed from BIND 9
			source code. It was no longer necessary as all major
			contemporary Kerberos/GSSAPI libraries include support
			for SPNEGO. [GL #2607]

5608.	[bug]		When sending queries over TCP, dig now properly handles
			"+tries=1 +retry=0" by not retrying the connection when
			the remote server closes the connection prematurely.
			[GL #2490]

5607.	[bug]		As "rndc dnssec -checkds" and "rndc dnssec -rollover"
			commands may affect the next scheduled key event,
			reconfiguration of zone keys is now triggered after
			receiving either of these commands to prevent
			unnecessary key rollover delays. [GL #2488]

5606.	[bug]		CDS/CDNSKEY DELETE records are now removed when a zone
			transitions from a secure to an insecure state.
			named-checkzone also no longer reports an error when
			such records are found in an unsigned zone. [GL #2517]

5605.	[bug]		"dig -u" now uses the CLOCK_REALTIME clock source for
			more accurate time reporting. [GL #2592]

5603.	[bug]		Fix a memory leak that occurred when named failed to
			bind a UDP socket to a network interface. [GL #2575]

5602.	[bug]		Fix TCPDNS and TLSDNS timers in Network Manager. This
			makes the "tcp-initial-timeout" and "tcp-idle-timeout"
			options work correctly again. [GL #2583]

5601.	[bug]		Zones using KASP could not be thawed after they were
			frozen using "rndc freeze". This has been fixed.
			[GL #2523]

	--- 9.16.13 released ---

5597.	[bug]		When serve-stale was enabled and starting the recursive
			resolution process for a query failed, a named instance
			could crash if it was configured as both a recursive and
			authoritative server. This problem was introduced by
			change 5573 and has now been fixed. [GL #2565]

5595.	[cleanup]	Public header files for BIND 9 libraries no longer
			directly include third-party library headers. This
			prevents the need to include paths to third-party header
			files in CFLAGS whenever BIND 9 public header files are
			used, which could cause build-time issues on hosts with
			older versions of BIND 9 installed. [GL #2357]

5594.	[bug]		Building with --enable-dnsrps --enable-dnsrps-dl failed.
			[GL #2298]

5593.	[bug]		Journal files written by older versions of named can now
			be read when loading zones, so that journal
			incompatibility does not cause problems on upgrade.
			Outdated journals are updated to the new format after
			loading. [GL #2505]

5592.	[bug]		Prevent hazard pointer table overflows on machines with
			many cores, by allowing the thread IDs (serving as
			indices into hazard pointer tables) of finished threads
			to be reused by those created later. [GL #2396]

5591.	[bug]		Fix a crash that occurred when
			"stale-answer-client-timeout" was triggered without any
			(stale) data available in the cache to answer the query.
			[GL #2503]

5590.	[bug]		NSEC3 records were not immediately created for dynamic
			zones using NSEC3 with "dnssec-policy", resulting in
			such zones going bogus. Add code to process the
			NSEC3PARAM queue at zone load time so that NSEC3 records
			for such zones are created immediately. [GL #2498]

5588.	[func]		Add a new "purge-keys" option for "dnssec-policy". This
			option determines the period of time for which key files
			are retained after they become obsolete. [GL #2408]

5586.	[bug]		An invalid direction field in a LOC record resulted in
			an INSIST failure when a zone file containing such a
			record was loaded. [GL #2499]

5584.	[bug]		No longer set the IP_DONTFRAG option on UDP sockets, to
			prevent dropping outgoing packets exceeding
			"max-udp-size". [GL #2466]

5582.	[bug]		BIND 9 failed to build when static OpenSSL libraries
			were used and the pkg-config files for libssl and/or
			libcrypto were unavailable. This has been fixed by
			ensuring that the correct linking order for libssl and
			libcrypto is always used. [GL #2402]

5581.	[bug]		Fix a memory leak that occurred when inline-signed zones
			were added to the configuration, followed by a
			reconfiguration of named. [GL #2041]

5580.	[test]		The system test framework no longer differentiates
			between SKIPPED and UNTESTED system test results. Any
			system test which is not run is now marked as SKIPPED.
			[GL !4517]

5573.	[func]		When serve-stale is enabled and stale data is available,
			named now returns stale answers upon encountering any
			unexpected error in the query resolution process.
			However, the "stale-refresh-time" window is still only
			started upon a timeout. [GL #2434]

5564.	[cleanup]	Network manager's TLSDNS module was refactored to use
			libuv and libssl directly instead of a stack of TCP/TLS
			sockets. [GL #2335]
2021-04-29 16:46:17 +00:00
mrg
97b36aa771 more GCC 10 fixes.
mDNSResponder: another wrong return local address

dhcp: ignore a seemingly impossible stringop overflow

hpacel: avoid maybe uninitialised error that is wrong.

rsh: avoid impossible malloc(0)

udf: cast pointers through (uintptr_t) to fool invalid boundary checks
2021-04-13 06:25:48 +00:00
mrg
72ab974e26 use -fcommon here too. 2021-04-13 04:14:46 +00:00
mrg
d212f498b1 use -fcommon. 2021-04-13 01:15:57 +00:00
rillig
42b2655873 bind: remove unnecessary local modifications
No functional change.
2021-04-05 11:36:55 +00:00
rillig
9baf44dc24 bind: remove non-canonical redundant CONSTCOND comments
Since lint1/tree.c 1.202 from 2021-01-31, lint no longer needs the
/*CONSTCOND*/ for do-while-0 "loops".

No functional change.
2021-04-05 11:29:49 +00:00
rillig
53cc4e50ec bind: remove unnecessary CONSTCOND comments
Since lint1/tree.c 1.202 from 2021-01-31, lint no longer needs the
/*CONSTCOND*/ for do-while-0 "loops".

No functional change.
2021-04-05 11:26:59 +00:00
rillig
3804823a53 bind: remove obsolete local modifications
The duplicate include has been added upstream, further up in the file.

Since lint1/tree.c 1.202 from 2021-01-31, lint no longer needs the
/*CONSTCOND*/ for do-while-0 "loops".
2021-04-05 10:54:05 +00:00
rillig
a767eed121 bind: remove workaround for bugs in lint
The bugs have been fixed in lint1/init.c 1.179 from 2021-03-30.
2021-04-05 10:19:34 +00:00
christos
e2ae7bf227 Don't block signals if we are not bind (because if we are not bind, we don't
sigwait(2)).
2021-04-03 22:44:43 +00:00
christos
bf20da46a0 prefixing lwp names with isc- adds no useful information and causes
truncation of the useful part.
2021-04-03 22:20:26 +00:00
christos
db01aa907d Add plugin glue (simon@) 2021-03-31 04:37:50 +00:00
rillig
c74ec7a475 bind: fix typo in stdatomic to support lint + Clang
Before this fix, lint complained:
> dist/lib/isc/queue.c(203): error: expected undefined [99]

https://gitlab.isc.org/isc-projects/bind9/-/issues/2601
2021-03-27 00:06:27 +00:00
christos
adb6523077 Consistently comment out code that lint can't handle (yet?) 2021-03-23 20:59:02 +00:00
christos
f089647658 We have _Alignas now 2021-03-23 20:57:10 +00:00
christos
1cab48c7ca remove extra ;'s 2021-03-23 20:56:25 +00:00
rillig
886197979c bind: remove the workaround for a bug in lint for compound literals
This bug has been fixed in init.c 1.111 from a few minutes ago.
2021-03-23 18:46:07 +00:00
rillig
22b59a10f3 bind: fix workaround for bug in lint
The previous attempt resulted in a 'syntax error'.
2021-03-22 15:12:24 +00:00
wiz
2c99edc276 Use standard section names, sort, use more macros. 2021-03-21 21:26:00 +00:00
christos
d5f25ae86c revert the unintentional whitespace changes 2021-03-21 16:21:35 +00:00
christos
04e21b4bb6 Remove some obsolete information and add some more recent additions from
the nslookup.1 page in the distribution. Consider replacing this man page
with the one from the distribution, since this manual page describes options
available only in the original implemementation. On the other hand, this
man page is mdoc, not man... (Takahiro Kambe)
2021-03-21 16:12:37 +00:00
christos
51673057e9 Locking protocol changed again, adjust. 2021-02-22 01:31:51 +00:00
christos
a10402a4f1 libisc needs libssl now 2021-02-20 01:43:04 +00:00
christos
fce770bd40 merge conflicts, adjust build. 2021-02-19 16:42:08 +00:00
christos
a111e46cec --- 9.16.12 released ---
5578.	[protocol]	Make "check-names" accept A records below "_spf",
			"_spf_rate", and "_spf_verify" labels in order to cater
			for the "exists" SPF mechanism specified in RFC 7208
			section 5.7 and appendix D.1. [GL #2377]

5577.	[bug]		Fix the "three is a crowd" key rollover bug in KASP by
			correctly implementing Equation (2) of the "Flexible and
			Robust Key Rollover" paper. [GL #2375]

5575.	[bug]		When migrating to KASP, BIND 9 considered keys with the
			"Inactive" and/or "Delete" timing metadata to be
			possible active keys. This has been fixed. [GL #2406]

5572.	[bug]		Address potential double free in generatexml().
			[GL #2420]

5571.	[bug]		named failed to start when its configuration included a
			zone with a non-builtin "allow-update" ACL attached.
			[GL #2413]

5570.	[bug]		Improve performance of the DNSSEC verification code by
			reducing the number of repeated calls to
			dns_dnssec_keyfromrdata(). [GL #2073]

5569.	[bug]		Emit useful error message when "rndc retransfer" is
			applied to a zone of inappropriate type. [GL #2342]

5568.	[bug]		Fixed a crash in "dnssec-keyfromlabel" when using ECDSA
			keys. [GL #2178]

5567.	[bug]		Dig now reports unknown dash options while pre-parsing
			the options. This prevents "-multi" instead of "+multi"
			from reporting memory usage before ending option parsing
			with "Invalid option: -lti". [GL #2403]

5566.	[func]		Add "stale-answer-client-timeout" option, which is the
			amount of time a recursive resolver waits before
			attempting to answer the query using stale data from
			cache. [GL #2247]

5565.	[func]		The SONAMEs for BIND 9 libraries now include the current
			BIND 9 version number, in an effort to tightly couple
			internal libraries with a specific release. [GL #2387]

5562.	[security]	Fix off-by-one bug in ISC SPNEGO implementation.
			(CVE-2020-8625) [GL #2354]

5561.	[bug]		KASP incorrectly set signature validity to the value of
			the DNSKEY signature validity. This is now fixed.
			[GL #2383]

5560.	[func]		The default value of "max-stale-ttl" has been changed
			from 12 hours to 1 day and the default value of
			"stale-answer-ttl" has been changed from 1 second to 30
			seconds, following RFC 8767 recommendations. [GL #2248]

5456.	[func]		Added "primaries" as a synonym for "masters" in
			named.conf, and "primary-only" as a synonym for
			"master-only" in the parameters to "notify", to bring
			terminology up-to-date with RFC 8499. [GL #1948]

5362.	[func]		Limit the size of IXFR responses so that AXFR will
			be used instead if it would be smaller. This is
			controlled by the "max-ixfr-ratio" option, which
			is a percentage representing the ratio of IXFR size
			to the size of the entire zone. This value cannot
			exceed 100%, which is the default. [GL #1515]

	--- 9.16.11 released ---

5559.	[bug]		The --with-maxminddb=PATH form of the build-time option
			enabling support for libmaxminddb was not working
			correctly. This has been fixed. [GL #2366]

5557.	[bug]		Prevent RBTDB instances from being destroyed by multiple
			threads at the same time. [GL #2317]

5556.	[bug]		Further tweak newline printing in dnssec-signzone and
			dnssec-verify. [GL #2359]

5555.	[bug]		server->reload_status was not properly initialized.
			[GL #2361]

5554.	[bug]		dnssec-signzone and dnssec-verify were missing newlines
			between log messages. [GL #2359]

5553.	[bug]		When reconfiguring named, removing "auto-dnssec" did not
			turn off DNSSEC maintenance. [GL #2341]

5552.	[func]		When switching to "dnssec-policy none;", named now
			permits a safe transition to insecure mode and publishes
			the CDS and CDNSKEY DELETE records, as described in RFC
			8078. [GL #1750]

5551.	[bug]		named no longer attempts to assign threads to CPUs
			outside the CPU affinity set. Thanks to Ole Bjørn
			Hessen. [GL #2245]

5550.	[func]		dnssec-signzone and named now log a warning when falling
			back to the "increment" SOA serial method. [GL #2058]

5545.	[func]		OS support for load-balanced sockets is no longer
			required to receive incoming queries in multiple netmgr
			threads. [GL #2137]

5543.	[bug]		Fix UDP performance issues caused by making netmgr
			callbacks asynchronous-only. [GL #2320]

5542.	[bug]		Refactor netmgr. [GL #1920] [GL #2034] [GL #2061]
			[GL #2194] [GL #2221] [GL #2266] [GL #2283] [GL #2318]
			[GL #2321]

	--- 9.16.10 released ---

5544.	[func]		Restore the default value of "nocookie-udp-size" to 4096
			bytes. [GL #2250]

5541.	[func]		Adjust the "max-recursion-queries" default from 75 to
			100. [GL #2305]

5540.	[port]		Fix building with native PKCS#11 support for AEP Keyper.
			[GL #2315]

5539.	[bug]		Tighten handling of missing DNS COOKIE responses over
			UDP by falling back to TCP. [GL #2275]

5538.	[func]		Add NSEC3 support to KASP. A new option for
			"dnssec-policy", "nsec3param", can be used to set the
			desired NSEC3 parameters. NSEC3 salt collisions are
			automatically prevented during resalting. Salt
			generation is now logged with zone context. [GL #1620]

5534.	[bug]		The CNAME synthesized from a DNAME was incorrectly
			followed when the QTYPE was CNAME or ANY. [GL #2280]

	--- 9.16.9 released ---

5533.	[func]		Add the "stale-refresh-time" option, a time window that
			starts after a failed lookup, during which a stale RRset
			is served directly from cache before a new attempt to
			refresh it is made. [GL #2066]

5530.	[bug]		dnstap did not capture responses to forwarded UPDATE
			requests. [GL #2252]

5527.	[bug]		A NULL pointer dereference occurred when creating an NTA
			recheck query failed. [GL #2244]

5525.	[bug]		Change 5503 inadvertently broke cross-compilation by
			replacing a call to AC_LINK_IFELSE() with a call to
			AC_RUN_IFELSE() in configure.ac.  This has been fixed,
			making cross-compilation possible again. [GL #2237]

5523.	[bug]		The initial lookup in a zone transitioning to/from a
			signed state could fail if the DNSKEY RRset was not
			found. [GL #2236]

5522.	[bug]		Fixed a race/NULL dereference in TCPDNS send. [GL #2227]

5520.	[bug]		Fixed a number of shutdown races, reference counting
			errors, and spurious log messages that could occur
			in the network manager. [GL #2221]

5518.	[bug]		Stub zones now work correctly with primary servers using
			"minimal-responses yes". [GL #1736]

5517.	[bug]		Do not treat UV_EOF as a TCP4RecvErr or a TCP6RecvErr.
			[GL #2208]

	--- 9.16.8 released ---

5516.	[func]		The default EDNS buffer size has been changed from 4096
			to 1232 bytes. [GL #2183]

5515.	[func]		Add 'rndc dnssec -rollover' command to trigger a manual
			rollover for a specific key. [GL #1749]

5514.	[bug]		Fix KASP expected key size for Ed25519 and Ed448.
			[GL #2171]

5513.	[doc]		The ARM section describing the "rrset-order" statement
			was rewritten to make it unambiguous and up-to-date with
			the source code. [GL #2139]

5512.	[bug]		"rrset-order" rules using "order none" were causing
			named to crash despite named-checkconf treating them as
			valid. [GL #2139]

5511.	[bug]		'dig -u +yaml' failed to display timestamps to the
			microsecond. [GL #2190]

5510.	[bug]		Implement the attach/detach semantics for dns_message_t
			to fix a data race in accessing an already-destroyed
			fctx->rmessage. [GL #2124]

5509.	[bug]		filter-aaaa: named crashed upon shutdown if it was in
			the process of recursing for A RRsets. [GL #1040]

5508.	[func]		Added new parameter "-expired" for "rndc dumpdb" that
			also prints expired RRsets (awaiting cleanup) to the
			dump file. [GL #1870]

5507.	[bug]		Named could compute incorrect SIG(0) responses.
			[GL #2109]

5506.	[bug]		Properly handle failed sysconf() calls, so we don't
			report invalid memory size. [GL #2166]

5505.	[bug]		Updating contents of a mixed-case RPZ could cause some
			rules to be ignored. [GL #2169]

5503.	[bug]		Cleaned up reference counting of network manager
			handles, now using isc_nmhandle_attach() and _detach()
			instead of _ref() and _unref(). [GL #2122]

	--- 9.16.7 released ---

5501.	[func]		Log CDS/CDNSKEY publication. [GL #1748]

5500.	[bug]		Fix (non-)publication of CDS and CDNSKEY records.
			[GL #2103]

5499.	[func]		Add '-P ds' and '-D ds' arguments to dnssec-settime.
			[GL #1748]

5497.	[bug]		'dig +bufsize=0' failed to disable EDNS. [GL #2054]

5496.	[bug]		Address a TSAN report by ensuring each rate limiter
			object holds a reference to its task. [GL #2081]

5495.	[bug]		With query minimization enabled, named failed to
			resolve ip6.arpa. names that had extra labels to the
			left of the IPv6 part. [GL #1847]

5494.	[bug]		Silence the EPROTO syslog message on older systems.
			[GL #1928]

5493.	[bug]		Fix off-by-one error when calculating new hash table
			size. [GL #2104]

5492.	[bug]		Tighten LOC parsing to reject a period (".") and/or "m"
			as a value. Fix handling of negative altitudes which are
			not whole meters. [GL #2074]

5491.	[bug]		rbtversion->glue_table_size could be read without the
			appropriate lock being held. [GL #2080]

5489.	[bug]		Named erroneously accepted certain invalid resource
			records that were incorrectly processed after
			subsequently being written to disk and loaded back, as
			the wire format differed. Such records include: CERT,
			IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
			X25. [GL !3953]

5488.	[bug]		NTA code needed to have a weak reference on its
			associated view to prevent the latter from being deleted
			while NTA tests were being performed. [GL #2067]

5486.	[func]		Add 'rndc dnssec -checkds' command, which signals to
			named that the DS record for a given zone or key has
			been updated in the parent zone. [GL #1613]

	--- 9.16.6 released ---

5484.	[func]		Expire zero TTL records quickly rather than using them
			for stale answers. [GL #1829]

5483.	[func]		A new configuration option "stale-cache-enable" has been
			introduced to enable or disable keeping stale answers in
			cache. [GL #1712]

5482.	[bug]		If the Duplicate Address Detection (DAD) mechanism had
			not yet finished after adding a new IPv6 address to the
			system, BIND 9 would fail to bind to IPv6 addresses in a
			tentative state. [GL #2038]

5481.	[security]	"update-policy" rules of type "subdomain" were
			incorrectly treated as "zonesub" rules, which allowed
			keys used in "subdomain" rules to update names outside
			of the specified subdomains. The problem was fixed by
			making sure "subdomain" rules are again processed as
			described in the ARM. (CVE-2020-8624) [GL #2055]

5480.	[security]	When BIND 9 was compiled with native PKCS#11 support, it
			was possible to trigger an assertion failure in code
			determining the number of bits in the PKCS#11 RSA public
			key with a specially crafted packet. (CVE-2020-8623)
			[GL #2037]

5479.	[security]	named could crash in certain query resolution scenarios
			where QNAME minimization and forwarding were both
			enabled. (CVE-2020-8621) [GL #1997]

5478.	[security]	It was possible to trigger an assertion failure by
			sending a specially crafted large TCP DNS message.
			(CVE-2020-8620) [GL #1996]

5477.	[bug]		The idle timeout for connected TCP sockets, which was
			previously set to a high fixed value, is now derived
			from the client query processing timeout configured for
			a resolver. [GL #2024]

5476.	[security]	It was possible to trigger an assertion failure when
			verifying the response to a TSIG-signed request.
			(CVE-2020-8622) [GL #2028]

5475.	[bug]		Wildcard RPZ passthru rules could incorrectly be
			overridden by other rules that were loaded from RPZ
			zones which appeared later in the "response-policy"
			statement. This has been fixed. [GL #1619]

5474.	[bug]		dns_rdata_hip_next() failed to return ISC_R_NOMORE
			when it should have. [GL !3880]

5473.	[func]		The RBT hash table implementation has been changed
			to use a faster hash function (HalfSipHash2-4) and
			Fibonacci hashing for better distribution. Setting
			"max-cache-size" now preallocates a fixed-size hash
			table so that rehashing does not cause resolution
			brownouts while the hash table is grown. [GL #1775]

5471.	[bug]		The introduction of KASP support inadvertently caused
			the second field of "sig-validity-interval" to always be
			calculated in hours, even in cases when it should have
			been calculated in days. This has been fixed. (Thanks to
			Tony Finch.) [GL !3735]

5469.	[port]		On illumos, a constant called SEC is already defined in
			<sys/time.h>, which conflicts with an identically named
			constant in libbind9. This conflict has been resolved.
			[GL #1993]

5468.	[bug]		Addressed potential double unlock in process_fd().
			[GL #2005]

5466.	[bug]		Addressed an error in recursive clients stats reporting.
			[GL #1719]

5465.	[func]		Added fallback to built-in trust-anchors, managed-keys,
			or trusted-keys if the bindkeys-file (bind.keys) cannot
			be parsed. [GL #1235]

5464.	[bug]		Requesting more than 128 files to be saved when rolling
			dnstap log files caused a buffer overflow. This has been
			fixed. [GL #1989]

5462.	[bug]		Move LMDB locking from LMDB itself to named. [GL #1976]

5461.	[bug]		The STALE rdataset header attribute was updated while
			the write lock was not being held, leading to incorrect
			statistics. The header attributes are now converted to
			use atomic operations. [GL #1475]
2021-02-19 16:37:01 +00:00
christos
a98351bd74 Reset options on every loop. 2021-01-13 17:01:31 +00:00
christos
7e0da10f84 If an option is not found in the standard table, log it and don't try to
dereference it. This prevents crashes from XenServer VM that PXE boots and
includes option 175 in the DHCP request. Reported by Stephen Borrill.
2021-01-13 15:51:49 +00:00
rin
a8c74629f6 Support aarch64eb in */config.guess.
Cherry-picked from upstream:
https://git.savannah.gnu.org/gitweb/?p=config.git;a=commit;h=1c4398015583eb77bc043234f5734be055e64bea

Everything except external/apache2/llvm/dist/llvm/cmake/config.guess
is patched, which is under vendor tag and cannot be modified. I expect
that this file is not actually used as we use hand-crafted version of
configure script instead of cmake for building LLVM.

Note that external/apache2/llvm/autoconf/autoconf/config.guess has
already been committed on Oct. 20, but commit message disappeared as
cvs aborted due to "permission denied" when trying to modify the file
mentioned above. Sorry for confusing you.

Also note that GMP uses its own config.guess Patch for
external/lgpl3/gmp/dist/config.guess is provided by ryo@. Thanks!
2020-11-17 10:35:10 +00:00
christos
a7e74f3dc5 Don't use static buffers to store format strings; this is a multi-threaded
program and if we print from multiple threads we can end up overwriting the
formats while printf is formating and that can end up in tears.
2020-11-12 22:11:03 +00:00
christos
812f89458a Locking protocol changed again, unlock after send/recv 2020-08-29 16:07:11 +00:00
christos
56e2dc54c3 Merge conflicts 2020-08-03 21:10:56 +00:00
christos
f9d8f0dfa6 Internet Systems Consortium DHCP Distribution
Version 4.4.2
                            22 January 2020
                             Release Notes

                              NEW FEATURES

Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.

While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:

- Keama - Keama is a migration utility that assists in converting ISC DHCP
  server configuration files to Kea configuration files.  It is found in the
  keama subdirectory and includes a README.md file with instructions on how
  to build it as well as a manpage on its usage.

- Two new server parameters related to ping checking were added:

1. ping-cltt-secs which allows the user to specify the number of seconds
   that must elapse since CLTT before a ping check is conducted.

2. ping-timeout-ms which allows the user to specify the amount of time the
   server waits for a ping-check response in milliseconds rather than in
   seconds.

In general, the areas of focus for ISC DHCP 4.4 were:

1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries

Dynamic DNS Improvements:

- We added three new server configuration parameters which influence DDNS
  conflict resolution:

    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
    to mitigate issues with non-compliant clients in dual stack environments.

    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
    requirement of DNS conflict resolution.

    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
    allow unguarded DNS entries to be overwritten in certain cases

- The server now honors update-static-leases parameter for static DHCPv6
  hosts.

dhclient Improvements:

  - We've added three command line parameters to dhclient:

    1. --prefix-len-hint - directs dhclient to use the given length as
    the prefix length hint when requesting prefixes

    2. --decline-wait-time - instructs the client to wait the given number
    of seconds after declining an IPv4 address before issuing a discover

    3. --address-prefix-len - specifies the prefix length passed by dhclient
    into the client script (via the environment variable ip6_prefixlen) with
    each IPv6 address.  We added this parameter because we have changed the
    default value from 64 to 128 in order to be compliant with RFC3315bis
    draft (-09, page 64) and RFC5942, Section 4, point 1.
    **WARNING**: The new default value of 128 may not be backwardly compatible
    with your environment. If you are operating without a router, such as
    between VMs on a host, you may find they cannot see each other with prefix
    length of 128. In such cases, you'll need to either provide routing or use
    the command line parameter to set the value to 64. Alternatively you may
    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
    in includes/site.h.

  - dhclient will now generate a DHCPv6 DECLINE message when the client script
    indicates a DAD failure

Dynamic shared library support:

  Configure script, configure.ac+lt, which supports libtool is now provided
  with the source tar ball.  This script can be used to configure ISC DHCP
  to build with libtool and thus use dynamic shared libraries.

Other Highlights:

 - The server now supports dhcp-cache-threshold for DHCPv6 operations
 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
 - Experimental support for alternate relay port in the both the server
   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)

For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.

ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.

The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.

ISC DHCP is open source software maintained by Internet Systems
Consortium.  This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).

		Changes since 4.4.2b1 (Bug Fixes)

- Added a clarification on DHCPINFORMs and server authority to
  dhcpd.conf.5
  [Gitlab #37]

- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
  is defined.
  [Gitlab #72]

- Added the interface name to socket initialization failure log messages.
  Prior to this the log messages stated only the error reason without
  stating the target interface.
  [Gitlab #75]

- Corrected buffer pointer logic in dhcrelay functions that manipulate
  agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
  & Mitigations for reporting the issue.
  [#71]

- Corrected unresolved symbol errors building relay_unittests when
  configured to build using libtool.
  [#80]

		Changes since 4.4.1 (New Features)

- A new configuration parameter, ping-cltt-secs (v4 operation only), has
  been added to allow the user to specify the number of seconds that must
  elapse since CLTT before a ping check is conducted.  Prior to this, the
  value was hard coded at 60 seconds.  Please see the server man pages for
  a more detailed discussion.
  [ISC-Bugs #36283]

- A new configuration parameter, ping-timeout-ms (v4 operation only),
  has been added that allows the user to specify the amount of time
  the server waits for a ping-check response in milliseconds rather
  than in seconds (via ping-timeout). When greater than zero, the value
  of ping-timeout-ms will override the value of ping-timeout.  Thanks
  to Jay Doran from Bluecat Networks for suggesting this feature.
  [Gitlab #10]

- An experimental tool called, Keama (KEA Migration Assistant), which helps
  translate ISC DHCP configurations to Kea configurations, is now included
  in the distribution.
  [Gitlab #34]

		Changes since 4.4.1 (Bug Fixes)

- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
  carried out over TCP rather than UDP. The coding error was exposed by
  migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
  reporting the issue.
  [ISC-Bugs #47757]

- Bind9 now defaults to requiring python to build. The Makefile for
  building Bind9 when bundled with ISC DHCP was modified to turn off
  this dependency.
  [Gitlab #3]

- Corrected a dual-stack mixed-mode issue that occurs when both
  ddns-guard-id-must-match and ddns-other-guard-is-dynamic
  are enabled and that caused the server to incorrectly interpret
  the presence of a guard record belonging to another client as
  a case of no guard record at all.  Thanks to Fernando Soto
  from BlueCat Networks for reporting this issue.
  [Gitlab #1]

- Corrected a compilation issue that occurred when building without DNS
  update ability (e.g. by undefining NSUPDATE).
  [Gitlab #16]

- Corrected an issue that was causing the server, when running in
  DHPCv4 mode, to segfault when class lease limits are reached.
  Thanks to Peter Nagy at Porion-Digital for reporting the matter
  and submitting a patch.
  [Gitlab #13]

- Made minor changes to eliminate warnings when compiled with GCC 9.
  Thanks to Brett Neumeier for bringing the matter to our attention.
  [Gitlab #15]

- Fixed potential memory leaks in parser error message generation
  spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
  [Gitlab #30]

- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
  to Tommy Smith for contributing the patch.
  [Gitlab #26]

- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
  reporting the issue.
  [GitLab #19]

- Applied a patch from OpenBSD to always set the scope id of outbound
  DHPCv6 packets.  Note this change only applies when compiling under
  OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
  attention.
  [Gitlab #33]

- Modified dhclient to not discard config file leases that are
  duplicates of server-provided leases and to retain such leases
  after they have been used as the fallback active lease and
  DHCP service has been restored.  This allows them to be used
  more than once during the lifetime of a dhclient instance.
  This applies to DHCPv4 operation only.
  [Gitlab #9]

- Corrected a number of reference counter and zero-length buffer leaks.
  Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
  pointing them out.
  [Gitlab #57]

- Closed a small window of time between the installation of graceful
  shutdown signal handlers and application context startup, during which
  the receipt of shutdown signal would cause a REQUIRE() assertion to
  occur.  Note this issue is only visible when compiling with
  ENABLE_GENTLE_SHUTDOWN defined.
  [Gitlab #53]

- Corrected a buffer overflow that can occur when retrieving zone
  names that are more than 255 characters in length.
  [Gitlab #20]

- The "d" domain name option format was incorrectly handled as text
  instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
  for reporting this issue.
  [Gitlab #2]

- Improved the error message issued when a host declaration has both
  a uid and a dhcp-client-identifier. Server configuration parsing will
  now fail if a host declaration specifies more than one uid.
  [Gitlab #7]

- Updated developer's documentation on building and running unit tests.
  Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
  source.
  [Gitlab #35]

- Fixed a syntax error in ldap.c which cropped up under Ubuntu
  18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
  [Gitlab #51]

- Added clarification to dhcp-options.5 section on ip-address values
  describing the first-use DNS resolution of options with hostnames as
  values (e.g. next-server).
  [Gitlab #28]

- The option format for the server option omapi-key was changed to a
  format type 'k' (key name); while server options ldap-port and
  ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
  three options were inadvertantly broken when the 'd' format content
  was changed to comply with RFC 1035 wire format (see Gitlab #2).
  [Gitlab #68]
2020-08-03 21:09:06 +00:00
christos
f4f722ea24 Merge conflicts, bump libraries, adjust the build. 2020-08-03 17:23:34 +00:00
christos
11ef341cb9 --- 9.16.5 released ---
5458.	[bug]		Prevent a theoretically possible NULL dereference caused
			by a data race between zone_maintenance() and
			dns_zone_setview_helper(). [GL #1627]

5455.	[bug]		named could crash when cleaning dead nodes in
			lib/dns/rbtdb.c that were being reused. [GL #1968]

5454.	[bug]		Address a startup crash that occurred when the server
			was under load and the root zone had not yet been
			loaded. [GL #1862]

5453.	[bug]		named crashed on shutdown when a new rndc connection was
			received during shutdown. [GL #1747]

5452.	[bug]		The "blackhole" ACL was accidentally disabled for client
			queries. [GL #1936]

5451.	[func]		Add 'rndc dnssec -status' command. [GL #1612]

5449.	[bug]		Fix a socket shutdown race in netmgr udp. [GL #1938]

5448.	[bug]		Fix a race condition in isc__nm_tcpdns_send().
			[GL #1937]

5447.	[bug]		IPv6 addresses ending in "::" could break YAML
			parsing. A "0" is now appended to such addresses
			in YAML output from dig, mdig, delv, and dnstap-read.
			[GL #1952]

5446.	[bug]		The validator could fail to accept a properly signed
			RRset if an unsupported algorithm appeared earlier in
			the DNSKEY RRset than a supported algorithm. It could
			also stop if it detected a malformed public key.
			[GL #1689]

5444.	[bug]		'rndc dnstap -roll <value>' did not limit the number of
			saved files to <value>. [GL !3728]

5443.	[bug]		The "primary" and "secondary" keywords, when used
			as parameters for "check-names", were not
			processed correctly and were being ignored. [GL #1949]

5441.	[bug]		${LMDB_CFLAGS} was missing from make/includes.in.
			[GL #1955]

5440.	[test]		Properly handle missing kyua. [GL #1950]

5439.	[bug]		The DS RRset returned by dns_keynode_dsset() was used in
			a non-thread-safe manner. [GL #1926]

	--- 9.16.4 released ---

5438.	[bug]		Fix a race in TCP accepting code. [GL #1930]

5437.	[bug]		Fix a data race in lib/dns/resolver.c:log_formerr().
			[GL #1808]

5436.	[security]	It was possible to trigger an INSIST when determining
			whether a record would fit into a TCP message buffer.
			(CVE-2020-8618) [GL #1850]

5435.	[tests]		Add RFC 4592 responses examples to the wildcard system
			test. [GL #1718]

5434.	[security]	It was possible to trigger an INSIST in
			lib/dns/rbtdb.c:new_reference() with a particular zone
			content and query patterns. (CVE-2020-8619) [GL #1111]
			[GL #1718]

5431.	[func]		Reject DS records at the zone apex when loading
			master files. Log but otherwise ignore attempts to
			add DS records at the zone apex via UPDATE. [GL #1798]

5430.	[doc]		Update docs - with netmgr, a separate listening socket
			is created for each IPv6 interface (just as with IPv4).
			[GL #1782]

5428.	[bug]		Clean up GSSAPI resources in nsupdate only after taskmgr
			has been destroyed. Thanks to Petr Menšík. [GL !3316]

5426.	[bug]		Don't abort() when setting SO_INCOMING_CPU on the socket
			fails. [GL #1911]

5425.	[func]		The default value of "max-stale-ttl" has been changed
			from 1 week to 12 hours. [GL #1877]

5424.	[bug]		With KASP, when creating a successor key, the "goal"
			state of the current active key (predecessor) was not
			changed and thus never removed from the zone. [GL #1846]

5423.	[bug]		Fix a bug in keymgr_key_has_successor(): it incorrectly
			returned true if any other key in the keyring had a
			successor. [GL #1845]

5422.	[bug]		When using dnssec-policy, print correct key timing
			metadata. [GL #1843]

5421.	[bug]		Fix a race that could cause named to crash when looking
			up the nodename of an RBT node if the tree was modified.
			[GL #1857]

5420.	[bug]		Add missing isc_{mutex,conditional}_destroy() calls
			that caused a memory leak on FreeBSD. [GL #1893]

5418.	[bug]		delv failed to parse deprecated trusted-keys-style
			trust anchors. [GL #1860]

5416.	[bug]		Fix a lock order inversion in lib/isc/unix/socket.c.
			[GL #1859]

5415.	[test]		Address race in dnssec system test that led to
			test failures. [GL #1852]

5414.	[test]		Adjust time allowed for journal truncation to occur
			in nsupdate system test to avoid test failure.
			[GL #1855]

5413.	[test]		Address race in autosign system test that led to
			test failures. [GL #1852]

5412.	[bug]		'provide-ixfr no;' failed to return up-to-date responses
			when the serial was greater than or equal to the
			current serial. [GL #1714]

5411.	[cleanup]	TCP accept code has been refactored to use a single
			accept() and pass the accepted socket to child threads
			for processing. [GL !3320]

5409.	[performance]	When looking up NSEC3 data in a zone database, skip the
			check for empty non-terminal nodes; the NSEC3 tree does
			not have any. [GL #1834]

5408.	[protocol]	Print Extended DNS Errors if present in OPT record.
			[GL #1835]

5407.	[func]		Zone timers are now exported via statistics channel.
			Thanks to Paul Frieden, Verizon Media. [GL #1232]

5405.	[bug]		'named-checkconf -p' could include spurious text in
			server-addresses statements due to an uninitialized DSCP
			value. [GL #1812]
2020-08-03 17:07:01 +00:00
christos
2f0bfbf344 Rename blacklist -> blocklist 2020-06-15 01:57:29 +00:00
fox
6ed49867f1 external/mpl/dhcp: Suppress -Werror=stringop-truncation error
This logic correctly uses strncpy(3) to fully initialize a fixed-width field, and also ensures
NUL-termination on the next line as other users of the field expect.

Add -Werror=stringop-truncation to prevent build failure, when run with MKSANITIZER=yes.

Error was reported when build.sh was run with MKSANITIZER=yes flag.

Reviewed by: kamil@
2020-06-07 23:29:16 +00:00
christos
2326a56e4c Fix the vax build: vax is special and always builds pic code. 2020-06-03 02:07:52 +00:00
christos
0ccd2509dd Locking protocol changed; the internal routines are now called with the
socket locked. Adjust for that.
2020-06-01 18:55:37 +00:00
christos
4944dbf225 sync with regular socket code (no effect) 2020-05-31 17:45:02 +00:00
christos
e4bfa5b301 Make libuv private, requested by joerg@ 2020-05-30 20:47:58 +00:00
christos
87a2227e1c Fix static build 2020-05-25 15:37:50 +00:00
christos
c7448593bd Pointless to force use of 64 bit atomics on flags fields that fit in 32 bits. 2020-05-25 15:14:04 +00:00
christos
8e03e9f467 Fix stats counters to be 32 bits on ILP32 2020-05-25 15:13:25 +00:00
christos
05de94e1a2 Fix static linking. 2020-05-25 15:12:54 +00:00