From a503af91a8a93bdaeb15b5467c2d98018eb719c5 Mon Sep 17 00:00:00 2001 From: Erwin Lansing Date: Wed, 5 Dec 2012 12:53:50 +0000 Subject: Vendor import of Bind 9.8.4 Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S --- CHANGES | 107 +- Makefile.in | 2 +- README | 5 + acconfig.h | 5 +- bin/Makefile.in | 2 +- bin/check/Makefile.in | 2 +- bin/check/check-tool.c | 5 +- bin/confgen/Makefile.in | 2 +- bin/confgen/unix/Makefile.in | 2 +- bin/dig/Makefile.in | 2 +- bin/dig/nslookup.c | 11 +- bin/dnssec/Makefile.in | 2 +- bin/dnssec/dnssec-dsfromkey.8 | 6 +- bin/dnssec/dnssec-dsfromkey.c | 7 +- bin/dnssec/dnssec-dsfromkey.docbook | 6 +- bin/dnssec/dnssec-dsfromkey.html | 19 +- bin/dnssec/dnssec-keyfromlabel.8 | 6 +- bin/dnssec/dnssec-keyfromlabel.c | 8 +- bin/dnssec/dnssec-keyfromlabel.docbook | 6 +- bin/dnssec/dnssec-keyfromlabel.html | 17 +- bin/dnssec/dnssec-keygen.8 | 10 +- bin/dnssec/dnssec-keygen.c | 23 +- bin/dnssec/dnssec-keygen.docbook | 12 +- bin/dnssec/dnssec-keygen.html | 25 +- bin/dnssec/dnssec-settime.c | 7 +- bin/dnssec/dnssec-signzone.c | 5 +- bin/named/Makefile.in | 2 +- bin/named/builtin.c | 6 +- bin/named/config.c | 4 +- bin/named/controlconf.c | 6 +- bin/named/convertxsl.pl | 2 +- bin/named/query.c | 176 +- bin/named/server.c | 108 +- bin/named/statschannel.c | 37 +- bin/named/unix/Makefile.in | 2 +- bin/nsupdate/Makefile.in | 2 +- bin/nsupdate/nsupdate.c | 53 +- bin/rndc/Makefile.in | 2 +- bin/tools/Makefile.in | 2 +- config.h.in | 10 +- configure.in | 43 +- doc/Makefile.in | 2 +- doc/arm/Bv9ARM-book.xml | 179 +- doc/arm/Bv9ARM.ch04.html | 96 +- doc/arm/Bv9ARM.ch06.html | 260 +- doc/arm/Bv9ARM.ch07.html | 12 +- doc/arm/Bv9ARM.ch08.html | 16 +- doc/arm/Bv9ARM.ch09.html | 218 +- doc/arm/Bv9ARM.html | 96 +- doc/arm/Bv9ARM.pdf | 6512 +++++++++++----------- doc/arm/Makefile.in | 2 +- doc/arm/man.arpaname.html | 6 +- doc/arm/man.ddns-confgen.html | 8 +- doc/arm/man.dig.html | 18 +- doc/arm/man.dnssec-dsfromkey.html | 17 +- doc/arm/man.dnssec-keyfromlabel.html | 15 +- doc/arm/man.dnssec-keygen.html | 23 +- doc/arm/man.dnssec-revoke.html | 8 +- doc/arm/man.dnssec-settime.html | 12 +- doc/arm/man.dnssec-signzone.html | 10 +- doc/arm/man.genrandom.html | 8 +- doc/arm/man.host.html | 8 +- doc/arm/man.isc-hmac-fixup.html | 8 +- doc/arm/man.named-checkconf.html | 10 +- doc/arm/man.named-checkzone.html | 10 +- doc/arm/man.named-journalprint.html | 6 +- doc/arm/man.named.html | 14 +- doc/arm/man.nsec3hash.html | 8 +- doc/arm/man.nsupdate.html | 12 +- doc/arm/man.rndc-confgen.html | 10 +- doc/arm/man.rndc.conf.html | 10 +- doc/arm/man.rndc.html | 10 +- doc/misc/Makefile.in | 2 +- doc/misc/format-options.pl | 2 +- doc/misc/options | 18 +- doc/misc/sort-options.pl | 2 +- isc-config.sh.in | 2 +- lib/Makefile.in | 2 +- lib/bind9/Makefile.in | 2 +- lib/bind9/api | 2 +- lib/bind9/check.c | 69 +- lib/bind9/include/Makefile.in | 2 +- lib/bind9/include/bind9/Makefile.in | 2 +- lib/dns/Makefile.in | 5 +- lib/dns/adb.c | 44 +- lib/dns/api | 4 +- lib/dns/db.c | 9 +- lib/dns/dnssec.c | 115 +- lib/dns/ds.c | 35 +- lib/dns/dst_api.c | 16 +- lib/dns/dst_internal.h | 3 + lib/dns/dst_openssl.h | 3 + lib/dns/dst_parse.c | 61 +- lib/dns/dst_parse.h | 5 +- lib/dns/dst_result.c | 4 +- lib/dns/include/Makefile.in | 2 +- lib/dns/include/dns/db.h | 8 +- lib/dns/include/dns/dnssec.h | 13 +- lib/dns/include/dns/ds.h | 7 +- lib/dns/include/dns/iptable.h | 4 +- lib/dns/include/dns/keyvalues.h | 10 +- lib/dns/include/dns/log.h | 1 + lib/dns/include/dns/rdataset.h | 20 + lib/dns/include/dns/rpz.h | 13 +- lib/dns/include/dns/stats.h | 10 + lib/dns/include/dns/view.h | 2 + lib/dns/include/dns/zone.h | 2 +- lib/dns/include/dst/Makefile.in | 2 +- lib/dns/include/dst/dst.h | 2 + lib/dns/include/dst/result.h | 6 +- lib/dns/log.c | 1 + lib/dns/master.c | 47 +- lib/dns/masterdump.c | 12 +- lib/dns/openssl_link.c | 40 +- lib/dns/openssldh_link.c | 18 +- lib/dns/openssldsa_link.c | 34 +- lib/dns/opensslecdsa_link.c | 596 ++ lib/dns/opensslgost_link.c | 75 +- lib/dns/opensslrsa_link.c | 52 +- lib/dns/rbtdb.c | 39 +- lib/dns/rcode.c | 2 + lib/dns/rdata.c | 12 +- lib/dns/rdata/generic/dlv_32769.c | 12 +- lib/dns/rdata/generic/ds_43.c | 12 +- lib/dns/rdataset.c | 28 + lib/dns/resolver.c | 50 +- lib/dns/rpz.c | 133 +- lib/dns/spnego_asn1.pl | 2 +- lib/dns/validator.c | 10 +- lib/dns/view.c | 2 + lib/dns/zone.c | 101 +- lib/export/Makefile.in | 2 +- lib/export/dns/Makefile.in | 4 +- lib/export/dns/include/Makefile.in | 2 +- lib/export/dns/include/dns/Makefile.in | 2 +- lib/export/dns/include/dst/Makefile.in | 2 +- lib/export/irs/include/irs/Makefile.in | 2 +- lib/export/isc/Makefile.in | 2 +- lib/export/isc/include/isc/Makefile.in | 2 +- lib/export/isc/nls/Makefile.in | 2 +- lib/export/isc/nothreads/Makefile.in | 2 +- lib/export/isc/nothreads/include/isc/Makefile.in | 2 +- lib/export/isc/pthreads/Makefile.in | 2 +- lib/export/isc/pthreads/include/isc/Makefile.in | 2 +- lib/export/isc/unix/Makefile.in | 2 +- lib/export/isc/unix/include/isc/Makefile.in | 2 +- lib/export/isccfg/include/isccfg/Makefile.in | 2 +- lib/export/samples/Makefile-postinstall.in | 2 +- lib/export/samples/Makefile.in | 2 +- lib/irs/Makefile.in | 2 +- lib/irs/include/Makefile.in | 2 +- lib/irs/include/irs/Makefile.in | 2 +- lib/isc/alpha/Makefile.in | 2 +- lib/isc/alpha/include/Makefile.in | 2 +- lib/isc/alpha/include/isc/Makefile.in | 2 +- lib/isc/api | 6 +- lib/isc/ia64/Makefile.in | 2 +- lib/isc/ia64/include/Makefile.in | 2 +- lib/isc/ia64/include/isc/Makefile.in | 2 +- lib/isc/ia64/include/isc/atomic.h | 6 +- lib/isc/include/Makefile.in | 2 +- lib/isc/include/isc/file.h | 13 +- lib/isc/include/isc/namespace.h | 2 + lib/isc/include/isc/task.h | 27 + lib/isc/mem.c | 10 +- lib/isc/mips/Makefile.in | 2 +- lib/isc/mips/include/Makefile.in | 2 +- lib/isc/mips/include/isc/Makefile.in | 2 +- lib/isc/nls/Makefile.in | 2 +- lib/isc/noatomic/Makefile.in | 2 +- lib/isc/noatomic/include/Makefile.in | 2 +- lib/isc/noatomic/include/isc/Makefile.in | 2 +- lib/isc/nothreads/Makefile.in | 2 +- lib/isc/nothreads/include/Makefile.in | 2 +- lib/isc/nothreads/include/isc/Makefile.in | 2 +- lib/isc/powerpc/Makefile.in | 2 +- lib/isc/powerpc/include/Makefile.in | 2 +- lib/isc/powerpc/include/isc/Makefile.in | 2 +- lib/isc/pthreads/Makefile.in | 2 +- lib/isc/pthreads/condition.c | 11 +- lib/isc/pthreads/include/Makefile.in | 2 +- lib/isc/pthreads/include/isc/Makefile.in | 2 +- lib/isc/sparc64/Makefile.in | 2 +- lib/isc/sparc64/include/Makefile.in | 2 +- lib/isc/sparc64/include/isc/Makefile.in | 2 +- lib/isc/task.c | 45 +- lib/isc/task_api.c | 11 + lib/isc/unix/Makefile.in | 2 +- lib/isc/unix/file.c | 31 + lib/isc/unix/include/Makefile.in | 2 +- lib/isc/unix/include/isc/Makefile.in | 2 +- lib/isc/x86_32/Makefile.in | 2 +- lib/isc/x86_32/include/Makefile.in | 2 +- lib/isc/x86_32/include/isc/Makefile.in | 2 +- lib/isc/x86_64/Makefile.in | 2 +- lib/isc/x86_64/include/Makefile.in | 2 +- lib/isc/x86_64/include/isc/Makefile.in | 2 +- lib/isccc/api | 2 +- lib/isccc/cc.c | 6 +- lib/isccc/include/Makefile.in | 2 +- lib/isccc/include/isccc/Makefile.in | 2 +- lib/isccfg/api | 2 +- lib/isccfg/include/Makefile.in | 2 +- lib/isccfg/include/isccfg/Makefile.in | 2 +- lib/isccfg/namedconf.c | 224 +- lib/lwres/Makefile.in | 2 +- lib/lwres/api | 2 +- lib/lwres/getaddrinfo.c | 8 +- lib/lwres/include/Makefile.in | 2 +- lib/lwres/include/lwres/Makefile.in | 2 +- lib/lwres/man/Makefile.in | 2 +- make/rules.in | 2 +- version | 6 +- 213 files changed, 6252 insertions(+), 4464 deletions(-) create mode 100644 lib/dns/opensslecdsa_link.c diff --git a/CHANGES b/CHANGES index d9b6714eff293..801f9918e5feb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,15 +1,76 @@ - --- 9.8.3-P4 released --- + --- 9.8.4 released --- 3383. [security] A certain combination of records in the RBT could cause named to hang while populating the additional section of a response. [RT #31090] - --- 9.8.3-P3 released --- +3373. [bug] win32: open raw files in binary mode. [RT #30944] 3364. [security] Named could die on specially crafted record. [RT #30416] - --- 9.8.3-P2 released --- + --- 9.8.4rc1 released --- + +3369. [bug] nsupdate terminated unexpectedly in interactive mode + if built with readline support. [RT #29550] + +3368. [bug] and were not C++ safe. + +3367. [bug] dns_dnsseckey_create() result was not being checked. + [RT #30685] + +3366. [bug] Fixed Read-After-Write dependency violation for IA64 + atomic operations. [RT #25181] + +3365. [bug] Removed spurious newlines from log messages in + zone.c [RT #30675] + +3363. [bug] Need to allow "forward" and "fowarders" options + in static-stub zones; this had been overlooked. + [RT #30482] + +3362. [bug] Setting some option values to 0 in named.conf + could trigger an assertion failure on startup. + [RT #27730] + +3360. [bug] 'host -w' could die. [RT #18723] + +3359. [bug] An improperly-formed TSIG secret could cause a + memory leak. [RT #30607] + +3357. [port] Add support for libxml2-2.8.x [RT #30440] + +3356. [bug] Cap the TTL of signed RRsets when RRSIGs are + approaching their expiry, so they don't remain + in caches after expiry. [RT #26429] + + --- 9.8.4b1 released --- + +3354. [func] Improve OpenSSL error logging. [RT #29932] + +3353. [bug] Use a single task for task exclusive operations. + [RT #29872] + +3352. [bug] Ensure that learned server attributes timeout of the + adb cache. [RT #29856] + +3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report + caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX + memory debugging flags are set. [RT #30243] + +3350. [bug] Memory read overrun in isc___mem_reallocate if + ISC_MEM_DEBUGCTX memory debugging flag is set. + [RT #30240] + +3348. [bug] Prevent RRSIG data from being cached if a negative + record matching the covering type exists at a higher + trust level. Such data already can't be retrieved from + the cache since change 3218 -- this prevents it + being inserted into the cache as well. [RT #26809] + +3347. [bug] dnssec-settime: Issue a warning when writing a new + private key file would cause a change in the + permissions of the existing file. [RT #27724] 3346. [security] Bad-cache data could be used before it was initialized, causing an assert. [RT #30025] @@ -18,11 +79,47 @@ resulting in excessive cpu usage in some cases. [RT #29952] - --- 9.8.3-P1 released --- +3337. [bug] Change #3294 broke support for the multiple keys + in controls. [RT #29694] + +3335. [func] nslookup: return a nonzero exit code when unable + to get an answer. [RT #29492] + +3333. [bug] Setting resolver-query-timeout too low can cause + named to not recover if it loses connectivity. + [RT #29623] + +3332. [bug] Re-use cached DS rrsets if possible. [RT #29446] 3331. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644] - + +3330. [func] Fix missing signatures on NOERROR results despite + RPZ rewriting. Also + - add optional "recursive-only yes|no" to the + response-policy statement + - add optional "max-policy-ttl" to the response-policy + statement to limit the false data that + "recursive-only no" can introduce into + resolvers' caches + - add a RPZ performance test to bin/tests/system/rpz + when queryperf is available. + - the encoding of PASSTHRU action to "rpz-passthru". + (The old encoding is still accepted.) + [RT #26172] + + +3329. [bug] Handle RRSIG signer-name case consistently: We + generate RRSIG records with the signer-name in + lower case. We accept them with any case, but if + they fail to validate, we try again in lower case. + [RT #27451] + +3328. [bug] Fixed inconsistent data checking in dst_parse.c. + [RT #29401] + +3317. [func] Add ECDSA support (RFC 6605). [RT #21918] + --- 9.8.3 released --- 3318. [tuning] Reduce the amount of work performed while holding a diff --git a/Makefile.in b/Makefile.in index 2a00df415f38d..05d9c43174f02 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any diff --git a/README b/README index ee56344c5e025..f797639787548 100644 --- a/README +++ b/README @@ -51,6 +51,11 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.8.4 + + BIND 9.8.4 includes several bug fixes and patches security + flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244. + BIND 9.8.3 BIND 9.8.3 is a maintenance release. diff --git a/acconfig.h b/acconfig.h index 736d1bcdd31de..3d412d93c8780 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -138,6 +138,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define if OpenSSL includes DSA support */ #undef HAVE_OPENSSL_DSA +/* Define if OpenSSL includes ECDSA support */ +#undef HAVE_OPENSSL_ECDSA + /* Define to the length type used by the socket API (socklen_t, size_t, int). */ #undef ISC_SOCKADDR_LEN_T diff --git a/bin/Makefile.in b/bin/Makefile.in index e4805520e7e6d..89b4673edd35a 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in index 403933b2ed7d4..c191605605b1b 100644 --- a/bin/check/Makefile.in +++ b/bin/check/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 422d9b1cde98f..2bf16a686c55a 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -639,6 +639,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename, { isc_result_t result; FILE *output = stdout; + const char *flags; + + flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+"; if (debug) { if (filename != NULL && strcmp(filename, "-") != 0) @@ -649,7 +652,7 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename, } if (filename != NULL && strcmp(filename, "-") != 0) { - result = isc_stdio_open(filename, "w+", &output); + result = isc_stdio_open(filename, flags, &output); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not open output " diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in index 64ddf760a067b..8b3e5aa1c4de3 100644 --- a/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above diff --git a/bin/confgen/unix/Makefile.in b/bin/confgen/unix/Makefile.in index 924701e61ff2e..2ab6d922d5555 100644 --- a/bin/confgen/unix/Makefile.in +++ b/bin/confgen/unix/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in index 19dc61c4353f8..2a3bc5d6fe8b4 100644 --- a/bin/dig/Makefile.in +++ b/bin/dig/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index 48c390b8ae0ef..2ef8f84ea2a74 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -57,6 +57,7 @@ static isc_boolean_t in_use = ISC_FALSE; static char defclass[MXRD] = "IN"; static char deftype[MXRD] = "A"; static isc_event_t *global_event = NULL; +static int query_error = 1, print_error = 0; static char domainopt[DNS_NAME_MAXTEXT]; @@ -406,6 +407,9 @@ isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { char servtext[ISC_SOCKADDR_FORMATSIZE]; + /* I've we've gotten this far, we've reached a server. */ + query_error = 0; + debug("printmessage()"); isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext)); @@ -433,6 +437,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { (msg->rcode != dns_rcode_nxdomain) ? nametext : query->lookup->textname, rcode_totext(msg->rcode)); debug("returning with rcode == 0"); + + /* the lookup failed */ + print_error |= 1; return (ISC_R_SUCCESS); } @@ -887,5 +894,5 @@ main(int argc, char **argv) { destroy_libs(); isc_app_finish(); - return (0); + return (query_error | print_error); } diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in index 6bfd162d8d358..0bca14155724b 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8 index 437aa371cff4f..ae9bb54000c6e 100644 --- a/bin/dnssec/dnssec-dsfromkey.8 +++ b/bin/dnssec/dnssec-dsfromkey.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -55,7 +55,7 @@ Use SHA\-256 as the digest algorithm. .RS 4 Select the digest algorithm. The value of \fBalgorithm\fR -must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive. +must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive. .RE .PP \-K \fIdirectory\fR @@ -139,5 +139,5 @@ RFC 4509. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index c4b157cd9b1a7..93d789b062645 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -296,7 +296,7 @@ usage(void) { fprintf(stderr, " -K : directory in which to find " "key file or keyset file\n"); fprintf(stderr, " -a algorithm: digest algorithm " - "(SHA-1, SHA-256 or GOST)\n"); + "(SHA-1, SHA-256, GOST or SHA-384)\n"); fprintf(stderr, " -1: use SHA-1\n"); fprintf(stderr, " -2: use SHA-256\n"); fprintf(stderr, " -l: add lookaside zone and print DLV records\n"); @@ -415,6 +415,9 @@ main(int argc, char **argv) { else if (strcasecmp(algname, "GOST") == 0) dtype = DNS_DSDIGEST_GOST; #endif + else if (strcasecmp(algname, "SHA384") == 0 || + strcasecmp(algname, "SHA-384") == 0) + dtype = DNS_DSDIGEST_SHA384; else fatal("unknown algorithm %s", algname); } diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook index d139ba5ec7c8e..d7050335107ae 100644 --- a/bin/dnssec/dnssec-dsfromkey.docbook +++ b/bin/dnssec/dnssec-dsfromkey.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>