isc_timerevent_destroy() called by isc_event_free() expects to be able to
hold the timer lock, so must run before the timer is destroyed.
PR misc/57491.
* BSD: When we get RTM_NEWADDR the interface must have IFF_UP
* BSD: Fix non INET6 builds
* DHCP: Don't enforce the message came port 67
* privsep: Allow zero length messages through
* dhcpcd: deal with HANGUP and EPIPE better
* dhcpcd: Fix waitip address family
* privsep: Check if we have a root process before sending it stuff
* privsep: Only unlink control sockets if we created them
* common: Improve valid_domain and check correct return
* common: Allow hwaddr_ntoa to print an empty string
* privsep: Send only what we have put in the buffer to script env
Apparently this restriction was lifted in C17, and this was even
documented in a part of the man page I didn't notice because I got
stuck at the incomplete sentence `The aligned_alloc function conforms
to.'. Sorry for the noise, folks.
C11, Sec. 7.22.3.1 The aligned_alloc function, paragraph 2, p. 348:
The value of alignment shall be a valid alignment supported by the
implementation and the value of size shall be an integral multiple
of alignment.
posix_memalign does not appear to have any corresponding constraint.
XXX pullup-10
- BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
expect scripts.
- BUGFIX: In openpam_set_option(3), when removing an option, properly
decrement the option count.
- BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
template.
Restore part of local modifications r. 1.2 & 1.4 from tsarna@. One
aspect could not be carried forward, as Apple dropped the bug detection
query functionality that was formerly represented by the teststate
member of the DNSServer struct. Otherwise, reapplied almost verbatim,
except for minor consistency and style changes.
This was added again in part as an example should there be a need to
add further logging content for NetBSD's purposes. (DumpStateLog() has
changed further as of Apple's 1790.80.10 release, but should we roll
forward, our means here should still be viable.)
--- 9.16.42 released ---
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
--- 9.16.41 released ---
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
--- 9.16.40 released ---
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
5741. [bug] Log files with "timestamp" suffixes could be left in
place after rolling, even if the number of preserved
log files exceeded the configured "versions" limit.
[GL #828] [GL #3959]
--- 9.16.39 released ---
6119. [bug] Make sure to revert the reconfigured zones to the
previous version of the view, when the new view
reconfiguration fails during the configuration of
one of the configured zones. [GL #3911]
6116. [bug] Fix error path cleanup issue in the dns_catz_new_zones()
function. [GL #3900]
6115. [bug] Unregister db update notify callback before detaching
from the previous db inside the catz update notify
callback. [GL #3777]
6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in
configure_rpz() and configure_catz(), respectively,
just after attaching it to the new view. [GL #3880]
6098. [test] Don't test HMAC-MD5 when not supported by libcrypto.
[GL #3871]
6095. [test] Test various 'islands of trust' configurations when
using managed keys. [GL #3662]
6094. [bug] Building against (or running with) libuv versions
1.35.0 and 1.36.0 is now a fatal error. The rules for
mixing and matching compile-time and run-time libuv
versions have been tightened for libuv versions between
1.35.0 and 1.40.0. [GL #3840]
--- 9.16.38 released ---
6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
broken by change 6042. [GL #3827]
6081. [bug] Handle primary server address lookup failures in
nsupdate more gracefully. [GL #3830]
6080. [bug] 'named -V' leaked memory. [GL #3829]
6079. [bug] Force set the DS state after a 'rdnc dnssec -checkds'
command. [GL #3822]
6075. [bug] Add missing node lock when setting node->wild in
add_wildcard_magic. [GL #3799]
6072. [bug] Avoid the OpenSSL lock contention when initializing
Message Digest Contexts by using explicit algorithm
fetching, initializing static contexts for every
supported algorithms, and initializing the new context
by copying the static copy. [GL #3795]
6069. [bug] Detach from the view in zone_shutdown() to
release the memory held by the dead view
early. [GL #3801]