Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist Merge 9.10.4-P6
details: https://anonhg.NetBSD.org/src/rev/d061765dc4fc
branches: trunk
changeset: 821541:d061765dc4fc
user: christos <christos%NetBSD.org@localhost>
date: Thu Feb 09 00:23:26 2017 +0000
description:
Merge 9.10.4-P6
4558. [bug] Synthesised CNAME before matching DNAME was still
being cached when it should have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
diffstat:
external/bsd/bind/dist/CHANGES | 8 +
external/bsd/bind/dist/README | 6 +
external/bsd/bind/dist/bin/named/query.c | 63 ++--
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 69 +++-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 6 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 2 +-
external/bsd/bind/dist/doc/arm/man.host.html | 2 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 2 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/message.c | 8 +-
external/bsd/bind/dist/lib/dns/rdataset.c | 3 +-
external/bsd/bind/dist/lib/dns/resolver.c | 152 ++++++++---
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
43 files changed, 239 insertions(+), 144 deletions(-)
diffs (truncated from 1063 to 300 lines):
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Thu Feb 09 00:23:26 2017 +0000
@@ -1,3 +1,11 @@
+ --- 9.10.4-P6 released ---
+
+4558. [bug] Synthesised CNAME before matching DNAME was still
+ being cached when it should have been. [RT #44318]
+
+4557. [security] Combining dns64 and rpz can result in dereferencing
+ a NULL pointer (read). (CVE-2017-3135) [RT#44434]
+
--- 9.10.4-P5 released ---
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/README Thu Feb 09 00:23:26 2017 +0000
@@ -51,6 +51,12 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P6
+
+ This version contains a fix for CVE-2017-3135, and a bug fix
+ for a regression in CNAME/DNAME caching that was introduced
+ in an earlier security release.
+
BIND 9.10.4-P5
This version contains fixes for CVE-2016-9131, CVE-2016-9147,
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c Thu Feb 09 00:23:26 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.22 2016/05/26 16:49:56 christos Exp $ */
+/* $NetBSD: query.c,v 1.23 2017/02/09 00:23:26 christos Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -6245,7 +6245,7 @@
dns_rpz_st_t *rpz_st;
isc_boolean_t resuming;
int line = -1;
- isc_boolean_t dns64_exclude, dns64;
+ isc_boolean_t dns64_exclude, dns64, rpz;
isc_boolean_t nxrewrite = ISC_FALSE;
isc_boolean_t redirected = ISC_FALSE;
dns_clientinfomethods_t cm;
@@ -6258,6 +6258,7 @@
char mbuf[BUFSIZ];
char qbuf[DNS_NAME_FORMATSIZE];
#endif
+ dns_name_t *rpzqname;
CTRACE(ISC_LOG_DEBUG(3), "query_find");
@@ -6283,7 +6284,7 @@
zone = NULL;
need_wildcardproof = ISC_FALSE;
empty_wild = ISC_FALSE;
- dns64_exclude = dns64 = ISC_FALSE;
+ dns64_exclude = dns64 = rpz = ISC_FALSE;
options = 0;
resuming = ISC_FALSE;
is_zone = ISC_FALSE;
@@ -6473,6 +6474,7 @@
authoritative = ISC_FALSE;
version = NULL;
need_wildcardproof = ISC_FALSE;
+ rpz = ISC_FALSE;
if (client->view->checknames &&
!dns_rdata_checkowner(client->query.qname,
@@ -6614,11 +6616,29 @@
}
/*
- * Now look for an answer in the database.
- */
- result = dns_db_findext(db, client->query.qname, version, type,
+ * Now look for an answer in the database. If this is a dns64
+ * AAAA lookup on a rpz database adjust the qname.
+ */
+ if (dns64 && rpz)
+ rpzqname = client->query.rpz_st->p_name;
+ else
+ rpzqname = client->query.qname;
+
+ result = dns_db_findext(db, rpzqname, version, type,
client->query.dboptions, client->now,
&node, fname, &cm, &ci, rdataset, sigrdataset);
+ /*
+ * Fixup fname and sigrdataset.
+ */
+ if (dns64 && rpz) {
+ isc_result_t rresult;
+
+ rresult = dns_name_copy(client->query.qname, fname, NULL);
+ RUNTIME_CHECK(rresult == ISC_R_SUCCESS);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ }
if (!is_zone)
dns_cache_updatestats(client->view->cache, result);
@@ -6848,10 +6868,12 @@
case DNS_RPZ_POLICY_NXDOMAIN:
result = DNS_R_NXDOMAIN;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_NODATA:
result = DNS_R_NXRRSET;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_RECORD:
result = rpz_st->m.result;
@@ -6871,6 +6893,7 @@
rdataset->ttl = ISC_MIN(rdataset->ttl,
rpz_st->m.ttl);
}
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_WILDCNAME:
result = dns_rdataset_first(rdataset);
@@ -6913,7 +6936,6 @@
NS_CLIENTATTR_WANTAD);
client->message->flags &= ~DNS_MESSAGEFLAG_AD;
query_putrdataset(client, &sigrdataset);
- rpz_st->q.is_zone = is_zone;
is_zone = ISC_TRUE;
rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
rpz_st->m.type, zone, rpz_st->p_name);
@@ -7297,15 +7319,6 @@
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -7620,15 +7633,6 @@
sigrdataset = NULL;
fname = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -8162,15 +8166,6 @@
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64_exclude = dns64 = ISC_TRUE;
goto db_find;
}
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Thu Feb 09 00:23:26 2017 +0000
@@ -2326,6 +2326,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Thu Feb 09 00:23:26 2017 +0000
@@ -12845,6 +12845,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Thu Feb 09 00:23:26 2017 +0000
@@ -248,6 +248,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Thu Feb 09 00:23:26 2017 +0000
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
diff -r a4ed00e51a63 -r d061765dc4fc external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Thu Feb 09 00:18:48 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Thu Feb 09 00:23:26 2017 +0000
@@ -44,7 +44,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P6</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,8 +68,13 @@
This document summarizes changes since BIND 9.10.4:
</p>
<p>
+ BIND 9.10.4-P6 addresses the security issue described in
+ CVE-2017-3135, and fixes a regression introduced in a prior
+ security release.
+ </p>
+<p>
BIND 9.10.4-P5 addresses the security issues described in
- CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
+ CVE-2016-9131, CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778.
</p>
<p>
BIND 9.10.4-P4 addresses the security issue described in
@@ -107,24 +112,33 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
- Named could mishandle authority sections that were missing
- RRSIGs triggering an assertion failure. This flaw is
- disclosed in CVE-2016-9444. [RT # 43632]
+ If a server is configured with a response policy zone (RPZ)
+ that rewrites an answer with local data, and is also configured
+ for DNS64 address mapping, a NULL pointer can be read
+ triggering a server crash. This flaw is disclosed in
+ CVE-2017-3135. [RT #44434]
</p></li>
<li class="listitem"><p>
- Named mishandled some responses where covering RRSIG
- records are returned without the requested data
- resulting in a assertion failure. This flaw is disclosed in
- CVE-2016-9147. [RT #43548]
+ <span class="command"><strong>named</strong></span> could mishandle authority sections
+ with missing RRSIGs, triggering an assertion failure. This
+ flaw is disclosed in CVE-2016-9444. [RT #43632]
</p></li>
<li class="listitem"><p>
- Named incorrectly tried to cache TKEY records which could
- trigger a assertion failure when there was a class mismatch.
- This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ <span class="command"><strong>named</strong></span> mishandled some responses where
+ covering RRSIG records were returned without the requested
+ data, resulting in an assertion failure. This flaw is
+ disclosed in CVE-2016-9147. [RT #43548]
+ </p></li>
+<li class="listitem"><p>
+ <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
+ records which could trigger an assertion failure when there was
+ a class mismatch. This flaw is disclosed in CVE-2016-9131.
+ [RT #43522]
Home |
Main Index |
Thread Index |
Old Index