From 02f065cde2cf18b6e76deab6f48d7aeb327bd639 Mon Sep 17 00:00:00 2001
From: dougb <dougb@FreeBSD.org>
Date: Tue, 28 Jan 2003 13:09:17 +0000
Subject: Import of ISC BIND version 8.3.4

---
 contrib/bind/CHANGES                     |  6 +++---
 contrib/bind/README                      |  3 +++
 contrib/bind/Version                     |  2 +-
 contrib/bind/bin/named/db_defs.h         |  2 +-
 contrib/bind/bin/named/db_sec.c          |  2 +-
 contrib/bind/bin/named/ns_defs.h         |  2 +-
 contrib/bind/bin/named/ns_ncache.c       |  2 +-
 contrib/bind/bin/named/ns_req.c          |  2 +-
 contrib/bind/bin/named/ns_resp.c         |  2 +-
 contrib/bind/doc/html/logging.html       |  6 +++++-
 contrib/bind/doc/html/options.html       |  8 ++++----
 contrib/bind/doc/man/named.conf.5        | 15 ++++++++++-----
 contrib/bind/doc/man/resolver.3          |  4 +++-
 contrib/bind/lib/nameser/ns_name.c       |  2 +-
 contrib/bind/lib/nameser/ns_samedomain.c |  4 ++--
 15 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/contrib/bind/CHANGES b/contrib/bind/CHANGES
index 344d95a..cdc1c3f 100644
--- a/contrib/bind/CHANGES
+++ b/contrib/bind/CHANGES
@@ -1,14 +1,14 @@
+	--- 8.3.4-REL released --- (Thu Nov 14 05:45:26 PST 2002)
+
 1469.	[bug]		buffer length calculation for PX was wrong.
 
 1468.	[bug]		ns_name_ntol() could overwite a zero length buffer.
 
-1467.	[bug]		off by one bug in ns_makecannon().
-
 1466.	[bug]		large ENDS UDP buffer size could trigger a assertion.
 
 1465.	[bug]		possible NULL pointer dereference in db_sec.c
 
-1464.	[bug]      	the buffer used to construct the -ve record was not
+1464.	[bug]		the buffer used to construct the -ve record was not
 			big enough for all possible SOA records.  use pointer
 			arithmetic to calculate the remaining size in this
 			buffer.
diff --git a/contrib/bind/README b/contrib/bind/README
index a8a52ec..09e0bf8 100644
--- a/contrib/bind/README
+++ b/contrib/bind/README
@@ -10,6 +10,9 @@ artifacts including BIND, INN, and DHCP.
 Note that BIND 8 is in "end-of-life", having been replaced by BIND 9.  See
 http://www.isc.org/ for more details.
 
+BIND 8.3.4 Highlights
+	Security Fix DoS and buffer overrun.
+
 BIND 8.3.3 Highlights
 	Security Fix libbind. All applications linked against libbind
 	need to relinked.
diff --git a/contrib/bind/Version b/contrib/bind/Version
index e99a6ad..e9273f2 100644
--- a/contrib/bind/Version
+++ b/contrib/bind/Version
@@ -1 +1 @@
-8.3.3-REL
+8.3.4-REL
diff --git a/contrib/bind/bin/named/db_defs.h b/contrib/bind/bin/named/db_defs.h
index af00bb1..37b974c 100644
--- a/contrib/bind/bin/named/db_defs.h
+++ b/contrib/bind/bin/named/db_defs.h
@@ -1,6 +1,6 @@
 /*
  *	from db.h	4.16 (Berkeley) 6/1/90
- *	$Id: db_defs.h,v 8.47 2002/05/18 01:02:53 marka Exp $
+ *	$Id: db_defs.h,v 8.47.4.1 2002/11/14 13:22:24 marka Exp $
  */
 
 /*
diff --git a/contrib/bind/bin/named/db_sec.c b/contrib/bind/bin/named/db_sec.c
index 0ce0d9f..9c5bad2 100644
--- a/contrib/bind/bin/named/db_sec.c
+++ b/contrib/bind/bin/named/db_sec.c
@@ -1,6 +1,6 @@
 
 #if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "$Id: db_sec.c,v 8.35 2001/06/18 14:42:57 marka Exp $";
+static const char rcsid[] = "$Id: db_sec.c,v 8.35.4.2 2002/11/14 13:24:44 marka Exp $";
 #endif /* not lint */
 
 /*
diff --git a/contrib/bind/bin/named/ns_defs.h b/contrib/bind/bin/named/ns_defs.h
index c99c152..79b8196 100644
--- a/contrib/bind/bin/named/ns_defs.h
+++ b/contrib/bind/bin/named/ns_defs.h
@@ -1,6 +1,6 @@
 /*
  *	from ns.h	4.33 (Berkeley) 8/23/90
- *	$Id: ns_defs.h,v 8.121 2002/06/26 03:27:19 marka Exp $
+ *	$Id: ns_defs.h,v 8.121.2.1 2002/11/14 13:28:12 marka Exp $
  */
 
 /*
diff --git a/contrib/bind/bin/named/ns_ncache.c b/contrib/bind/bin/named/ns_ncache.c
index 9ca3499..8e79793 100644
--- a/contrib/bind/bin/named/ns_ncache.c
+++ b/contrib/bind/bin/named/ns_ncache.c
@@ -1,5 +1,5 @@
 #if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "$Id: ns_ncache.c,v 8.29 2001/06/18 14:43:16 marka Exp $";
+static const char rcsid[] = "$Id: ns_ncache.c,v 8.29.4.1 2002/11/14 13:41:31 marka Exp $";
 #endif /* not lint */
 
 /*
diff --git a/contrib/bind/bin/named/ns_req.c b/contrib/bind/bin/named/ns_req.c
index 42039f9..3b4a0bf 100644
--- a/contrib/bind/bin/named/ns_req.c
+++ b/contrib/bind/bin/named/ns_req.c
@@ -1,6 +1,6 @@
 #if !defined(lint) && !defined(SABER)
 static const char sccsid[] = "@(#)ns_req.c	4.47 (Berkeley) 7/1/91";
-static const char rcsid[] = "$Id: ns_req.c,v 8.169 2002/05/12 23:41:52 marka Exp $";
+static const char rcsid[] = "$Id: ns_req.c,v 8.169.2.1 2002/11/14 13:02:48 marka Exp $";
 #endif /* not lint */
 
 /*
diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c
index c371fba..f2d0a7c 100644
--- a/contrib/bind/bin/named/ns_resp.c
+++ b/contrib/bind/bin/named/ns_resp.c
@@ -1,6 +1,6 @@
 #if !defined(lint) && !defined(SABER)
 static const char sccsid[] = "@(#)ns_resp.c	4.65 (Berkeley) 3/3/91";
-static const char rcsid[] = "$Id: ns_resp.c,v 8.178 2002/06/27 03:09:19 marka Exp $";
+static const char rcsid[] = "$Id: ns_resp.c,v 8.178.2.2 2002/11/14 13:39:13 marka Exp $";
 #endif /* not lint */
 
 /*
diff --git a/contrib/bind/doc/html/logging.html b/contrib/bind/doc/html/logging.html
index 78e6a0a..73b4016 100644
--- a/contrib/bind/doc/html/logging.html
+++ b/contrib/bind/doc/html/logging.html
@@ -289,6 +289,10 @@ is used: <CODE>category panic { default_syslog; default_stderr; };</CODE>
 <DD>
 Dynamic updates.
 
+<DT><CODE>update-security</CODE>
+<DD>
+Denied dynamic updates due to access controls.
+
 <DT><CODE>ncache</CODE>
 <DD>
 Negative caching.
@@ -363,7 +367,7 @@ Messages arising from response checking, such as
 
 <HR>
 <ADDRESS>
-Last Updated: $Id: logging.html,v 1.13 2002/04/02 00:57:48 marka Exp $
+Last Updated: $Id: logging.html,v 1.14 2002/07/19 22:44:05 marka Exp $
 </ADDRESS>
 </BODY>
 </HTML>
diff --git a/contrib/bind/doc/html/options.html b/contrib/bind/doc/html/options.html
index 219623c..f124eba 100644
--- a/contrib/bind/doc/html/options.html
+++ b/contrib/bind/doc/html/options.html
@@ -159,9 +159,9 @@ specified, the default is "named.stats".
 <DD>
 If <CODE>yes</CODE>, the <CODE>AA</CODE> bit is always set on
 NXDOMAIN responses, even if the server is not actually authoritative.
-The default is <CODE>yes</CODE>.  Do not turn off
-<CODE>auth-nxdomain</CODE> unless you are sure you know what you are
-doing, as some older software won't like it.
+The default is <CODE>no</CODE>.  Turning <CODE>auth-nxdomain</CODE> will
+allow older clients that require <CODE>AA</CODE> to be set to accept
+NXDOMAIN responses to work.
 
 <DT><CODE>deallocate-on-exit</CODE>
 <DD>
@@ -847,7 +847,7 @@ request for the root servers to be accepted.  Default 2.
 
 <HR>
 <ADDRESS>
-Last Updated: $Id: options.html,v 1.48 2002/04/25 05:27:00 marka Exp $
+Last Updated: $Id: options.html,v 1.49 2002/09/09 00:19:17 marka Exp $
 </ADDRESS>
 </BODY>
 </HTML>
diff --git a/contrib/bind/doc/man/named.conf.5 b/contrib/bind/doc/man/named.conf.5
index 532af69..4f5896c 100644
--- a/contrib/bind/doc/man/named.conf.5
+++ b/contrib/bind/doc/man/named.conf.5
@@ -665,6 +665,8 @@ is used:
 .Dl category panic { default_syslog; default_stderr; };
 .It Ic update
 Dynamic updates.
+.It Ic update-security
+Denied dynamic updates due to access controls.
 .It Ic ncache
 Negative caching.
 .It Ic xfer-in
@@ -858,11 +860,14 @@ bit is always set on
 .Dv NXDOMAIN
 responses, even if the server is not actually authoritative.
 The default is
-.Li yes .
-Do not turn off
-.Ic auth-nxdomain
-unless you are sure you know what you are
-doing, as some older software won't like it.
+.Li no .
+Turning 
+.Lc auth-nxdomain
+will allow older clients that require
+.Li AA
+to be set to accept
+.Dv NXDOMAIN
+responses to work.
 .It Ic deallocate-on-exit
 If
 .Li yes ,
diff --git a/contrib/bind/doc/man/resolver.3 b/contrib/bind/doc/man/resolver.3
index 9e2ef6f..c2cd915 100644
--- a/contrib/bind/doc/man/resolver.3
+++ b/contrib/bind/doc/man/resolver.3
@@ -16,7 +16,7 @@
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
 .\"	@(#)resolver.3	6.5 (Berkeley) 6/23/90
-.\"	$Id: resolver.3,v 8.16 2001/12/28 04:24:20 marka Exp $
+.\"	$Id: resolver.3,v 8.17 2002/08/07 03:47:33 marka Exp $
 .\"
 .Dd July 4, 2000
 .Dt RESOLVER @LIB_NETWORK_EXT_U@ 
@@ -552,6 +552,8 @@ to a full domain name.
 The compressed name is contained in a query or reply message;
 .Fa msg
 is a pointer to the beginning of the message.
+.Fa eomorig
+is a pointer to the first location after the message.
 The uncompressed name is placed in the buffer indicated by
 .Fa exp_dn
 which is of size
diff --git a/contrib/bind/lib/nameser/ns_name.c b/contrib/bind/lib/nameser/ns_name.c
index 6b193f6..fff96f4 100644
--- a/contrib/bind/lib/nameser/ns_name.c
+++ b/contrib/bind/lib/nameser/ns_name.c
@@ -16,7 +16,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: ns_name.c,v 8.18 2002/05/24 05:10:40 marka Exp $";
+static const char rcsid[] = "$Id: ns_name.c,v 8.18.4.1 2002/11/14 13:32:08 marka Exp $";
 #endif
 
 #include "port_before.h"
diff --git a/contrib/bind/lib/nameser/ns_samedomain.c b/contrib/bind/lib/nameser/ns_samedomain.c
index e29a8f8..da6f3b6 100644
--- a/contrib/bind/lib/nameser/ns_samedomain.c
+++ b/contrib/bind/lib/nameser/ns_samedomain.c
@@ -16,7 +16,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: ns_samedomain.c,v 8.9 1999/10/15 21:06:51 vixie Exp $";
+static const char rcsid[] = "$Id: ns_samedomain.c,v 8.9.6.2 2002/11/14 22:36:46 marka Exp $";
 #endif
 
 #include "port_before.h"
@@ -166,7 +166,7 @@ int
 ns_makecanon(const char *src, char *dst, size_t dstsize) {
 	size_t n = strlen(src);
 
-	if (n + sizeof "." + 1 > dstsize) {
+	if (n + sizeof "." > dstsize) {
 		errno = EMSGSIZE;
 		return (-1);
 	}
-- 
cgit v1.1