Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist merge conflicts
details: https://anonhg.NetBSD.org/src/rev/f81b5fa761a1
branches: trunk
changeset: 814165:f81b5fa761a1
user: christos <christos%NetBSD.org@localhost>
date: Thu Mar 10 04:01:33 2016 +0000
description:
merge conflicts
diffstat:
external/bsd/bind/dist/CHANGES | 14 +
external/bsd/bind/dist/README | 14 +-
external/bsd/bind/dist/bin/dig/dighost.c | 13 +-
external/bsd/bind/dist/bin/named/bind9.xsl.h | 4 +-
external/bsd/bind/dist/bin/named/client.c | 37 +-
external/bsd/bind/dist/bin/named/control.c | 6 +-
external/bsd/bind/dist/bin/named/controlconf.c | 6 +-
external/bsd/bind/dist/bin/named/query.c | 7 +-
external/bsd/bind/dist/bin/rndc/rndc.c | 12 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 4 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 47 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 22 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 10 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 12 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 16 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 22 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 18 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 16 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 16 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 18 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 16 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 14 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 12 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 12 +-
external/bsd/bind/dist/doc/arm/man.host.html | 12 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 12 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 14 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 14 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 10 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 8 +-
external/bsd/bind/dist/doc/arm/man.named.html | 18 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 12 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 18 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 14 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 14 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 16 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/message.c | 6 +-
external/bsd/bind/dist/lib/dns/resolver.c | 243 ++++++-----
external/bsd/bind/dist/lib/isccc/cc.c | 18 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
49 files changed, 460 insertions(+), 391 deletions(-)
diffs (truncated from 2806 to 300 lines):
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/CHANGES Thu Mar 10 04:01:33 2016 +0000
@@ -1,3 +1,17 @@
+
+ --- 9.10.3-P4 released ---
+
+4322. [security] Duplicate EDNS COOKIE options in a response could
+ trigger an assertion failure. (CVE-2016-2088)
+ [RT #41809]
+
+4319. [security] Fix resolver assertion failure due to improper
+ DNAME handling when parsing fetch reply messages.
+ (CVE-2016-1286) [RT #41753]
+
+4318. [security] Malformed control messages can trigger assertions
+ in named and rndc. (CVE-2016-1285) [RT #41666]
+
--- 9.10.3-P3 released ---
4288. [bug] Fixed a regression in resolver.c:possibly_mark()
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/README Thu Mar 10 04:01:33 2016 +0000
@@ -51,12 +51,18 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+
+BIND 9.10.3-P4
+
+ BIND 9.10.3-P4 is a security release addressing the flaws
+ described in CVE-2016-1285, CVE-2016-1286 and CVE-2016-2088.
+
BIND 9.10.3-P3
- BIND 9.10.3-P3 is a security release addressing the flaws
- described in CVE-2015-8704 and CVE-2015-8705. It also fixes a
- serious regression in authoritative server selection that was
- introduced in BIND 9.10.3.
+ BIND 9.10.3-P3 is a security release addressing the flaws
+ described in CVE-2015-8704 and CVE-2015-8705. It also fixes
+ a serious regression in authoritative server selection that
+ was introduced in BIND 9.10.3.
BIND 9.10.3-P2
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/dig/dighost.c
--- a/external/bsd/bind/dist/bin/dig/dighost.c Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/dig/dighost.c Thu Mar 10 04:01:33 2016 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: dighost.c,v 1.16 2015/12/17 04:00:40 christos Exp $ */
+/* $NetBSD: dighost.c,v 1.17 2016/03/10 04:01:33 christos Exp $ */
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -3460,6 +3460,7 @@
isc_buffer_t optbuf;
isc_uint16_t optcode, optlen;
dns_rdataset_t *opt = msg->opt;
+ isc_boolean_t seen_cookie = ISC_FALSE;
result = dns_rdataset_first(opt);
if (result == ISC_R_SUCCESS) {
@@ -3472,7 +3473,15 @@
optlen = isc_buffer_getuint16(&optbuf);
switch (optcode) {
case DNS_OPT_COOKIE:
+ /*
+ * Only process the first cookie option.
+ */
+ if (seen_cookie) {
+ isc_buffer_forward(&optbuf, optlen);
+ break;
+ }
process_sit(l, msg, &optbuf, optlen);
+ seen_cookie = ISC_TRUE;
break;
default:
isc_buffer_forward(&optbuf, optlen);
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/named/bind9.xsl.h
--- a/external/bsd/bind/dist/bin/named/bind9.xsl.h Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/bind9.xsl.h Thu Mar 10 04:01:33 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bind9.xsl.h,v 1.8 2016/01/20 02:14:02 christos Exp $ */
+/* $NetBSD: bind9.xsl.h,v 1.9 2016/03/10 04:01:33 christos Exp $ */
/*
* Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp
@@ -7,7 +7,7 @@
static char xslmsg[] =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
"<!--\n"
- " - Copyright (C) 2006-2009, 2012-2014 Internet Systems Consortium, Inc. (\"ISC\")\n"
+ " - Copyright (C) 2006-2009, 2012-2014, 2016 Internet Systems Consortium, Inc. (\"ISC\")\n"
" -\n"
" - Permission to use, copy, modify, and/or distribute this software for any\n"
" - purpose with or without fee is hereby granted, provided that the above\n"
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/named/client.c
--- a/external/bsd/bind/dist/bin/named/client.c Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/client.c Thu Mar 10 04:01:33 2016 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: client.c,v 1.14 2015/12/17 04:00:41 christos Exp $ */
+/* $NetBSD: client.c,v 1.15 2016/03/10 04:01:33 christos Exp $ */
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -124,7 +124,10 @@
*/
#endif
-#define SIT_SIZE 24U /* 8 + 4 + 4 + 8 */
+#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */
+
+#define WANTNSID(x) (((x)->attributes & NS_CLIENTATTR_WANTNSID) != 0)
+#define WANTEXPIRE(x) (((x)->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0)
/*% nameserver client manager structure */
struct ns_clientmgr {
@@ -1399,7 +1402,7 @@
{
char nsid[BUFSIZ], *nsidp;
#ifdef ISC_PLATFORM_USESIT
- unsigned char sit[SIT_SIZE];
+ unsigned char sit[COOKIE_SIZE];
#endif
isc_result_t result;
dns_view_t *view;
@@ -1424,7 +1427,7 @@
flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
/* Set EDNS options if applicable */
- if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 &&
+ if (WANTNSID(client) &&
(ns_g_server->server_id != NULL ||
ns_g_server->server_usehostname)) {
if (ns_g_server->server_usehostname) {
@@ -1457,7 +1460,7 @@
INSIST(count < DNS_EDNSOPTIONS);
ednsopts[count].code = DNS_OPT_COOKIE;
- ednsopts[count].length = SIT_SIZE;
+ ednsopts[count].length = COOKIE_SIZE;
ednsopts[count].value = sit;
count++;
}
@@ -1665,19 +1668,26 @@
static void
process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
- unsigned char dbuf[SIT_SIZE];
+ unsigned char dbuf[COOKIE_SIZE];
unsigned char *old;
isc_stdtime_t now;
isc_uint32_t when;
isc_uint32_t nonce;
isc_buffer_t db;
+ /*
+ * If we have already seen a ECS option skip this ECS option.
+ */
+ if ((client->attributes & NS_CLIENTATTR_WANTSIT) != 0) {
+ isc_buffer_forward(buf, optlen);
+ return;
+ }
client->attributes |= NS_CLIENTATTR_WANTSIT;
isc_stats_increment(ns_g_server->nsstats,
dns_nsstatscounter_sitopt);
- if (optlen != SIT_SIZE) {
+ if (optlen != COOKIE_SIZE) {
/*
* Not our token.
*/
@@ -1721,14 +1731,13 @@
isc_buffer_init(&db, dbuf, sizeof(dbuf));
compute_sit(client, when, nonce, &db);
- if (!isc_safe_memequal(old, dbuf, SIT_SIZE)) {
+ if (!isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
isc_stats_increment(ns_g_server->nsstats,
dns_nsstatscounter_sitnomatch);
return;
}
isc_stats_increment(ns_g_server->nsstats,
dns_nsstatscounter_sitmatch);
-
client->attributes |= NS_CLIENTATTR_HAVESIT;
}
#endif
@@ -1787,7 +1796,9 @@
optlen = isc_buffer_getuint16(&optbuf);
switch (optcode) {
case DNS_OPT_NSID:
- isc_stats_increment(ns_g_server->nsstats,
+ if (!WANTNSID(client))
+ isc_stats_increment(
+ ns_g_server->nsstats,
dns_nsstatscounter_nsidopt);
client->attributes |= NS_CLIENTATTR_WANTNSID;
isc_buffer_forward(&optbuf, optlen);
@@ -1798,7 +1809,9 @@
break;
#endif
case DNS_OPT_EXPIRE:
- isc_stats_increment(ns_g_server->nsstats,
+ if (!WANTEXPIRE(client))
+ isc_stats_increment(
+ ns_g_server->nsstats,
dns_nsstatscounter_expireopt);
client->attributes |= NS_CLIENTATTR_WANTEXPIRE;
isc_buffer_forward(&optbuf, optlen);
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/named/control.c
--- a/external/bsd/bind/dist/bin/named/control.c Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/control.c Thu Mar 10 04:01:33 2016 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: control.c,v 1.9 2015/12/17 04:00:41 christos Exp $ */
+/* $NetBSD: control.c,v 1.10 2016/03/10 04:01:33 christos Exp $ */
/*
- * Copyright (C) 2004-2007, 2009-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -71,7 +71,7 @@
#endif
data = isccc_alist_lookup(message, "_data");
- if (data == NULL) {
+ if (!isccc_alist_alistp(data)) {
/*
* No data section.
*/
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/named/controlconf.c
--- a/external/bsd/bind/dist/bin/named/controlconf.c Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/controlconf.c Thu Mar 10 04:01:33 2016 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: controlconf.c,v 1.10 2014/12/10 04:37:51 christos Exp $ */
+/* $NetBSD: controlconf.c,v 1.11 2016/03/10 04:01:33 christos Exp $ */
/*
- * Copyright (C) 2004-2008, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -404,7 +404,7 @@
* Limit exposure to replay attacks.
*/
_ctrl = isccc_alist_lookup(request, "_ctrl");
- if (_ctrl == NULL) {
+ if (!isccc_alist_alistp(_ctrl)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup_request;
}
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c Thu Mar 10 04:01:33 2016 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: query.c,v 1.20 2015/12/17 04:00:41 christos Exp $ */
+/* $NetBSD: query.c,v 1.21 2016/03/10 04:01:33 christos Exp $ */
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -3255,7 +3255,8 @@
goto cleanup;
/*
- * If the answer is secure only add NS records if they are secure * when the client may be looking for AD in the response.
+ * If the answer is secure only add NS records if they are secure
+ * when the client may be looking for AD in the response.
*/
if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) &&
((rdataset->trust != dns_trust_secure) ||
diff -r c2dac71a34c1 -r f81b5fa761a1 external/bsd/bind/dist/bin/rndc/rndc.c
--- a/external/bsd/bind/dist/bin/rndc/rndc.c Thu Mar 10 03:50:47 2016 +0000
+++ b/external/bsd/bind/dist/bin/rndc/rndc.c Thu Mar 10 04:01:33 2016 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: rndc.c,v 1.13 2015/12/17 04:00:41 christos Exp $ */
+/* $NetBSD: rndc.c,v 1.14 2016/03/10 04:01:33 christos Exp $ */
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
Home |
Main Index |
Thread Index |
Old Index