Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/bsd/bind/dist Import 9.10.3-P4:



details:   https://anonhg.NetBSD.org/src/rev/0dba0d617064
branches:  trunk
changeset: 814163:0dba0d617064
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Mar 10 03:22:13 2016 +0000

description:
Import 9.10.3-P4:

4322.   [security]      Duplicate EDNS COOKIE options in a response could
                        trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]

4319.   [security]      Fix resolver assertion failure due to improper
                        DNAME handling when parsing fetch reply messages.
                        (CVE-2016-1286) [RT #41753]

4318.   [security]      Malformed control messages can trigger assertions
                        in named and rndc. (CVE-2016-1285) [RT #41666]

diffstat:

 external/bsd/bind/dist/COPYRIGHT                |    2 +-
 external/bsd/bind/dist/bin/named/bind9.xsl      |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html |    2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html |   42 +++++++++---------
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html |    2 +-
 external/bsd/bind/dist/doc/arm/notes.html       |   41 +++++++++++++-----
 external/bsd/bind/dist/doc/arm/notes.pdf        |  Bin 
 external/bsd/bind/dist/doc/arm/notes.xml        |   51 +++++++++++++++++------
 external/bsd/bind/dist/lib/isccc/api            |    2 +-
 14 files changed, 97 insertions(+), 57 deletions(-)

diffs (truncated from 435 to 300 lines):

diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/COPYRIGHT
--- a/external/bsd/bind/dist/COPYRIGHT  Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/COPYRIGHT  Thu Mar 10 03:22:13 2016 +0000
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2015  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2016  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
 Permission to use, copy, modify, and/or distribute this software for any
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/bin/named/bind9.xsl
--- a/external/bsd/bind/dist/bin/named/bind9.xsl        Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/bin/named/bind9.xsl        Thu Mar 10 03:22:13 2016 +0000
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
- - Copyright (C) 2006-2009, 2012-2014  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2006-2009, 2012-2014, 2016  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html   Thu Mar 10 03:22:13 2016 +0000
@@ -556,6 +556,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html   Thu Mar 10 03:22:13 2016 +0000
@@ -154,6 +154,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html   Thu Mar 10 03:22:13 2016 +0000
@@ -671,6 +671,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html   Thu Mar 10 03:22:13 2016 +0000
@@ -139,6 +139,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html   Thu Mar 10 03:22:13 2016 +0000
@@ -163,6 +163,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html   Thu Mar 10 03:22:13 2016 +0000
@@ -514,6 +514,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html   Thu Mar 10 03:22:13 2016 +0000
@@ -47,13 +47,13 @@
 <dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614332">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613591">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613616">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613646">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613723">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613750">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614723">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613604">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613613">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613638">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613669">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613746">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613772">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614677">Library References</a></span></dt>
 </dl></dd>
 </dl>
 </div>
@@ -89,7 +89,7 @@
 </ul></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614332"></a>Prerequisite</h3></div></div></div>
+<a name="id2613604"></a>Prerequisite</h3></div></div></div>
 <p>GNU make is required to build the export libraries (other
   part of BIND 9 can still be built with other types of make). In
   the reminder of this document, "make" means GNU make. Note that
@@ -98,7 +98,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613591"></a>Compilation</h3></div></div></div>
+<a name="id2613613"></a>Compilation</h3></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
 $ <strong class="userinput"><code>make</code></strong>
@@ -113,7 +113,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613616"></a>Installation</h3></div></div></div>
+<a name="id2613638"></a>Installation</h3></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>cd lib/export</code></strong>
 $ <strong class="userinput"><code>make install</code></strong>
@@ -135,7 +135,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613646"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2613669"></a>Known Defects/Restrictions</h3></div></div></div>
 <div class="itemizedlist"><ul type="disc">
 <li><p>Currently, win32 is not supported for the export
       library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613723"></a>The dns.conf File</h3></div></div></div>
+<a name="id2613746"></a>The dns.conf File</h3></div></div></div>
 <p>The IRS library supports an "advanced" configuration file
   related to the DNS library for configuration parameters that
   would be beyond the capability of the
@@ -193,14 +193,14 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613750"></a>Sample Applications</h3></div></div></div>
+<a name="id2613772"></a>Sample Applications</h3></div></div></div>
 <p>Some sample application programs using this API are
   provided for reference. The following is a brief description of
   these applications.
   </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613758"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2613781"></a>sample: a simple stub resolver utility</h4></div></div></div>
 <p>
   It sends a query of a given name (of a given optional RR type) to a
   specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613917"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2614213"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
 <p>
   Similar to "sample", but accepts a list
   of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613971"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2614266"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
 <p>
   It sends a query to a specified server, and
   prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614035"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2614330"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
 <p>
   This is a test program
   to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614050"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2614345"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
 <p>
   It accepts a single update command as a
   command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614659"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2614613"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
 <p>
   It checks a set
   of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614723"></a>Library References</h3></div></div></div>
+<a name="id2614677"></a>Library References</h3></div></div></div>
 <p>As of this writing, there is no formal "manual" of the
   libraries, except this document, header files (some of them
   provide pretty detailed explanations), and sample application
@@ -540,6 +540,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html   Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html   Thu Mar 10 03:22:13 2016 +0000
@@ -149,6 +149,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.10.3-P3</p>
+<p style="text-align: center;">BIND 9.10.3-P4</p>
 </body>
 </html>
diff -r fe772aace22c -r 0dba0d617064 external/bsd/bind/dist/doc/arm/notes.html
--- a/external/bsd/bind/dist/doc/arm/notes.html Thu Mar 10 02:23:26 2016 +0000
+++ b/external/bsd/bind/dist/doc/arm/notes.html Thu Mar 10 03:22:13 2016 +0000
@@ -21,7 +21,7 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2542126"></a>Release Notes for BIND Version 9.10.3-P3</h2></div></div></div>
+<a name="id2542126"></a>Release Notes for BIND Version 9.10.3-P4</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -29,6 +29,10 @@
       This document summarizes changes since BIND 9.10.3:
     </p>
 <p>
+      BIND 9.10.3-P4 addresses the security issues described in
+      CVE-2016-1285, CVE-2016-1286 and CVE-2016-2088.
+    </p>
+<p>
       BIND 9.10.3-P3 addresses the security issues described in
       CVE-2015-8704 and CVE-2015-8705. It also fixes a serious
       regression in authoritative server selection that was
@@ -58,33 +62,46 @@
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul type="disc">
 <li><p>
-         Specific APL data could trigger an INSIST.  This flaw
-         was discovered by Brian Mitchell and is disclosed in
-         CVE-2015-8704. [RT #41396]
+         Duplicate EDNS COOKIE options in a response could trigger
+         an assertion failure. This flaw is disclosed in CVE-2016-2088.
+         [RT #41809]
+       </p></li>
+<li><p>
+         The resolver could abort with an assertion failure due to
+         improper DNAME handling when parsing fetch reply
+         messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
+       </p></li>
+<li><p>
+         Malformed control messages can trigger assertions in named
+         and rndc. This flaw is disclosed in CVE-2016-1285. [RT
+         #41666]
        </p></li>
 <li><p>
          Certain errors that could be encountered when printing out
          or logging an OPT record containing a CLIENT-SUBNET option
          could be mishandled, resulting in an assertion failure.
-         This flaw was discovered by Brian Mitchell and is disclosed
-         in CVE-2015-8705. [RT #41397]
+         This flaw is disclosed in CVE-2015-8705. [RT #41397]
+       </p></li>
+<li><p>
+         Specific APL data could trigger an INSIST.  This flaw
+         is disclosed in CVE-2015-8704. [RT #41396]



Home | Main Index | Thread Index | Old Index