Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind Merge 9.10.3-P3:
details: https://anonhg.NetBSD.org/src/rev/5e3b149ec1cc
branches: trunk
changeset: 343032:5e3b149ec1cc
user: christos <christos%NetBSD.org@localhost>
date: Wed Jan 20 02:14:02 2016 +0000
description:
Merge 9.10.3-P3:
4288. [bug] Fixed a regression in resolver.c:possibly_mark()
which caused known-bogus servers to be queried
anyway. [RT #41321]
4286. [security] render_ecs errors were mishandled when printing out
a OPT record resulting in a assertion failure.
(CVE-2015-8705) [RT #41397]
4285. [security] Specific APL data could trigger a INSIST.
(CVE-2015-8704) [RT #41396]
diffstat:
external/bsd/bind/dist/CHANGES | 13 +++
external/bsd/bind/dist/README | 7 ++
external/bsd/bind/dist/bin/named/bind9.xsl.h | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 42 ++++++++---
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 22 +++---
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 10 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 12 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 16 ++--
external/bsd/bind/dist/doc/arm/man.dig.html | 22 +++---
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 18 ++--
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 16 ++--
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 16 ++--
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 18 ++--
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 16 ++--
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 14 ++--
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 12 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 12 +-
external/bsd/bind/dist/doc/arm/man.host.html | 12 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 12 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 14 ++--
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 14 ++--
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 10 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 8 +-
external/bsd/bind/dist/doc/arm/man.named.html | 18 ++--
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 12 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 18 ++--
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 14 ++--
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 14 ++--
external/bsd/bind/dist/doc/arm/man.rndc.html | 16 ++--
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/message.c | 42 ++++++++---
external/bsd/bind/dist/lib/dns/rdata/in_1/apl_42.c | 6 +-
external/bsd/bind/dist/lib/dns/resolver.c | 13 +--
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
external/bsd/bind/include/dns/enumclass.h | 2 +-
external/bsd/bind/include/dns/enumtype.h | 2 +-
external/bsd/bind/include/dns/rdatastruct.h | 2 +-
external/bsd/bind/lib/libbind9/shlib_version | 4 +-
external/bsd/bind/lib/libdns/shlib_version | 4 +-
external/bsd/bind/lib/libirs/shlib_version | 4 +-
external/bsd/bind/lib/libisc/shlib_version | 4 +-
external/bsd/bind/lib/libisccc/shlib_version | 4 +-
external/bsd/bind/lib/libisccfg/shlib_version | 4 +-
external/bsd/bind/lib/liblwres/shlib_version | 4 +-
53 files changed, 320 insertions(+), 265 deletions(-)
diffs (truncated from 2316 to 300 lines):
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/CHANGES Wed Jan 20 02:14:02 2016 +0000
@@ -1,3 +1,16 @@
+ --- 9.10.3-P3 released ---
+
+4288. [bug] Fixed a regression in resolver.c:possibly_mark()
+ which caused known-bogus servers to be queried
+ anyway. [RT #41321]
+
+4286. [security] render_ecs errors were mishandled when printing out
+ a OPT record resulting in a assertion failure.
+ (CVE-2015-8705) [RT #41397]
+
+4285. [security] Specific APL data could trigger a INSIST.
+ (CVE-2015-8704) [RT #41396]
+
--- 9.10.3-P2 released ---
4270. [security] Update allowed OpenSSL versions as named is
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/README Wed Jan 20 02:14:02 2016 +0000
@@ -51,6 +51,13 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.3-P3
+
+ BIND 9.10.3-P3 is a security release addressing the flaws
+ described in CVE-2015-8704 and CVE-2015-8705. It also fixes a
+ serious regression in authoritative server selection that was
+ introduced in BIND 9.10.3.
+
BIND 9.10.3-P2
BIND 9.10.3-P2 is a security release addressing the flaws
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/bin/named/bind9.xsl.h
--- a/external/bsd/bind/dist/bin/named/bind9.xsl.h Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/bind9.xsl.h Wed Jan 20 02:14:02 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bind9.xsl.h,v 1.7 2014/12/10 04:37:51 christos Exp $ */
+/* $NetBSD: bind9.xsl.h,v 1.8 2016/01/20 02:14:02 christos Exp $ */
/*
* Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp
@@ -27,7 +27,7 @@
"<!-- \045Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp \045 -->\n"
"<xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"; xmlns=\"http://www.w3.org/1999/xhtml\"; version=\"1.0\">\n"
" <xsl:output method=\"html\" indent=\"yes\" version=\"4.0\"/>\n"
- " <xsl:template match=\"statistics[@version="3.5"]\">\n"
+ " <xsl:template match=\"statistics[@version="3.6"]\">\n"
" <html>\n"
" <head>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Wed Jan 20 02:14:02 2016 +0000
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.6 2015/12/17 04:00:43 christos Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.7 2016/01/20 02:14:02 christos Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -2294,6 +2294,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.10.3-P2</p>
+<p style="text-align: center;">BIND 9.10.3-P3</p>
</body>
</html>
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Wed Jan 20 02:14:02 2016 +0000
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.6 2015/12/17 04:00:43 christos Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.7 2016/01/20 02:14:02 christos Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -12697,6 +12697,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.10.3-P2</p>
+<p style="text-align: center;">BIND 9.10.3-P3</p>
</body>
</html>
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Wed Jan 20 02:14:02 2016 +0000
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.6 2015/12/17 04:00:43 christos Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.7 2016/01/20 02:14:02 christos Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -247,6 +247,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.10.3-P2</p>
+<p style="text-align: center;">BIND 9.10.3-P3</p>
</body>
</html>
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Wed Jan 20 02:14:02 2016 +0000
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.6 2015/12/17 04:00:43 christos Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.7 2016/01/20 02:14:02 christos Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -135,6 +135,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.10.3-P2</p>
+<p style="text-align: center;">BIND 9.10.3-P3</p>
</body>
</html>
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Wed Jan 20 02:14:02 2016 +0000
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.6 2015/12/17 04:00:43 christos Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.7 2016/01/20 02:14:02 christos Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,7 +45,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2612001">Release Notes for BIND Version 9.10.3-P2</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2612001">Release Notes for BIND Version 9.10.3-P3</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2612001"></a>Release Notes for BIND Version 9.10.3-P2</h2></div></div></div>
+<a name="id2612001"></a>Release Notes for BIND Version 9.10.3-P3</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,6 +68,12 @@
This document summarizes changes since BIND 9.10.3:
</p>
<p>
+ BIND 9.10.3-P3 addresses the security issues described in
+ CVE-2015-8704 and CVE-2015-8705. It also fixes a serious
+ regression in authoritative server selection that was
+ introduced in BIND 9.10.3.
+ </p>
+<p>
BIND 9.10.3-P2 addresses the security issues described in
CVE-2015-3193 (OpenSSL), CVE-2015-8000 and CVE-2015-8461.
</p>
@@ -91,13 +97,20 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
- Named is potentially vulnerable to the OpenSSL vulnerabilty
- described in CVE-2015-3193.
+ Specific APL data could trigger an INSIST. This flaw
+ was discovered by Brian Mitchell and is disclosed in
+ CVE-2015-8704. [RT #41396]
</p></li>
<li><p>
- Incorrect reference counting could result in an INSIST
- failure if a socket error occurred while performing a
- lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ Certain errors that could be encountered when printing out
+ or logging an OPT record containing a CLIENT-SUBNET option
+ could be mishandled, resulting in an assertion failure.
+ This flaw was discovered by Brian Mitchell and is disclosed
+ in CVE-2015-8705. [RT #41397]
+ </p></li>
+<li><p>
+ Named is potentially vulnerable to the OpenSSL vulnerabilty
+ described in CVE-2015-3193.
</p></li>
<li><p>
Insufficient testing when parsing a message allowed
@@ -106,6 +119,11 @@
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
+<li><p>
+ Incorrect reference counting could result in an INSIST
+ failure if a socket error occurred while performing a
+ lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ </p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
@@ -126,8 +144,10 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li><p>
- None.
- </p></li></ul></div>
+ Authoritative servers that were marked as bogus (e.g. blackholed
+ in configuration or with invalid addresses) were being queried
+ anyway. [RT #41321]
+ </p></li></ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
@@ -168,6 +188,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.10.3-P2</p>
+<p style="text-align: center;">BIND 9.10.3-P3</p>
</body>
</html>
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.html Wed Jan 20 01:52:08 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.html Wed Jan 20 02:14:02 2016 +0000
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.6 2015/12/17 04:00:43 christos Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.7 2016/01/20 02:14:02 christos Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -41,7 +41,7 @@
<div>
<div><h1 class="title">
<a name="id2563180"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.3-P2</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.3-P3</p></div>
<div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -240,7 +240,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2612001">Release Notes for BIND Version 9.10.3-P2</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2612001">Release Notes for BIND Version 9.10.3-P3</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -268,13 +268,13 @@
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614316">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614326">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613600">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613630">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613707">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613734">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614638">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614332">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613591">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613616">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613646">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613723">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613750">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614723">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>
@@ -380,6 +380,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.10.3-P2</p>
+<p style="text-align: center;">BIND 9.10.3-P3</p>
</body>
</html>
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/Bv9ARM.pdf
Binary file external/bsd/bind/dist/doc/arm/Bv9ARM.pdf has changed
diff -r 0e42e089f391 -r 5e3b149ec1cc external/bsd/bind/dist/doc/arm/man.arpaname.html
--- a/external/bsd/bind/dist/doc/arm/man.arpaname.html Wed Jan 20 01:52:08 2016 +0000
Home |
Main Index |
Thread Index |
Old Index