Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-04-03 | Fix crash in dig(1) +trace when falling back to TCP after a truncated reply | Jeremie Courreges-Anglas | |
Problem reported by jj@ on bugs@, fix based on https://gitlab.isc.org/isc-projects/bind9/commit/084ba95b083dc55fd10631ad43fa8fff48707648 (under ISC license) by Caspar Schutijser. | |||
2017-09-01 | disable a few warnings so we can start to see the relevant ones; | Otto Moerbeek | |
ok sthen@ | |||
2017-07-04 | Fix the only remaining mandoc(1) ERROR in the base system. | Ingo Schwarze | |
(Can't resist the temptation to commit 'cause it allows such a cute commit message.) | |||
2017-06-12 | destroy lint remnants. | Marc Espie | |
okay millert@ deraadt@ | |||
2017-06-01 | Revert 1.16 ("add a workaround for the rebound portjacking hijinks"), | Stuart Henderson | |
it breaks at least nslookup, host, dig +tcp. | |||
2017-05-31 | add a workaround for the rebound portjacking hijinks. ok millert | Ted Unangst | |
2016-08-18 | init a variable to address https://kb.isc.org/article/AA-01272 | Jonathan Gray | |
Most of bind got removed and this function is not called by any of the remaining parts. ok deraadt@ a long time ago. | |||
2003-01-20 | ISC BIND version 9.2.2rc1 | Jakob Schlyter | |
2016-06-05 | reduce confusion about -p option. parse it, but only permit port 53, and | Ted Unangst | |
make it an error otherwise instead of a warning that may be overlooked. reported by Peter van Dijk ok deraadt | |||
2016-04-16 | Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL). | Kenneth R Westerback | |
No functional change. ok millert@ | |||
2015-11-11 | exit() after perror() for pledge failure. Perhaps this got introduced | Theo de Raadt | |
as a test idiom, either when pledge was young or during the transition to strings.... dunno | |||
2015-10-25 | pledge bind(1), dig(1), and nslookup(1). This modifies the underlying | Theo de Raadt | |
ISC library to use socket(2) with the SOCK_DNS flag. As a result, the port commands are disabled (such practice is rare in the wild these days, and pretty incompatible with the DNS vs regular socket concept in pledge..) ok bluhm phessler reyk, etc | |||
2003-01-20 | ISC BIND version 9.2.2rc1 | Jakob Schlyter | |
2015-09-28 | strcat -> strlcat. last time i checked, this was the last remaining | Theo de Raadt | |
strcat in non-toolchain base, and inside #if not reached during compile. ok beck krw brynet | |||
2015-09-11 | kill strcpy dead | Bob Beck | |
ok deraadt@ | |||
2015-03-17 | Initialize nameservers ports along with nameservers addresses. | Jeremie Courreges-Anglas | |
Missing initialization, as hinted by lwres_conf_clear(). Not present in recent bind versions (the code has changed since). This fixes an erratic behaviour when no (valid) nameserver is configured in resolv.conf (dig / nslookup send requests to 127.0.0.1:48830). Problem reported by Pawel S. Veselov who also provided an alternative diff. ok crickets@ | |||
2015-02-07 | port NSEC3 and TLSA parsing code into dig(1) from ISC BIND 9.10.1-P1 | Martin Pelikan | |
ok henning | |||
2003-01-20 | ISC BIND version 9.2.2rc1 | Jakob Schlyter | |
2014-11-22 | oops, left an old line... | Theo de Raadt | |
2014-11-22 | /dev/random has created the same effect as /dev/arandom (and /dev/urandom) | Theo de Raadt | |
for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant. | |||
2014-10-13 | Return failure not success in openssldh_computesecret() when | Jonathan Gray | |
DH_compute_key() fails and returns -1. ok guenther@ | |||
2005-03-22 | ISC BIND release 9.3.1. ok deraadt@ | Jakob Schlyter | |
2014-09-15 | Garbage collecting some further bits that are not necessary | Brad Smith | |
within the BIND directory and for Makefile.in removing some files that no longer exist for the distclean target. ok sthen@ | |||
2006-04-05 | ISC BIND release 9.3.2 | Jakob Schlyter | |
2003-01-20 | ISC BIND version 9.2.2rc1 | Jakob Schlyter | |
2014-08-25 | Start removing unused documentation and the server and related binaries source | Brad Smith | |
code. | |||
2006-04-05 | ISC BIND release 9.3.2 | Jakob Schlyter | |
2006-04-05 | ISC BIND release 9.3.2 | Jakob Schlyter | |
2004-09-28 | ISC BIND version 9.3.0. ok deraadt@ | Jakob Schlyter | |
2003-01-20 | ISC BIND version 9.2.2rc1 | Jakob Schlyter | |
2014-08-22 | Strip the BIND code down to just building and installing dig, host and nslookup. | Brad Smith | |
2014-07-16 | lynx will go to ports. there are too many reasons for it to go there, | Theo de Raadt | |
and not enough for it to stay. lengthy discussions. | |||
2013-09-12 | Misc time_t tweaks. %ld / (long)tv_sec -> %lld / (long long)tv_sec. | Kenneth R Westerback | |
Eliminate unneeded casts. suggestions from & ok millert@ guenther@ | |||
2013-09-02 | There is no need to call arc4random_addrandom() and feed it some | Theo de Raadt | |
stupid seed that bind has decided on.. | |||
2013-01-08 | add other root servers from named.root that were missed in previous updates | Stuart Henderson | |
2013-01-08 | new IPv4 address for D.ROOT-SERVERS.NET | Jakob Schlyter | |
2012-06-06 | Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@ | Stuart Henderson | |
http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers. | |||
2011-11-17 | Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashes | Stuart Henderson | |
with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@ | |||
2011-09-21 | fix an |= that should have been != | Jonathan Gray | |
this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases | |||
2011-07-05 | fix some memset sizeofs, found by jsg. ok deraadt krw | Ted Unangst | |
2011-07-05 | correct memsets of key contexts which were shorter than they needed to be | Theo de Raadt | |
due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream | |||
2010-12-31 | Add missing #includes instead of assuming that some system header pulls in | Philip Guenthe | |
the needed bits ok deraadt@, millert@ | |||
2010-05-02 | Initialise the port in nslookup.c correctly. It was initialised | Stefan Sperling | |
to zero in interactive mode, should be 53. Second half of patch submission by Nathan Rickerby (pr 6322). ok krw | |||
2010-04-24 | Fix breakage of dig's -p option introduced when support for | Stefan Sperling | |
parsing the [host]:port syntax in resolv.conf was added. Patch by Nathan Rickerby <rickerby () gmail ! com>. Prodded by jmc, OK djm krw | |||
2010-02-20 | Add line breaks to the source to render an .RS display that got skipped; | Ingo Schwarze | |
found by and unbreaking the build with mandoc(1). I will also send this patch upstream. ok jmc@ | |||
2009-08-16 | parse "nameserver [host]:port" syntax in /etc/resolv.conf | Stefan Sperling | |
ok deraadt@ | |||
2009-07-29 | apply patch for https://www.isc.org/node/474 since jakob does not | Theo de Raadt | |
appear to be around. | |||
2009-07-27 | seperation -> separation; from Amarendra Godbole | Jason McIntyre | |
2009-01-14 | fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verification | Damien Miller | |
"please commit" miod@ | |||
2008-11-10 | #if 0 a function which we have we do not use, and where the call to it is in ↵ | Theo de Raadt | |
#if 0 as well |