- delete sendmail, since it was removed from the source tree eons ago
- give ptyfs to christos since he completely overhauled it recently
- sync portmaster list with http://www.NetBSD.org/people/port-maintainers.html
--- 9.9.2-P1 released ---
3407. [security] Named could die on specific queries with dns64 enabled.
[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
--- 9.9.2 released ---
3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
--- 9.9.2rc1 released ---
3370. [bug] Address use after free while shutting down. [RT #30241]
3369. [bug] nsupdate terminated unexpectedly in interactive mode
if built with readline support. [RT #29550]
3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
were not C++ safe.
3367. [bug] dns_dnsseckey_create() result was not being checked.
[RT #30685]
3366. [bug] Fixed Read-After-Write dependency violation for IA64
atomic operations. [RT #25181]
3365. [bug] Removed spurious newlines from log messages in
zone.c [RT #30675]
3363. [bug] Need to allow "forward" and "fowarders" options
in static-stub zones; this had been overlooked.
[RT #30482]
3362. [bug] Setting some option values to 0 in named.conf
could trigger an assertion failure on startup.
[RT #27730]
3361. [bug] "rndc signing -nsec3param" didn't work correctly
when salt was set to '-' (no salt). [RT #30099]
3360. [bug] 'host -w' could die. [RT #18723]
3359. [bug] An improperly-formed TSIG secret could cause a
memory leak. [RT #30607]
3357. [port] Add support for libxml2-2.8.x [RT #30440]
3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
approaching their expiry, so they don't remain
in caches after expiry. [RT #26429]
3355. [port] Use more portable awk in verify system test.
3354. [func] Improve OpenSSL error logging. [RT #29932]
--- 9.9.2b1 released ---
3353. [bug] Use a single task for task exclusive operations.
[RT #29872]
3352. [bug] Ensure that learned server attributes timeout of the
adb cache. [RT #29856]
3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
memory debugging flags are set. [RT #30243]
3350. [bug] Memory read overrun in isc___mem_reallocate if
ISC_MEM_DEBUGCTX memory debugging flag is set.
[RT #30240]
3349. [bug] Change #3345 was incomplete. [RT #30233]
3348. [bug] Prevent RRSIG data from being cached if a negative
record matching the covering type exists at a higher
trust level. Such data already can't be retrieved from
the cache since change 3218 -- this prevents it
being inserted into the cache as well. [RT #26809]
3347. [bug] dnssec-settime: Issue a warning when writing a new
private key file would cause a change in the
permissions of the existing file. [RT #27724]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3344. [func] New "dnssec-checkds" command checks a zone to
determine which DS records should be published
in the parent zone, or which DLV records should be
published in a DLV zone, and queries the DNS to
ensure that it exists. (Note: This tool depends
on python; it will not be built or installed on
systems that do not have a python interpreter.)
[RT #28099]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
3341. [func] New "dnssec-verify" command checks a signed zone
to ensure correctness of signatures and of NSEC/NSEC3
chains. [RT #23673]
3339. [func] Allow the maximum supported rsa exponent size to be
specified: "max-rsa-exponent-size <value>;" [RT #29228]
3338. [bug] Address race condition in units tests: asyncload_zone
and asyncload_zt. [RT #26100]
3337. [bug] Change #3294 broke support for the multiple keys
in controls. [RT #29694]
3335. [func] nslookup: return a nonzero exit code when unable
to get an answer. [RT #29492]
3334. [bug] Hold a zone table reference while performing a
asyncronous load of a zone. [RT #28326]
3333. [bug] Setting resolver-query-timeout too low can cause
named to not recover if it loses connectivity.
[RT #29623]
3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
3330. [func] Fix missing signatures on NOERROR results despite
RPZ rewriting. Also
- add optional "recursive-only yes|no" to the
response-policy statement
- add optional "max-policy-ttl" to the response-policy
statement to limit the false data that
"recursive-only no" can introduce into
resolvers' caches
- add a RPZ performance test to bin/tests/system/rpz
when queryperf is available.
- the encoding of PASSTHRU action to "rpz-passthru".
(The old encoding is still accepted.)
[RT #26172]
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451]
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
[RT #29401]
3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
There remains some cruft that should perhaps be better organized, but
at least this should reduce some memory leaks in screw cases, and at
least this does fix panics when plugging in and unplugging a USB
device with a botched configuration (a beaglebone with a hosed sd
card).
- Add commented out entry for MVGBE_EVENT_COUNTERS
- Comment out COPTS="-O1"
- Enable mvpex, pci and pchb to share with OPENRD
- Enable mvsata to share with DREAMPLUG
- Enable mvsocgpp, gpio, atabus and wd
1. check for NULL before de-refencing; in particular sel is assigned to NULL,
in the default case, and then couple of lines down we do sel->
2. gcc appears to optimize u_32_t hash[4], to u_32_t hash, since we only
use hash[0], disregarding the fact that we pass it to MD5Final() leading
to stack corruption. Use an explicit union, so that the compiler stops
butting its head where it shouldn't.
XXX: pullup to 6
LP64.
Fixes problems showing up on regression tests on i386 (which work fine on
amd64) i.e. turn:
t_netpgpverify (1/1): 2 test cases
netpgpverify_dsa: [0.309746s] Failed: atf-check failed; see the output of the test for details
netpgpverify_rsa: [0.183148s] Passed.
[0.495102s]
Failed test cases:
t_netpgpverify:netpgpverify_dsa
Summary for 1 test programs:
1 passed test cases.
1 failed test cases.
0 expected failed test cases.
0 skipped test cases.
into:
t_netpgpverify (1/1): 2 test cases
netpgpverify_dsa: [0.236076s] Passed.
netpgpverify_rsa: [0.154680s] Passed.
[0.393034s]
Summary for 1 test programs:
2 passed test cases.
0 failed test cases.
0 expected failed test cases.
0 skipped test cases.
RELEASEVARS variable, and commands related to printing the values of
the variables whose names are in RELEASEVARS.
Add an awk script to remove noise printed by "make -j" or high levels
of MAKEVERBOSE, so we get only the variables names and values. The
values are escaped so that variables containing embedded newlines,
quotation marks, and backslashes, are passed through safely.
Adapt src/etc/Makefile and src/Makefile to use the new ${PRINT_PARAMS}
command defined in src/etc/Makefile.params.
Now ${DESTDIR}/etc/release and the params file in the top-level
.OBJDIR should never contain unwanted noise, even after a build with
MAKEVERBOSE=4.
related error messages can be printed before build.sh builds
a new version of make.
Also make some sanity tests unconditional, instead of conditional on
${do_build} || ${do_distribution} || ${do_release} || ${do_install}.
This enables us to remove custom Atffiles whose only purpose was to avoid
using the helpers as tests.
XXX src/tests/dev/dm/ is not (yet) linked into the build!
jnemeth