mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity
25,292 Commits 657 Branches 820 Tags
Commit Graph

722 Commits

Author SHA1 Message Date
Mark Andrews
1c1290afab allow -Werror to be enabled; turn on -Werror by default with --enable-developer 
(cherry picked from commit 2be0f12aafda4bccd2ffd9cf3dc6fe11b9b20832)
 2014-07-08 15:58:08 +10:00
Mark Andrews
89119e3caf 3889. [port] hurd: configure fixes as per: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
 2014-06-26 11:46:31 +10:00
Evan Hunt
8d8f9f7f86 [master] suppress unnecessary db lookups in DLZ redirect zones 
3876.	[bug]		Improve efficiency of DLZ redirect zones by
			suppressing unnecessary database lookups. [RT #35835]
 2014-06-10 16:25:26 -07:00
Evan Hunt
206e697f24 [master] --enable-seccomp wasn't defaulting to no 2014-06-10 16:21:49 -07:00
Mukund Sivaraman
84dc4b3e7e [35942] Update random number generator to ChaCha based (and add tests) 
Squashed commit of the following:

commit 219a904fea95c74016229b6f4436d4f09de1bfd0
Author: Evan Hunt <each@isc.org>
Date:   Mon Jun 2 12:20:54 2014 -0700

    [rt35942] style

commit 90bc77185e9798af4595989abb8698efef8c70d7
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 18:01:30 2014 +0530

    Return p-value=0 when prerequisite (monobit) fails

commit 5594669728f1181a447616f60b835e4a043d1b21
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 17:44:25 2014 +0530

    Print proportion of test sequences passing too

commit 9e94b67a4114651224a8285f7c4a7fb03907f376
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 17:34:03 2014 +0530

    Check uniform distribution of p-values

commit acf911b32dd84ac1c30c57d8937cfeb6b3ff972f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 17:17:39 2014 +0530

    Check proportion of sequences passing a test

commit 7289eb441fc4ec623364ad882e22b240ba8da308
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 04:33:37 2014 +0530

    Refactor common setup code into random_test()

    No behavioral change is made.

commit 51feef3e08c233d34a6b8b9d25a72d43110b4eed
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun Jun 1 17:31:57 2014 +0530

    Fix binary rank computation

commit 0ea3c03dea353f309d13c38e26aa0abbffdcff2b
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue May 27 06:01:10 2014 +0530

    Add binary matrix rank RNG test

commit eb4e7c53540ac97436d94714d30084907eeff01a
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 15:45:31 2014 +0530

    Add function to find rank of a binary matrix

commit 1292a06e0e09ebd37d4ecf5337814951dcacc4a4
Author: Evan Hunt <each@isc.org>
Date:   Thu May 29 16:21:51 2014 -0700

    [rt35942] style; check whether we need libm for exp()

commit c19788e5a89235e937a5aedf2ebea50f33406609
Author: Evan Hunt <each@isc.org>
Date:   Thu May 29 15:31:19 2014 -0700

    [rt35942] incidental spelling error fixed

commit c833326ad0df21e2a8b35958e85ccc0a692e38be
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu May 29 11:34:37 2014 +0530

    Revert "Add function to find rank of a binary matrix"

    This reverts commit 21b2f230e17f7fc638f81d9a34bcb148b0c4a6fb.

    This test will be added in RT#36125.

commit cf786a533d34fdcd9e1c5650356e56d33e93a29f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu May 29 11:33:18 2014 +0530

    Revert "Add binary matrix rank RNG test"

    This reverts commit dd843b9ca84fa9af80ec39631152f82778f0b97c.

    This test will be added in RT#36125.

commit dd843b9ca84fa9af80ec39631152f82778f0b97c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue May 27 06:01:10 2014 +0530

    Add binary matrix rank RNG test

commit 21b2f230e17f7fc638f81d9a34bcb148b0c4a6fb
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 15:45:31 2014 +0530

    Add function to find rank of a binary matrix

commit 313c30088d6ba933bde3abb920f2a6d16b9b77e1
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 13:38:44 2014 +0530

    Add block frequency random test

commit 0d279c60ed3eabe52cf3e1435bf14ec62752536f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 13:04:03 2014 +0530

    Add preconditions from NIST spec

commit 7a6c5f2ce5078814d5cf0fea30596e58171174c1
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 12:51:03 2014 +0530

    Add functions to use in RNG tests

commit 8c5cb5594f904f6669cdffaa364f799b4a2c6b58
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu May 22 00:26:10 2014 +0530

    Add runs RNG test

commit 4882f078cc2596c0911066ffb783e4dd145a63ec
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 23:58:20 2014 +0530

    Pre-compute bitcounts LUT

commit 896db3809fba2d9884a4a3a2fa847a73e007ad7f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 23:30:23 2014 +0530

    Fix the bit value being checked (this shouldn't affect the test)

commit b932cbb5dae39eb819db29cf9490fb51d59b7c56
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 19:35:12 2014 +0530

    Add monobits RNG test

commit 7bef19fd8b095aa567a975ef5c97d5812162d92e
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 16:53:02 2014 +0530

    Add API documentation

commit 54483f7feb64b5646dd1da45b1fd396e7d04b926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 16:39:03 2014 +0530

    Rename isc_rngctx_t to isc_rng_t

commit 7c5031b53555137a82c6b6218cd4dd5e95acf94d
Author: Evan Hunt <each@isc.org>
Date:   Tue May 20 23:29:53 2014 -0700

    [rt35942] use attach/detach with isc_rngctx_t

commit 8aabae5e09888e6af651ed27bd6b4e9f76334d55
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue May 20 18:32:42 2014 +0530

    Move RNG from dispatch.c to libisc

commit e6d4ad4f389998b91d46e95e258cf420cb21d977
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 12 19:16:27 2014 +0530

    Replace old arc4random with new ChaCha implementation from OpenBSD
 2014-06-04 13:44:10 +05:30
Mark Andrews
603a787083 3858. [bug] Disable GCC 4.9 "delete null pointer check". 
[RT #35968]
 2014-05-23 11:25:59 +10:00
Mark Andrews
a0f91e910b 3856. [bug] Configuring libjson without also configuring libxml 
resulting in a REQUIRE assertion when retrieving
                        statistics using json. [RT #36009]
 2014-05-21 12:06:00 +10:00
Evan Hunt
ea58c563bc [master] report unrecognized configure options 
3854.	[cleanup]	Report unrecognized options, if any, in the final
                        configure summary. [RT #36014]
 2014-05-20 15:31:14 -07:00
Evan Hunt
6fa84a3e25 [master] enable libseccomp system call filtering 
3851.	[func]		Allow libseccomp based system-call filtering
			on Linux; use "configure --enable-seccomp" to
			turn it on.  Thanks to Loganaden Velvindron for
			the contribution. [RT #35347]
 2014-05-15 20:29:30 -07:00
Mark Andrews
5a8edcafd1 3847. [bug] 'configure --with-dlz-postgres' failed to fail when 
there is not support available.
 2014-05-14 17:20:14 +10:00
Mark Andrews
92b796c963 9.11 2014-05-14 14:49:37 +10:00
Evan Hunt
1ea6e09c37 [master] check for arc4random_addrandom() 
3840.	[port]		Check for arc4random_addrandom() before using it;
			it's been removed from OpenBSD 5.5. [RT #35907]
 2014-05-07 08:58:25 -07:00
Evan Hunt
2ae159b376 [master] globally rename "delve" to "delv" 
3817.	[func]		The "delve" command is now spelled "delv" to avoid
			a namespace collision with the Xapian project.
			[RT #35801]
 2014-04-23 11:14:12 -07:00
Evan Hunt
682d0209e8 [master] customize configure --help 2014-04-11 17:35:54 -07:00
Mark Andrews
0277def3cf only look for gsskrb5_register_acceptor_identity if gssapi_krb5.h exists 2014-04-05 08:42:25 +11:00
Mark Andrews
55fff76a16 use discovered gssapi include path when linking 2014-04-04 15:07:44 +11:00
Evan Hunt
f0e9d6e905 [master] fix gssapi probing on freebsd 
3801.	[port]		Fix probing for gssapi support on FreeBSD. [RT #35615]
 2014-04-03 19:52:03 -07:00
Francis Dupont
be42c2e7dc [RT#35643] fixed -lrt in LIBS 2014-04-03 09:24:53 +02:00
Mark Andrews
568de8123a 3797. [port] netbsd: geoip support probing was broken. [RT #35642] 2014-04-01 09:51:14 +11:00
Evan Hunt
acbb301e64 [master] better error output when initializing pkcs11 
3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]
 2014-03-12 20:52:01 -07:00
Evan Hunt
3be40291a0 [master] forbid --with-openssl and --enable-native-pkcs11 together 2014-03-11 13:52:36 -07:00
Evan Hunt
8cbf3b6fc3 [master] use adaptive locks when available 
3781.	[tuning]	Use adaptive mutex locks when available; this
			has been found to improve performance under load
			on many systems. "configure --with-locktype=standard"
			restores conventional mutex locks. [RT #32576]
 2014-03-10 12:14:35 -07:00
Evan Hunt
98922b2b2b [master] merge several interdependent fixes 
3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
			[RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on windows. [RT #35382]
 2014-02-26 19:00:05 -08:00
Mark Andrews
bc4410b878 remove ENABLE_SIT 2014-02-25 01:10:36 +11:00
Mark Andrews
8f80420c71 don't set want_openssl_aes unless CRYPTO = -DOPENSSL 2014-02-20 20:30:50 +11:00
Mark Andrews
969728a667 --with-openssl=no failed 2014-02-19 20:25:12 +11:00
Mark Andrews
880c48d818 set ISC_OPENSSL_LIBS to DST_OPENSSL_LIBS for want_openssl_aes=yes 2014-02-19 18:14:13 +11:00
Evan Hunt
6a3fa181d1 [master] add "--with-tuning=large" option 
3745.	[func]		"configure --with-tuning=large" adjusts various
			compiled-in constants and default settings to
			values suited to large servers with abundant
			memory. [RT #29538]
 2014-02-18 22:36:14 -08:00
Mark Andrews
fb507b955e test for AES_encrypt and fall back to sha256 2014-02-19 15:22:31 +11:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Evan Hunt
1d761cb453 [master] delve 
3741.	[func]		"delve" (domain entity lookup and validation engine):
			A new tool with dig-like semantics for performing DNS
			lookups, with internal DNSSEC validation, using the
			same resolver and validator logic as named. This
			allows easy validation of DNSSEC data in environments
			with untrustworthy resolvers, and assists with
			troubleshooting of DNSSEC problems. (Note: not yet
			available on win32.) [RT #32406]
 2014-02-16 13:03:17 -08:00
Evan Hunt
14bf4702f3 [master] fixed some dlz configure options 
3740.	[contrib]	Minor fixes to configure --with-dlz-bdb,
			--with-dlz-postgres and --with-dlz-odbc. [RT #35340]
 2014-02-15 21:10:07 -08:00
Mark Andrews
36a06fc2d6 regen 2014-02-13 15:14:11 +11:00
Evan Hunt
dbb012765c [master] merge libiscpk11 to libisc 
3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]
 2014-02-11 21:20:28 -08:00
Mark Andrews
6b66ee9147 define and use BACKTRACECFLAGS 2014-02-12 09:07:54 +11:00
Mark Andrews
ac49f1c511 hpux: move -Wl,+vnocompatwarnings to STD_CWARNINGS; add +vnocompatwarnings to SO_LDFLAGS 2014-02-11 13:22:27 +11:00
Mark Andrews
343556ecf9 -Wl,+vnocompatwarnings is a compiler flag to pass to the loader not a direct loader flag 2014-02-10 17:53:39 +11:00
Mark Andrews
d7729155df 3734. [bug] Improve building with libtool. [RT #35314] 2014-02-10 15:01:06 +11:00
Mark Andrews
850b5e8093 Add Linux support to: 
3733.   [func]          Improve interface scanning support.  Interface
                        information will be automatically updated if the
                        OS supports routing sockets (MacOS, *BSD, Linux).
                        Use "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
 2014-02-10 09:46:54 +11:00
Mark Andrews
62ec9fd168 3733. [func] Improve interface scanning support. Interface 
information will be automatically updated if the
                        OS supports routing sockets.  Use
                        "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
 2014-02-07 17:16:37 +11:00
Evan Hunt
e2d635d630 [master] update contrib 
3725.	[contrib]	Updated zkt and nslint to newest versions,
			cleaned up and rearranged the contrib
			directory, added a README.
 2014-02-05 16:38:28 -08:00
Evan Hunt
d0803df331 [master] fixed geoip in blackhole ACLs 
3722.	[bug]		Using geoip ACLs in a blackhole statement
			could cause a segfault. [RT #35272]
 2014-01-30 17:03:32 -08:00
Evan Hunt
bff64bf12b [master] correct copyrights and attributions 
see RT #35423 for details; highlights:
    - remove license clauses 3 and 4 from NetBSD code
    - remove advertising clause from historical BSD code
    - add openssl advertising attributions
 2014-01-24 09:46:00 -08:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Evan Hunt
826426b5ee [master] missing 'test' 2014-01-19 00:27:37 -08:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Evan Hunt
60fb67079e [master] add isc_string_strcasestr for portability 2014-01-09 22:04:03 -08:00
Evan Hunt
4fa9468802 remove unnecessary echo 2013-12-04 09:54:46 -08:00
Evan Hunt
7f2b3089f2 reword/reorder configuration summary 2013-12-04 09:00:35 -08:00