Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist merge bind-9.10.4-P5
details: https://anonhg.NetBSD.org/src/rev/bd7efdadf100
branches: trunk
changeset: 350467:bd7efdadf100
user: spz <spz%NetBSD.org@localhost>
date: Thu Jan 12 08:21:32 2017 +0000
description:
merge bind-9.10.4-P5
diffstat:
external/bsd/bind/dist/CHANGES | 24 ++
external/bsd/bind/dist/README | 5 +
external/bsd/bind/dist/bin/named/pfilter.c | 47 ----
external/bsd/bind/dist/bin/named/pfilter.h | 2 -
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls | 12 -
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer | 12 -
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls | 12 -
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer | 12 -
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 26 ++-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 6 +-
external/bsd/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 2 +-
external/bsd/bind/dist/doc/arm/man.host.html | 2 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 2 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/message.c | 78 +++++++-
external/bsd/bind/dist/lib/dns/resolver.c | 97 ++++++---
external/bsd/bind/dist/lib/isc/unix/socket.c | 5 +-
external/bsd/bind/dist/lib/isc/win32/socket.c | 13 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
48 files changed, 236 insertions(+), 183 deletions(-)
diffs (truncated from 1004 to 300 lines):
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Thu Jan 12 08:21:32 2017 +0000
@@ -1,3 +1,27 @@
+ --- 9.10.4-P5 released ---
+
+4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
+ in responses resulting in SERVFAIL being returned.
+ [RT #43779]
+
+4528. [bug] Only set the flag bits for the i/o we are waiting
+ for on EPOLLERR or EPOLLHUP. [RT #43617]
+
+4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
+
+4517. [security] Named could mishandle authority sections that were
+ missing RRSIGs triggering an assertion failure.
+ (CVE-2016-9444) [RT # 43632]
+
+4510. [security] Named mishandled some responses where covering RRSIG
+ records are returned without the requested data
+ resulting in a assertion failure. (CVE-2016-9147)
+ [RT #43548]
+
+4508. [security] Named incorrectly tried to cache TKEY records which
+ could trigger a assertion failure when there was
+ a class mismatch. (CVE-2016-9131) [RT #43522]
+
--- 9.10.4-P4 released ---
4489. [security] It was possible to trigger assertions when processing
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/README Thu Jan 12 08:21:32 2017 +0000
@@ -51,6 +51,11 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P5
+
+ This version contains fixes for CVE-2016-9131, CVE-2016-9147,
+ CVE-2016-9444 and CVE-2016-9778.
+
BIND 9.10.4-P4
This version contains a fix for CVE-2016-8864.
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/bin/named/pfilter.c
--- a/external/bsd/bind/dist/bin/named/pfilter.c Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-#include <config.h>
-
-#include <isc/platform.h>
-#include <isc/util.h>
-#include <named/types.h>
-#include <named/client.h>
-
-#include <blacklist.h>
-
-#include "pfilter.h"
-
-static struct blacklist *blstate;
-
-void
-pfilter_open(void)
-{
- if (blstate == NULL)
- blstate = blacklist_open();
-}
-
-#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
-
-void
-pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
-{
- isc_socket_t *socket;
-
- pfilter_open();
-
- if (TCP_CLIENT(client))
- socket = client->tcpsocket;
- else {
- socket = client->udpsocket;
- if (!client->peeraddr_valid)
- return;
- }
-
- if (socket == NULL)
- return;
-
- if (blstate == NULL)
- return;
-
- blacklist_sa_r(blstate,
- res != ISC_R_SUCCESS, isc_socket_getfd(socket),
- &client->peeraddr.type.sa, client->peeraddr.length, msg);
-}
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/bin/named/pfilter.h
--- a/external/bsd/bind/dist/bin/named/pfilter.h Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-void pfilter_open(void);
-void pfilter_notify(isc_result_t, ns_client_t *, const char *);
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# Shell script to start the zkt-ls command
-# out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
- echo Please start this skript out of the flat or hierarchical sub directory
- exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-ls "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# Shell script to start the zkt-signer
-# command out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
- echo Please start this skript out of the flat or hierarchical sub directory
- exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-signer "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# Shell script to start the zkt-ls command
-# out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
- echo Please start this skript out of the flat or hierarchical sub directory
- exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-ls "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# Shell script to start the zkt-signer
-# command out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
- echo Please start this skript out of the flat or hierarchical sub directory
- exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-signer "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Thu Jan 12 08:21:32 2017 +0000
@@ -2326,6 +2326,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Thu Jan 12 08:21:32 2017 +0000
@@ -12845,6 +12845,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Thu Jan 12 08:21:32 2017 +0000
@@ -248,6 +248,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Thu Jan 12 08:21:32 2017 +0000
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Thu Jan 12 08:21:32 2017 +0000
@@ -44,7 +44,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P4</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,6 +68,10 @@
This document summarizes changes since BIND 9.10.4:
</p>
<p>
+ BIND 9.10.4-P5 addresses the security issues described in
+ CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
+ </p>
+<p>
BIND 9.10.4-P4 addresses the security issue described in
CVE-2016-8864.
</p>
@@ -103,6 +107,22 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ Named could mishandle authority sections that were missing
+ RRSIGs triggering an assertion failure. This flaw is
+ disclosed in CVE-2016-9444. [RT # 43632]
+ </p></li>
+<li class="listitem"><p>
+ Named mishandled some responses where covering RRSIG
+ records are returned without the requested data
+ resulting in a assertion failure. This flaw is disclosed in
+ CVE-2016-9147. [RT #43548]
+ </p></li>
+<li class="listitem"><p>
+ Named incorrectly tried to cache TKEY records which could
+ trigger a assertion failure when there was a class mismatch.
+ This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ </p></li>
+<li class="listitem"><p>
It was possible to trigger assertions when processing
a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
</p></li>
@@ -198,6 +218,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.html Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.html Thu Jan 12 08:21:32 2017 +0000
@@ -40,7 +40,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.4-P4</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.4-P5</p></div>
<div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -239,7 +239,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -385,6 +385,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
Home |
Main Index |
Thread Index |
Old Index