4632. [security] The BIND installer on Windows used an unquoted
service path, which can enable privilege escalation.
(CVE-2017-3141) [RT #45229]
4631. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181]
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4581. [port] Linux: Add getpid and getrandom to the list of system
calls named uses for seccomp. [RT #44883]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4571. [bug] Out-of-tree builds of backtrace_test failed.
4570. [cleanup] named did not correctly fall back to the built-in
initializing keys if the bind.keys file was present
but empty. [RT #44531]
4568. [contrib] Added a --with-bind option to the dnsperf configure
script to specify BIND prefix path.
4567. [port] Call getprotobyname and getservbyname prior to calling
chroot so that shared libraries get loaded. [RT #44537]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
4563. [bug] Modified zones would occasionally fail to reload.
[RT #39424]
4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
4560. [bug] mdig: add -m option to enable memory debugging rather
than having it on all the time. [RT #44509]
4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
was turned off. [RT #44509]
4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
[RT #44336]
4553. [bug] Named could deadlock there were multiple changes to
NSEC/NSEC3 parameters for a zone being processed at
the same time. [RT #42770]
4552. [bug] Named could trigger a assertion when sending notify
messages. [RT #44019]
4551. [test] Add system tests for integrity checks of MX and
SRV records. [RT #43953]
4550. [cleanup] Increased the number of available master file
output style flags from 32 to 64. [RT #44043]
4547. [port] Add support for --enable-native-pkcs11 on the AEP
Keyper HSM. [RT #42463]
4543. [bug] dns_client_startupdate now delays sending the update
request until isc_app_ctxrun has been called.
[RT #43976]
4541. [bug] rndc addzone should properly reject non master/slave
zones. [RT #43665]
4539. [bug] Referencing a nonexistent zone with RPZ could lead
to a assertion failure when configuring. [RT #43787]
4538. [bug] Call dns_client_startresolve from client->task.
[RT #43896]
4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
when reusing the event structure. [RT #43885]
4535. [bug] Address race condition in setting / testing of
DNS_REQUEST_F_SENDING. [RT #43889]
4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
4533. [bug] dns_client_update should terminate on prerequisite
failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
and also on BADZONE. [RT #43865]
4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
[RT #43836]
4529. [cleanup] Silence noisy log warning when DSCP probe fails
due to firewall rules. [RT #43847]
4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
4526. [doc] Corrected errors and improved formatting of
grammar definitions in the ARM. [RT #43739]
4525. [doc] Fixed outdated documentation on managed-keys.
[RT #43810]
4524. [bug] The net zero test was broken causing IPv4 servers
with addresses ending in .0 to be rejected. [RT #43776]
4523. [doc] Expand config doc for <querysource4> and
<querysource6>. [RT #43768]
4522. [bug] Handle big gaps in log file version numbers better.
[RT #38688]
4521. [cleanup] Log it as an error if an entropy source is not
found and there is no fallback available. [RT #43659]
4520. [cleanup] Alphabetize more of the grammar when printing it
out. [RT #43755]
4516. [bug] isc_socketmgr_renderjson was missing from the
windows build. [RT #43602]
4515. [port] FreeBSD: Find readline headers when they are in
edit/readline/ instead of readline/. [RT #43658]
4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
[RT #43566]
4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
[RT #43556]
4509. [test] Make the rrl system test more reliable on slower
machines by using mdig instead of dig. [RT #43280]
4507. [bug] Named could incorrectly log 'allows updates by IP
address, which is insecure' [RT #43432]
4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
4504. [security] Allow the maximum number of records in a zone to
be specified. This provides a control for issues
raised in CVE-2016-6170. [RT #42143]
4503. [cleanup] "make uninstall" now removes files installed by
BIND. (This currently excludes Python files
due to lack of support in setup.py.) [RT #42912]
4502. [func] Report multiple and experimental options when printing
grammar. [RT #43134]
4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
4499. [port] MacOSX: silence deprecated function warning
by using arc4random_stir() when available
instead of arc4random_addrandom(). [RT #43503]
4498. [test] Simplify prerequisite checks in system tests.
[RT #43516]
4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
4496. [func] dig: add +idnout to control whether labels are
display in punycode or not. Requires idn support
to be enabled at compile time. [RT #43398]
4494. [bug] Look for <editline/readline.h>. [RT #43429]
4492. [bug] irs_resconf_load failed to initialize sortlistnxt
causing bad writes if resolv.conf contained a
sortlist directive. [RT #43459]
4491. [bug] Improve message emitted when testing whether sendmsg
works with TOS/TCLASS fails. [RT #43483]
4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
4489. [security] It was possible to trigger assertions when processing
a response containing a DNAME answer. (CVE-2016-8864)
[RT #43465]
4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
4487. [test] Make system tests work on Windows. [RT #42931]
4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
the python modules we install. [RT #43330]
4485. [bug] Failure to find readline when requested should be
fatal to configure. [RT #43328]
4484. [func] Check prefixes in acls to make sure the address and
prefix lengths are consistent. Warn only in
BIND 9.11 and earlier. [RT #43367]
4483. [bug] Address use before require check and remove extraneous
dns_message_gettsigkey call in dns_tsig_sign.
[RT #43374]
4476. [test] Fix reclimit test on slower machines. [RT #43283]
4475. [doc] Update named-checkconf documentation. [RT #43153]
4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
getprotobyname and getservbyname work. [RT #43197]
4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
4472. [bug] Named could fail to find the correct NSEC3 records when
a zone was updated between looking for the answer and
looking for the NSEC3 records proving nonexistence
of the answer. [RT #43247]
4471. [cleanup] Revert a query logging change inadvertently
backported from 9.11. [RT #43238]
4467. [security] It was possible to trigger an assertion when
rendering a message. (CVE-2016-2776) [RT #43139]
4466. [bug] Interface scanning didn't work on a Windows system
without a non local IPv6 addresses. [RT #43130]
4464. [bug] Fix windows python support. [RT #43173]
4461. [bug] win32: not all external data was properly marked
as external data for windows dll. [RT #43161]
4458. [cleanup] Update assertions to be more correct, and also remove
use of a reserved word. [RT #43090]
4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.
4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
[RT #42587]
4453. [bug] Prefetching of DS records failed to update their
RRSIGs. [RT #42865]
4451. [cleanup] Log more useful information if a PKCS#11 provider
library cannot be loaded. [RT #43076]
4450. [port] Provide more nuanced HSM support which better matches
the specific PKCS11 providers capabilities. [RT #42458]
4448. [bug] win32: ::1 was not being found when iterating
interfaces. [RT #42993]
4446. [bug] The cache_find() and _findrdataset() functions
could find rdatasets that had been marked stale.
[RT #42853]
4445. [cleanup] isc_errno_toresult() can now be used to call the
formerly private function isc__errno2result().
[RT #43050]
4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
TCP sockets. [RT #42864]
4442. [bug] Fix RPZ CIDR tree insertion bug that corrupted
tree data structure with overlapping networks
(longest prefix match was ineffective).
[RT #43035]
4441. [cleanup] Alphabetize host's help output. [RT #43031]
4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
will not fit into a single IPv4 encapsulated IPv6
UDP packet when transmitted over a Ethernet link.
[RT #42871]
4434. [protocol] Return EDNS EXPIRE option for master zones in addition
to slave zones. [RT #43008]
4433. [cleanup] Report an error when passing an invalid option or
view name to "rndc dumpdb". [RT #42958]
4432. [test] Hide rndc output on expected failures in logfileconfig
system test. [RT #27996]
4431. [bug] named-checkconf now checks the rate-limit clause.
[RT #42970]
4430. [bug] Lwresd died if a search list was not defined.
Found by 0x710DDDD At Alibaba Security. [RT #42895]
4425. [bug] arpaname and named-rrchecker were not being installed
into ${prefix}/bin. [RT #42910]
4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
to provide feedback to the trust-anchor administrators
about how key rollovers are progressing as per
draft-ietf-dnsop-edns-key-tag-02. This can be
disabled using 'trust-anchor-telemetry no;'.
[RT #40583]
4423. [maint] Added missing IPv6 address 2001:500:84::b for
B.ROOT-SERVERS.NET. [RT #42898]
4422. [port] Silence clang warnings in dig.c and dighost.c.
[RT #42451]
4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879]
4414. [bug] Corrected a bug in the MIPS implementation of
isc_atomic_xadd(). [RT #41965]
4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
was returned. [RT #42733]
4412. [cleanup] Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
removed. [RT #42721]
4409. [bug] DNS64 should exclude mapped addresses by default when
an exclude acl is not defined. [RT #42810]
4407. [performance] Use GCC builtin for clz in RPZ lookup code.
[RT #42818]
4406. [security] getrrsetbyname with a non absolute name could
trigger an infinite recursion bug in lwresd
and named with lwres configured if when combined
with a search list entry
4404. [misc] Allow krb5-config to be used when configuring gssapi.
[RT #42580]
4403. [bug] Rename variables and arguments that shadow: basename,
clone and gai_error.
4397. [bug] Update Windows python support. [RT #42538]
4395. [bug] Improve out-of-tree installation of python modules.
[RT #42586]
4384. [bug] Change 4256 accidentally disabled logging of the
rndc command. [RT #42654]
4379. [bug] An INSIST could be triggered if a zone contains
RRSIG records with expiry fields that loop
using serial number arithmetic. [RT #40571]
4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
[RT #42525]
4377. [bug] Don't reuse zero TTL responses beyond the current
client set (excludes ANY/SIG/RRSIG queries).
[RT #42142]
4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
probability of reference counting errors as seen
in 4365. [RT #42405]
4373. [bug] Address undefined behavior in getaddrinfo. [RT #42479]
4372. [bug] Address undefined behavior in libt_api. [RT #42480]
4369. [bug] Fix 'make' and 'make install' out-of-tree python
support. [RT #42484]
4367. [bug] Remove unnecessary assignment of loadtime in
zone_touched. [RT #42440]
4361. [cleanup] Where supported, file modification times returned
by isc_file_getmodtime() are now accurate to the
nanosecond. [RT #41968]
4360. [bug] Silence spurious 'bad key type' message when there is
a existing TSIG key. [RT #42195]
4359. [bug] Inherited 'also-notify' lists were not being checked
by named-checkconf. [RT #42174]
4354. [bug] Check that the received HMAC length matches the
expected length prior to check the contents on the
control channel. This prevents a OOB read error.
This was reported by Lian Yihan, <lianyihan@360.cn>.
[RT #42215]
4353. [cleanup] Update PKCS#11 header files. [RT #42175]
4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
is scheduled to be disabled in 2017. A warning is
now logged when named is configured to use it,
either explicitly or via "dnssec-lookaside auto;"
[RT #42207]
4351. [bug] 'dig +noignore' didn't work. [RT #42273]
4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
4348. [cleanup] Refactor dnssec-coverage and dnssec-checkds
functionality into an "isc" python module. [RT #39211]
4013. [func] Add a new tcp-only option to server (config) /
peer (struct) to use TCP transport to send
queries (in place of UDP transport with a
TCP fallback on truncated (TC set) response).
[RT #37800]
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/vixie-cron/
1. Add PAM support.
2. Sanitize children process reaping
3. futimens when we have an fd
4. close_all for crontab(8)
5. use a table for spool dirs instead of duplicating code.
6. handle errors from process_exit()
7. Add ENABLE_FIX_DIRECTORIES ifdef and enable it by default for compat
8. Avoid using fd's < STDERR
Not applied:
1. no xfork (no setresuid)
2. did not do the lstat before open.
3. did not enable cron group
This version of dhcrelay(8) needed to stay inforeground with -d flag in
order to service requests. Running inbackground turned it deaf to DHCP
requests.
This was caused by wrong kqueue(2) usage, where kevent(2) was used with
a file descriptor obtained by a kqueue(2) call done before fork(2).
kqueue(2) man page says "The queue is not inherited by a child created
with fork(2)". As a result, kevent(2) calls always got EBADF.
The fix is to reorder function calls in dhcrelay(8) main() function.
dhcp_context_create(), which causes kqueue(2) to be invoked, is
moved with its dependencies after fork(2). This matches the code layout
of dhclient(8) and dhcpd(8), which do not have the bug.
The fix was not submitted upstream since latest ISC DHCP code was
refactored and does not have the bug anymore.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
this API...
While here do some markup improvements (it is amazing what one can
learn from observing a wizard at work!) (which still probably need more work.)
In particular, sh functions are not functions in the mdoc .Fn sense!
(Many places where explicit double quotes were not doing what was intended.)
* Default to use VLANID>0 for IAID instead of MAC address
* Stop sharing the DHCPv6 port in master mode with other processes
* Fix some prefix delegation issues when the carrier drops or
addresses become stale
* Fix a crash when starting dhcpcd with -n
* Fix test for preferring a fake lease over a real one
* Show to real address lifetimes being added when adding IPv6
addresses
* Restore the -G, --nogateway option
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
OpenPAM Radula, as it breaks common error-handling constructs.
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
dispatcher when the required service function could not be found.
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
NULL in API functions that have a NULL check.
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
PAM_BAD_CONSTANT error codes for situations where we previously
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
had been passed to an API function.
- ENHANCE: Improve the RETURN VALUES section in API man pages,
especially for functions that cannot fail, which were incorrectly
documented as returning -1 on failure.
============================================================================
OpenPAM Radula 2017-02-19
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
pam_get_user(3) from using application-provided custom prompts.
- BUGFIX: Plug a memory leak in pam_set_item(3).
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
- BUGFIX: In openpam_readword(3), support line continuations within
whitespace.
- ENHANCE: Add a feature flag to control fallback to "other" policy.
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
code specified in the module options.
- ENHANCE: More and better unit tests.
Incompatible Changes
====================
* Key tables have undergone major changes. Mode key tables are no longer
separate from the main key tables. All mode key tables have been removed,
together with the -t flag to bind-key and unbind-key.
The emacs-edit, vi-edit, emacs-choose and vi-choose tables have been replaced
by fixed key bindings in the command prompt and choose modes. The mode-keys
and status-keys options remain.
The emacs-copy and vi-copy tables have been replaced by the copy-mode and
copy-mode-vi tables. Commands are sent using the -X and -N flags to
send-keys. So the following:
bind -temacs-copy C-Up scroll-up
bind -temacs-copy -R5 WheelUpPane scroll-up
Becomes:
bind -Tcopy-mode C-Up send -X scroll-up
bind -Tcopy-mode WheelUpPane send -N5 -X scroll-up
This changes allows the full command parser (including command sequences) and
command set to be used - for example, the normal command prompt with editing
and history is now used for searching, jumping, and so on instead of a custom
one. The default C-r binding is now:
bind -Tcopy-mode C-r command-prompt -p'search up' "send -X search-backward '%%'"
There are also some new commmands available with send -X, such as
copy-pipe-and-cancel.
* set-remain-on-exit has gone -- can be achieved with hooks instead.
* Hooks: before hooks have been removed and only a selection of commands now
have after hooks (they are no longer automatic). Additional hooks have been
added.
* The xterm-keys option now defaults to on.
Normal Changes
==============
* Support for mouse double and triple clicks.
* BCE (Background Colour Erase) is now supported.
* All occurrences of a search string in copy mode are now highlighted;
additionally, the number of search results is displayed. The highlighting
updates interactively with the default emacs key bindings (incremental
search).
* source-file now understands glob patterns.
* Formats now have simple comparisons:
#{==:a,b}
#{!=:a,b}
* There are the following new formats:
- #{version} -- the tmux server version;
- #{client_termtype} -- the terminal type of the client;
- #{client_name} -- the name of a client;
- #{client_written} -- the number of bytes written to the client.
* The configuration file now accepts %if/%endif conditional blocks which are
processed when it is parsed; the argument is a format string (useful with the
new format comparison options).
* detach-client now has -E to execute a command replacing the client instead of
exiting.
* Add support for custom command aliases, this is an array option which
contains items of the form "alias=command". This is consulted when an
unknown command is parsed.
* break-pane now has -n to specify the new window name.
* OSC 52 support has been added for programs inside tmux to set a tmux buffer.
* The mouse "all event" mode (1003) is now supported.
* Palette setting is now possible (OSC 4 and 104).
* Strikethrough support (a recent terminfo is required).
* Grouped sessions can now be named (new -t).
* terminal-overrides and update-environment are now array options (the previous
set -ag syntax should work without change).
* There have been substantial performance improvements.
CHANGES FROM 2.2 to 2.3 29 September 2016
Incompatible Changes
====================
None.
Normal Changes
==============
* New option 'pane-border-status' to add text in the pane borders.
* Support for hooks on commands: 'after' and 'before' hooks.
* 'source-file' understands '-q' to suppress errors for nonexistent files.
* Lots of UTF8 improvements, especially on MacOS.
* 'window-status-separator' understands #[] expansions.
* 'split-window' understands '-f' for performing a full-width split.
* Allow report count to be specified when using 'bind-key -R'.
* 'set -a' for appending to user options (@foo) is now supported.
* 'display-panes' can now accept a command to run, rather than always
selecting the pane.
