Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist merge conflicts.
details: https://anonhg.NetBSD.org/src/rev/758c6fc98504
branches: trunk
changeset: 823143:758c6fc98504
user: christos <christos%NetBSD.org@localhost>
date: Thu Apr 13 19:11:19 2017 +0000
description:
merge conflicts.
diffstat:
external/bsd/bind/dist/CHANGES | 22 +-
external/bsd/bind/dist/README | 5 +
external/bsd/bind/dist/bin/named/query.c | 5 +-
external/bsd/bind/dist/configure | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 55 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 7 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 2 +-
external/bsd/bind/dist/doc/arm/man.host.html | 2 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 2 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/rdataset.c | 4 +-
external/bsd/bind/dist/lib/dns/resolver.c | 870 ++++-------
external/bsd/bind/dist/lib/isc/include/isc/lex.h | 4 +-
external/bsd/bind/dist/lib/isc/lex.c | 7 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
45 files changed, 458 insertions(+), 591 deletions(-)
diffs (truncated from 1648 to 300 lines):
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Thu Apr 13 19:11:19 2017 +0000
@@ -1,7 +1,27 @@
+ --- 9.10.4-P8 released ---
+
+4582. [security] 'rndc ""' could trigger a assertion failure in named.
+ (CVE-2017-3138) [RT #44924]
+
+4580. [bug] 4578 introduced a regression when handling CNAME to
+ referral below the current domain. [RT #44850]
+
+ --- 9.10.4-P7 released ---
+
+4578. [security] Some chaining (CNAME or DNAME) responses to upstream
+ queries could trigger assertion failures.
+ (CVE-2017-3137) [RT #44734]
+
+4575. [security] DNS64 with "break-dnssec yes;" can result in an
+ assertion failure. (CVE-2017-3136) [RT #44653]
+
+4564. [maint] Update the built in managed keys to include the
+ upcoming root KSK. [RT #44579]
+
--- 9.10.4-P6 released ---
4558. [bug] Synthesised CNAME before matching DNAME was still
- being cached when it should have been. [RT #44318]
+ being cached when it should not have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/README Thu Apr 13 19:11:19 2017 +0000
@@ -51,6 +51,11 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P7
+
+ This version contains fixes for CVE-2017-3136 and CVE-2017-3137,
+ and updates the built in trusted keys for the root zone.
+
BIND 9.10.4-P6
This version contains a fix for CVE-2017-3135, and a bug fix
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c Thu Apr 13 19:11:19 2017 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: query.c,v 1.23 2017/02/09 00:23:26 christos Exp $ */
+/* $NetBSD: query.c,v 1.24 2017/04/13 19:11:19 christos Exp $ */
/*
- * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -8221,6 +8221,7 @@
result = query_dns64(client, &fname, rdataset,
sigrdataset, dbuf,
DNS_SECTION_ANSWER);
+ noqname = NULL;
dns_rdataset_disassociate(rdataset);
dns_message_puttemprdataset(client->message, &rdataset);
if (result == ISC_R_NOMORE) {
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/configure
--- a/external/bsd/bind/dist/configure Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/configure Thu Apr 13 19:11:19 2017 +0000
@@ -1,5 +1,5 @@
#! /bin/sh
-# Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1996-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Thu Apr 13 19:11:19 2017 +0000
@@ -2326,6 +2326,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Thu Apr 13 19:11:19 2017 +0000
@@ -12845,6 +12845,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Thu Apr 13 19:11:19 2017 +0000
@@ -248,6 +248,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Thu Apr 13 19:11:19 2017 +0000
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Thu Apr 13 19:11:19 2017 +0000
@@ -44,10 +44,11 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P8</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
@@ -60,7 +61,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P6</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P8</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,6 +69,11 @@
This document summarizes changes since BIND 9.10.4:
</p>
<p>
+ BIND 9.10.4-P7 addresses the security issue described in
+ CVE-2017-3136, and updates the built in trusted keys for
+ the root zone.
+ </p>
+<p>
BIND 9.10.4-P6 addresses the security issue described in
CVE-2017-3135, and fixes a regression introduced in a prior
security release.
@@ -109,9 +115,52 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
+<p>
+ ICANN is in the process of introducing a new Key Signing Key (KSK) for
+ the global root zone. BIND has multiple methods for managing DNSSEC
+ trust anchors, with somewhat different behaviors. If the root
+ key is configured using the <span class="command"><strong>managed-keys</strong></span>
+ statement, or if the pre-configured root key is enabled by using
+ <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep
+ keys up to date automatically. Servers configured in this way
+ will roll seamlessly to the new key when it is published in
+ the root zone. However, keys configured using the
+ <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
+ maintained. If your server is performing DNSSEC validation
+ and is configured using <span class="command"><strong>trusted-keys</strong></span>, you are
+ advised to change your configuration before the root zone begins
+ signing with the new KSK. This is currently scheduled for
+ October 11, 2017.
+ </p>
+<p>
+ This release includes an updated version of the
+ <code class="filename">bind.keys</code> file containing the new root
+ key. This file can also be downloaded from
+ <a class="link" href="https://www.isc.org/bind-keys"; target="_top">
+ https://www.isc.org/bind-keys
+ </a>.
+ </p>
+</div>
+<div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ 'rndc ""' could trigger a assertion failure in named. This flaw
+ is disclosed in (CVE-2017-3138). [RT #44924]
+ </p></li>
+<li class="listitem"><p>
+ Some chaining (i.e., type CNAME or DNAME) responses to upstream
+ queries could trigger assertion failures. This flaw is disclosed
+ in CVE-2017-3137. [RT #44734]
+ </p></li>
+<li class="listitem"><p>
+ <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
+ can result in an assertion failure. This flaw is disclosed in
+ CVE-2017-3136. [RT #44653]
+ </p></li>
+<li class="listitem"><p>
If a server is configured with a response policy zone (RPZ)
that rewrites an answer with local data, and is also configured
for DNS64 address mapping, a NULL pointer can be read
@@ -245,6 +294,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.html Thu Apr 13 19:11:19 2017 +0000
@@ -40,7 +40,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.4-P6</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.4-P8</p></div>
<div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -239,10 +239,11 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P8</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
@@ -385,6 +386,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/Bv9ARM.pdf
Binary file external/bsd/bind/dist/doc/arm/Bv9ARM.pdf has changed
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/man.arpaname.html
--- a/external/bsd/bind/dist/doc/arm/man.arpaname.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/man.arpaname.html Thu Apr 13 19:11:19 2017 +0000
@@ -81,6 +81,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/man.ddns-confgen.html
--- a/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Thu Apr 13 19:11:19 2017 +0000
@@ -185,6 +185,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/man.delv.html
--- a/external/bsd/bind/dist/doc/arm/man.delv.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/man.delv.html Thu Apr 13 19:11:19 2017 +0000
@@ -498,6 +498,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/man.dig.html
--- a/external/bsd/bind/dist/doc/arm/man.dig.html Thu Apr 13 18:55:07 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/man.dig.html Thu Apr 13 19:11:19 2017 +0000
@@ -809,6 +809,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P8</p>
</body>
</html>
diff -r a4797843431e -r 758c6fc98504 external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html
Home |
Main Index |
Thread Index |
Old Index