Module Name: src Committed By: martin Date: Mon Jan 16 11:56:45 UTC 2017
Modified Files: src/doc [netbsd-7-0]: 3RDPARTY src/external/bsd/bind [netbsd-7-0]: Makefile.inc src/external/bsd/bind/dist [netbsd-7-0]: CHANGES README srcid version src/external/bsd/bind/dist/bin/tests/system/dname [netbsd-7-0]: tests.sh src/external/bsd/bind/dist/bin/tests/system/dname/ns2 [netbsd-7-0]: example.db src/external/bsd/bind/dist/doc/arm [netbsd-7-0]: Bv9ARM.ch01.html Bv9ARM.ch02.html Bv9ARM.ch03.html Bv9ARM.ch04.html Bv9ARM.ch05.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.ch10.html Bv9ARM.ch11.html Bv9ARM.ch12.html Bv9ARM.ch13.html Bv9ARM.html man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.lwresd.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.conf.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html notes.html notes.pdf notes.xml src/external/bsd/bind/dist/lib/dns [netbsd-7-0]: api message.c resolver.c src/external/bsd/bind/dist/lib/isc [netbsd-7-0]: api src/external/bsd/bind/dist/lib/isc/unix [netbsd-7-0]: socket.c src/external/bsd/bind/dist/lib/isc/win32 [netbsd-7-0]: socket.c Removed Files: src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat [netbsd-7-0]: zkt-ls zkt-signer src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical [netbsd-7-0]: zkt-ls zkt-signer Log Message: Pull up following revision(s) (requested by snj in ticket #1348): doc/3RDPARTY: 1.1397 via patch external/bsd/bind/Makefile.inc: up to 1.24 via patch external/bsd/bind/dist/CHANGES: up to 1.24 external/bsd/bind/dist/README: up to 1.12 external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db: up to 1.1.1.3 external/bsd/bind/dist/bin/tests/system/dname/tests.sh: up to 1.1.1.4 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls delete external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer delete external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls delete external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer delete external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html: up to 1.1.1.22 external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html: up to 1.1.1.19 external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html: up to 1.1.1.24 external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html: up to 1.12 external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html: up to 1.1.1.25 external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html: up to 1.12 external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html: up to 1.12 external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html: up to 1.12 external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html: up to 1.12 external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html: up to 1.1.1.21 external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html: up to 1.1.1.10 external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html: up to 1.1.1.10 external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html: up to 1.1.1.10 external/bsd/bind/dist/doc/arm/Bv9ARM.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.arpaname.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.ddns-confgen.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.delv.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dig.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-settime.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.dnssec-verify.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.genrandom.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.host.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.lwresd.html: up to 1.1.1.4 external/bsd/bind/dist/doc/arm/man.named-checkconf.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.named-checkzone.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.named-journalprint.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.named-rrchecker.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.named.conf.html: up to 1.1.1.4 external/bsd/bind/dist/doc/arm/man.named.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.nsec3hash.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.nsupdate.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.rndc-confgen.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.rndc.conf.html: up to 1.12 external/bsd/bind/dist/doc/arm/man.rndc.html: up to 1.12 external/bsd/bind/dist/doc/arm/notes.html: up to 1.1.1.10 external/bsd/bind/dist/doc/arm/notes.pdf: up to 1.1.1.10 external/bsd/bind/dist/doc/arm/notes.xml: up to 1.1.1.10 external/bsd/bind/dist/lib/dns/api: up to 1.12 external/bsd/bind/dist/lib/dns/message.c: up to 1.21 external/bsd/bind/dist/lib/dns/resolver.c: up to 1.28 external/bsd/bind/dist/lib/isc/api: up to 1.1.1.21 external/bsd/bind/dist/lib/isc/unix/socket.c: up to 1.20 external/bsd/bind/dist/lib/isc/win32/socket.c: up to 1.12 external/bsd/bind/dist/srcid: up to 1.18 external/bsd/bind/dist/version: up to 1.22 external/bsd/bind/include/isc/platform.h: up to 1.22 via patch Update BIND to 9.10.4-P5, fixing CVE-2016-9131, CVE-2016-9147, and CVE-2016-9444. To generate a diff of this commit: cvs rdiff -u -r1.1145.2.18.2.11 -r1.1145.2.18.2.12 src/doc/3RDPARTY cvs rdiff -u -r1.21.2.1.2.2 -r1.21.2.1.2.3 src/external/bsd/bind/Makefile.inc cvs rdiff -u -r1.12.2.5.2.3 -r1.12.2.5.2.4 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.1.1.14.2.5.2.3 -r1.1.1.14.2.5.2.4 \ src/external/bsd/bind/dist/README cvs rdiff -u -r1.6.2.5.2.3 -r1.6.2.5.2.4 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.10.2.5.2.3 -r1.10.2.5.2.4 src/external/bsd/bind/dist/version cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 \ src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh cvs rdiff -u -r1.1.1.2 -r1.1.1.2.14.1 \ src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer cvs rdiff -u -r1.1.1.11.2.4.2.3 -r1.1.1.11.2.4.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html cvs rdiff -u -r1.1.1.8.2.4.2.3 -r1.1.1.8.2.4.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html cvs rdiff -u -r1.1.1.13.2.4.2.3 -r1.1.1.13.2.4.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html cvs rdiff -u -r1.1.1.15.2.5.2.3 -r1.1.1.15.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.1.1.14.2.4.2.3 -r1.1.1.14.2.4.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html cvs rdiff -u -r1.1.1.10.2.4.2.3 -r1.1.1.10.2.4.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html cvs rdiff -u -r1.1.1.1.2.4.2.3 -r1.1.1.1.2.4.2.4 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html \ src/external/bsd/bind/dist/doc/arm/notes.html \ src/external/bsd/bind/dist/doc/arm/notes.pdf \ src/external/bsd/bind/dist/doc/arm/notes.xml cvs rdiff -u -r1.1.1.12.2.5.2.3 -r1.1.1.12.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html cvs rdiff -u -r1.1.1.13.2.5.2.3 -r1.1.1.13.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html cvs rdiff -u -r1.1.1.1.4.5.2.3 -r1.1.1.1.4.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.delv.html cvs rdiff -u -r1.1.1.3.2.5.2.3 -r1.1.1.3.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html cvs rdiff -u -r1.1.1.2.2.5.2.3 -r1.1.1.2.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html cvs rdiff -u -r1.1.1.5.2.5.2.3 -r1.1.1.5.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html cvs rdiff -u -r1.1.1.11.2.5.2.3 -r1.1.1.11.2.5.2.4 \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html cvs rdiff -u -r1.1.1.2.2.3 -r1.1.1.2.2.4 \ src/external/bsd/bind/dist/doc/arm/man.lwresd.html \ src/external/bsd/bind/dist/doc/arm/man.named.conf.html cvs rdiff -u -r1.1.1.16.2.5.2.3 -r1.1.1.16.2.5.2.4 \ src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.13.2.2.2.2 -r1.13.2.2.2.3 \ src/external/bsd/bind/dist/lib/dns/message.c cvs rdiff -u -r1.19.2.3.2.3 -r1.19.2.3.2.4 \ src/external/bsd/bind/dist/lib/dns/resolver.c cvs rdiff -u -r1.1.1.15.2.2.2.2 -r1.1.1.15.2.2.2.3 \ src/external/bsd/bind/dist/lib/isc/api cvs rdiff -u -r1.15.2.2.2.2 -r1.15.2.2.2.3 \ src/external/bsd/bind/dist/lib/isc/unix/socket.c cvs rdiff -u -r1.8.2.2.2.1 -r1.8.2.2.2.2 \ src/external/bsd/bind/dist/lib/isc/win32/socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1145.2.18.2.11 src/doc/3RDPARTY:1.1145.2.18.2.12 --- src/doc/3RDPARTY:1.1145.2.18.2.11 Wed Dec 14 08:21:38 2016 +++ src/doc/3RDPARTY Mon Jan 16 11:56:45 2017 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.11 2016/12/14 08:21:38 snj Exp $ +# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.12 2017/01/16 11:56:45 martin Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -113,8 +113,8 @@ Notes: bc includes dc, both of which are in the NetBSD tree. Package: bind [named and utils] -Version: 9.10.4-P4 -Current Vers: 9.10.4-P4 +Version: 9.10.4-P5 +Current Vers: 9.10.4-P5 Maintainer: Paul Vixie <vi...@vix.com> Archive Site: ftp://ftp.isc.org/isc/bind9/ Home Page: http://www.isc.org/software/bind/ Index: src/external/bsd/bind/Makefile.inc diff -u src/external/bsd/bind/Makefile.inc:1.21.2.1.2.2 src/external/bsd/bind/Makefile.inc:1.21.2.1.2.3 --- src/external/bsd/bind/Makefile.inc:1.21.2.1.2.2 Sat Nov 5 17:47:30 2016 +++ src/external/bsd/bind/Makefile.inc Mon Jan 16 11:56:42 2017 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.inc,v 1.21.2.1.2.2 2016/11/05 17:47:30 martin Exp $ +# $NetBSD: Makefile.inc,v 1.21.2.1.2.3 2017/01/16 11:56:42 martin Exp $ .if !defined(BIND9_MAKEFILE_INC) BIND9_MAKEFILE_INC=yes Index: src/external/bsd/bind/dist/CHANGES diff -u src/external/bsd/bind/dist/CHANGES:1.12.2.5.2.3 src/external/bsd/bind/dist/CHANGES:1.12.2.5.2.4 --- src/external/bsd/bind/dist/CHANGES:1.12.2.5.2.3 Sat Nov 5 17:47:30 2016 +++ src/external/bsd/bind/dist/CHANGES Mon Jan 16 11:56:42 2017 @@ -1,3 +1,27 @@ + --- 9.10.4-P5 released --- + +4530. [bug] Change 4489 broke the handling of CNAME -> DNAME + in responses resulting in SERVFAIL being returned. + [RT #43779] + +4528. [bug] Only set the flag bits for the i/o we are waiting + for on EPOLLERR or EPOLLHUP. [RT #43617] + +4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534] + +4517. [security] Named could mishandle authority sections that were + missing RRSIGs triggering an assertion failure. + (CVE-2016-9444) [RT # 43632] + +4510. [security] Named mishandled some responses where covering RRSIG + records are returned without the requested data + resulting in a assertion failure. (CVE-2016-9147) + [RT #43548] + +4508. [security] Named incorrectly tried to cache TKEY records which + could trigger a assertion failure when there was + a class mismatch. (CVE-2016-9131) [RT #43522] + --- 9.10.4-P4 released --- 4489. [security] It was possible to trigger assertions when processing Index: src/external/bsd/bind/dist/README diff -u src/external/bsd/bind/dist/README:1.1.1.14.2.5.2.3 src/external/bsd/bind/dist/README:1.1.1.14.2.5.2.4 --- src/external/bsd/bind/dist/README:1.1.1.14.2.5.2.3 Sat Nov 5 17:47:30 2016 +++ src/external/bsd/bind/dist/README Mon Jan 16 11:56:42 2017 @@ -51,6 +51,11 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.10.4-P5 + + This version contains fixes for CVE-2016-9131, CVE-2016-9147, + CVE-2016-9444 and CVE-2016-9778. + BIND 9.10.4-P4 This version contains a fix for CVE-2016-8864. Index: src/external/bsd/bind/dist/srcid diff -u src/external/bsd/bind/dist/srcid:1.6.2.5.2.3 src/external/bsd/bind/dist/srcid:1.6.2.5.2.4 --- src/external/bsd/bind/dist/srcid:1.6.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/srcid Mon Jan 16 11:56:42 2017 @@ -1 +1 @@ -SRCID=853aa4b +SRCID=2b12043 Index: src/external/bsd/bind/dist/version diff -u src/external/bsd/bind/dist/version:1.10.2.5.2.3 src/external/bsd/bind/dist/version:1.10.2.5.2.4 --- src/external/bsd/bind/dist/version:1.10.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/version Mon Jan 16 11:56:43 2017 @@ -7,5 +7,5 @@ MAJORVER=9 MINORVER=10 PATCHVER=4 RELEASETYPE=-P -RELEASEVER=4 +RELEASEVER=5 EXTENSIONS= Index: src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh diff -u src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh:1.1.1.3 src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh:1.1.1.3.12.1 --- src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh:1.1.1.3 Tue Dec 4 19:22:35 2012 +++ src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh Mon Jan 16 11:56:43 2017 @@ -63,6 +63,24 @@ grep "status: YXDOMAIN" dig.out.ns4.tool if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking cname to dname from authoritative" +ret=0 +$DIG cname.example @10.53.0.2 a -p 5300 > dig.out.ns2.cname +grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking cname to dname from recursive" +ret=0 +$DIG cname.example @10.53.0.4 a -p 5300 > dig.out.ns4.cname +grep "status: NOERROR" dig.out.ns4.cname > /dev/null || ret=1 +grep '^cname.example.' dig.out.ns4.cname > /dev/null || ret=1 +grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1 +grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1 +grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status Index: src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db diff -u src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db:1.1.1.2 src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db:1.1.1.2.14.1 --- src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db:1.1.1.2 Mon Jun 4 17:54:22 2012 +++ src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db Mon Jan 16 11:56:43 2017 @@ -29,4 +29,6 @@ a.short A 10.0.0.1 short-dname DNAME short a.longlonglonglonglonglonglonglonglonglonglonglonglong A 10.0.0.2 long-dname DNAME longlonglonglonglonglonglonglonglonglonglonglonglong -; +cname CNAME a.cnamedname +cnamedname DNAME target +a.target A 10.0.0.3 Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html:1.1.1.11.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html:1.1.1.11.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html:1.1.1.11.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html Mon Jan 16 11:56:43 2017 @@ -555,6 +555,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html:1.1.1.8.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html:1.1.1.8.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html:1.1.1.8.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html Mon Jan 16 11:56:43 2017 @@ -153,6 +153,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html:1.1.1.13.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html:1.1.1.13.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html:1.1.1.13.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html Mon Jan 16 11:56:43 2017 @@ -669,6 +669,6 @@ controls { </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Mon Jan 16 11:56:43 2017 @@ -2326,6 +2326,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Mon Jan 16 11:56:43 2017 @@ -12845,6 +12845,6 @@ HOST-127.EXAMPLE. MX 0 . </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Mon Jan 16 11:56:43 2017 @@ -248,6 +248,6 @@ zone "example.com" { </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Mon Jan 16 11:56:43 2017 @@ -134,6 +134,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Mon Jan 16 11:56:43 2017 @@ -44,7 +44,7 @@ <div class="toc"> <p><b>Table of Contents</b></p> <dl class="toc"> -<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt> <dd><dl> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> @@ -60,7 +60,7 @@ </div> <div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P4</h2></div></div></div> +<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div> <div class="section"> <div class="titlepage"><div><div><h3 class="title"> <a name="relnotes_intro"></a>Introduction</h3></div></div></div> @@ -68,6 +68,10 @@ This document summarizes changes since BIND 9.10.4: </p> <p> + BIND 9.10.4-P5 addresses the security issues described in + CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. + </p> +<p> BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864. </p> @@ -103,6 +107,22 @@ <a name="relnotes_security"></a>Security Fixes</h3></div></div></div> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <li class="listitem"><p> + Named could mishandle authority sections that were missing + RRSIGs triggering an assertion failure. This flaw is + disclosed in CVE-2016-9444. [RT # 43632] + </p></li> +<li class="listitem"><p> + Named mishandled some responses where covering RRSIG + records are returned without the requested data + resulting in a assertion failure. This flaw is disclosed in + CVE-2016-9147. [RT #43548] + </p></li> +<li class="listitem"><p> + Named incorrectly tried to cache TKEY records which could + trigger a assertion failure when there was a class mismatch. + This flaw is disclosed in CVE-2016-9131. [RT #43522] + </p></li> +<li class="listitem"><p> It was possible to trigger assertions when processing a response. This flaw is disclosed in CVE-2016-8864. [RT #43465] </p></li> @@ -198,6 +218,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html Mon Jan 16 11:56:44 2017 @@ -40,7 +40,7 @@ <div> <div><h1 class="title"> <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div> -<div><p class="releaseinfo">BIND Version 9.10.4-P4</p></div> +<div><p class="releaseinfo">BIND Version 9.10.4-P5</p></div> <div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div> <div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div> </div> @@ -239,7 +239,7 @@ </dl></dd> <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt> <dd><dl> -<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt> <dd><dl> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> @@ -385,6 +385,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dig.html diff -u src/external/bsd/bind/dist/doc/arm/man.dig.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dig.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dig.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dig.html Mon Jan 16 11:56:44 2017 @@ -809,6 +809,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html Mon Jan 16 11:56:44 2017 @@ -213,6 +213,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html Mon Jan 16 11:56:44 2017 @@ -381,6 +381,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html Mon Jan 16 11:56:44 2017 @@ -455,6 +455,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html Mon Jan 16 11:56:44 2017 @@ -564,6 +564,6 @@ db.example.com.signed </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.host.html diff -u src/external/bsd/bind/dist/doc/arm/man.host.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.host.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.host.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.host.html Mon Jan 16 11:56:44 2017 @@ -247,6 +247,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html Mon Jan 16 11:56:44 2017 @@ -151,6 +151,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html Mon Jan 16 11:56:44 2017 @@ -338,6 +338,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named.html diff -u src/external/bsd/bind/dist/doc/arm/man.named.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.named.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named.html Mon Jan 16 11:56:44 2017 @@ -369,6 +369,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.nsupdate.html diff -u src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html Mon Jan 16 11:56:44 2017 @@ -663,6 +663,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html Mon Jan 16 11:56:44 2017 @@ -223,6 +223,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html Mon Jan 16 11:56:44 2017 @@ -246,6 +246,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.1.1.15.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.rndc.html Mon Jan 16 11:56:44 2017 @@ -621,6 +621,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html:1.1.1.14.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html:1.1.1.14.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html:1.1.1.14.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html Mon Jan 16 11:56:43 2017 @@ -138,6 +138,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html:1.1.1.10.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html:1.1.1.10.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html:1.1.1.10.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html Mon Jan 16 11:56:43 2017 @@ -155,6 +155,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html:1.1.1.1.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html Mon Jan 16 11:56:43 2017 @@ -497,6 +497,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html:1.1.1.1.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html Mon Jan 16 11:56:44 2017 @@ -543,6 +543,6 @@ $ <strong class="userinput"><code>sample </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html:1.1.1.1.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:31 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html Mon Jan 16 11:56:44 2017 @@ -154,6 +154,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/notes.html diff -u src/external/bsd/bind/dist/doc/arm/notes.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/notes.html:1.1.1.1.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/notes.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/notes.html Mon Jan 16 11:56:44 2017 @@ -21,7 +21,7 @@ </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id-1.2"></a>Release Notes for BIND Version 9.10.4-P4</h2></div></div></div> +<a name="id-1.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div> <div class="section"> <div class="titlepage"><div><div><h3 class="title"> <a name="relnotes_intro"></a>Introduction</h3></div></div></div> @@ -29,6 +29,10 @@ This document summarizes changes since BIND 9.10.4: </p> <p> + BIND 9.10.4-P5 addresses the security issues described in + CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. + </p> +<p> BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864. </p> @@ -64,6 +68,22 @@ <a name="relnotes_security"></a>Security Fixes</h3></div></div></div> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <li class="listitem"><p> + Named could mishandle authority sections that were missing + RRSIGs triggering an assertion failure. This flaw is + disclosed in CVE-2016-9444. [RT # 43632] + </p></li> +<li class="listitem"><p> + Named mishandled some responses where covering RRSIG + records are returned without the requested data + resulting in a assertion failure. This flaw is disclosed in + CVE-2016-9147. [RT #43548] + </p></li> +<li class="listitem"><p> + Named incorrectly tried to cache TKEY records which could + trigger a assertion failure when there was a class mismatch. + This flaw is disclosed in CVE-2016-9131. [RT #43522] + </p></li> +<li class="listitem"><p> It was possible to trigger assertions when processing a response. This flaw is disclosed in CVE-2016-8864. [RT #43465] </p></li> Index: src/external/bsd/bind/dist/doc/arm/notes.pdf Binary files are different Index: src/external/bsd/bind/dist/doc/arm/notes.xml diff -u src/external/bsd/bind/dist/doc/arm/notes.xml:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/notes.xml:1.1.1.1.2.4.2.4 --- src/external/bsd/bind/dist/doc/arm/notes.xml:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/notes.xml Mon Jan 16 11:56:44 2017 @@ -24,6 +24,10 @@ This document summarizes changes since BIND 9.10.4: </para> <para> + BIND 9.10.4-P5 addresses the security issues described in + CVE-2016-9131, CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778. + </para> + <para> BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864. </para> @@ -59,6 +63,37 @@ <itemizedlist> <listitem> <para> + A coding error in the <option>nxdomain-redirect</option> + feature could lead to an assertion failure if the redirection + namespace was served from a local authoritative data source + such as a local zone or a DLZ instead of via recursive + lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837] + </para> + </listitem> + <listitem> + <para> + Named could mishandle authority sections that were missing + RRSIGs triggering an assertion failure. This flaw is + disclosed in CVE-2016-9444. [RT # 43632] + </para> + </listitem> + <listitem> + <para> + Named mishandled some responses where covering RRSIG + records are returned without the requested data + resulting in a assertion failure. This flaw is disclosed in + CVE-2016-9147. [RT #43548] + </para> + </listitem> + <listitem> + <para> + Named incorrectly tried to cache TKEY records which could + trigger a assertion failure when there was a class mismatch. + This flaw is disclosed in CVE-2016-9131. [RT #43522] + </para> + </listitem> + <listitem> + <para> It was possible to trigger assertions when processing a response. This flaw is disclosed in CVE-2016-8864. [RT #43465] </para> Index: src/external/bsd/bind/dist/doc/arm/man.arpaname.html diff -u src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.1.1.12.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.arpaname.html Mon Jan 16 11:56:44 2017 @@ -81,6 +81,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.genrandom.html diff -u src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.1.1.12.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.genrandom.html Mon Jan 16 11:56:44 2017 @@ -102,6 +102,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.1.1.12.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html Mon Jan 16 11:56:44 2017 @@ -102,6 +102,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html diff -u src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.1.1.12.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html Mon Jan 16 11:56:44 2017 @@ -103,6 +103,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html diff -u src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.1.1.13.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.1.1.13.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.1.1.13.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Mon Jan 16 11:56:44 2017 @@ -185,6 +185,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.1.1.13.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.1.1.13.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.1.1.13.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html Mon Jan 16 11:56:44 2017 @@ -134,6 +134,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.1.1.13.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.1.1.13.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.1.1.13.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html Mon Jan 16 11:56:44 2017 @@ -264,6 +264,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.delv.html diff -u src/external/bsd/bind/dist/doc/arm/man.delv.html:1.1.1.1.4.5.2.3 src/external/bsd/bind/dist/doc/arm/man.delv.html:1.1.1.1.4.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.delv.html:1.1.1.1.4.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.delv.html Mon Jan 16 11:56:44 2017 @@ -498,6 +498,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.1.1.3.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.1.1.3.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.1.1.3.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html Mon Jan 16 11:56:44 2017 @@ -112,6 +112,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.1.1.3.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.1.1.3.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.1.1.3.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html Mon Jan 16 11:56:44 2017 @@ -219,6 +219,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.1.1.2.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.1.1.2.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.1.1.2.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html Mon Jan 16 11:56:44 2017 @@ -177,6 +177,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.1.1.2.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.1.1.2.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.1.1.2.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html Mon Jan 16 11:56:44 2017 @@ -104,6 +104,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.1.1.5.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.1.1.5.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.1.1.5.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html Mon Jan 16 11:56:44 2017 @@ -164,6 +164,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html diff -u src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.1.1.11.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.1.1.11.2.5.2.4 --- src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.1.1.11.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html Mon Jan 16 11:56:44 2017 @@ -112,6 +112,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.lwresd.html diff -u src/external/bsd/bind/dist/doc/arm/man.lwresd.html:1.1.1.2.2.3 src/external/bsd/bind/dist/doc/arm/man.lwresd.html:1.1.1.2.2.4 --- src/external/bsd/bind/dist/doc/arm/man.lwresd.html:1.1.1.2.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.lwresd.html Mon Jan 16 11:56:44 2017 @@ -253,6 +253,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named.conf.html diff -u src/external/bsd/bind/dist/doc/arm/man.named.conf.html:1.1.1.2.2.3 src/external/bsd/bind/dist/doc/arm/man.named.conf.html:1.1.1.2.2.4 --- src/external/bsd/bind/dist/doc/arm/man.named.conf.html:1.1.1.2.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named.conf.html Mon Jan 16 11:56:44 2017 @@ -676,6 +676,6 @@ zone <em class="replaceable"><code>strin </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P4</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> </body> </html> Index: src/external/bsd/bind/dist/lib/dns/api diff -u src/external/bsd/bind/dist/lib/dns/api:1.1.1.16.2.5.2.3 src/external/bsd/bind/dist/lib/dns/api:1.1.1.16.2.5.2.4 --- src/external/bsd/bind/dist/lib/dns/api:1.1.1.16.2.5.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/lib/dns/api Mon Jan 16 11:56:44 2017 @@ -6,5 +6,5 @@ # 9.9-sub: 130-139, 150-159 # 9.10: 140-149, 160-169 LIBINTERFACE = 165 -LIBREVISION = 3 +LIBREVISION = 4 LIBAGE = 0 Index: src/external/bsd/bind/dist/lib/dns/message.c diff -u src/external/bsd/bind/dist/lib/dns/message.c:1.13.2.2.2.2 src/external/bsd/bind/dist/lib/dns/message.c:1.13.2.2.2.3 --- src/external/bsd/bind/dist/lib/dns/message.c:1.13.2.2.2.2 Fri Oct 14 11:42:46 2016 +++ src/external/bsd/bind/dist/lib/dns/message.c Mon Jan 16 11:56:44 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: message.c,v 1.13.2.2.2.2 2016/10/14 11:42:46 martin Exp $ */ +/* $NetBSD: message.c,v 1.13.2.2.2.3 2017/01/16 11:56:44 martin Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -1158,6 +1158,63 @@ update(dns_section_t section, dns_rdatac return (ISC_FALSE); } +/* + * Check to confirm that all DNSSEC records (DS, NSEC, NSEC3) have + * covering RRSIGs. + */ +static isc_boolean_t +auth_signed(dns_namelist_t *section) { + dns_name_t *name; + + for (name = ISC_LIST_HEAD(*section); + name != NULL; + name = ISC_LIST_NEXT(name, link)) + { + int auth_dnssec = 0, auth_rrsig = 0; + dns_rdataset_t *rds; + + for (rds = ISC_LIST_HEAD(name->list); + rds != NULL; + rds = ISC_LIST_NEXT(rds, link)) + { + switch (rds->type) { + case dns_rdatatype_ds: + auth_dnssec |= 0x1; + break; + case dns_rdatatype_nsec: + auth_dnssec |= 0x2; + break; + case dns_rdatatype_nsec3: + auth_dnssec |= 0x4; + break; + case dns_rdatatype_rrsig: + break; + default: + continue; + } + + switch (rds->covers) { + case dns_rdatatype_ds: + auth_rrsig |= 0x1; + break; + case dns_rdatatype_nsec: + auth_rrsig |= 0x2; + break; + case dns_rdatatype_nsec3: + auth_rrsig |= 0x4; + break; + default: + break; + } + } + + if (auth_dnssec != auth_rrsig) + return (ISC_FALSE); + } + + return (ISC_TRUE); +} + static isc_result_t getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, dns_section_t sectionid, unsigned int options) @@ -1183,12 +1240,12 @@ getsection(isc_buffer_t *source, dns_mes best_effort = ISC_TF(options & DNS_MESSAGEPARSE_BESTEFFORT); seen_problem = ISC_FALSE; + section = &msg->sections[sectionid]; + for (count = 0; count < msg->counts[sectionid]; count++) { int recstart = source->current; isc_boolean_t skip_name_search, skip_type_search; - section = &msg->sections[sectionid]; - skip_name_search = ISC_FALSE; skip_type_search = ISC_FALSE; free_rdataset = ISC_FALSE; @@ -1362,7 +1419,7 @@ getsection(isc_buffer_t *source, dns_mes goto cleanup; rdata->rdclass = rdclass; issigzero = ISC_FALSE; - if (rdtype == dns_rdatatype_rrsig && + if (rdtype == dns_rdatatype_rrsig && rdata->flags == 0) { covers = dns_rdata_covers(rdata); if (covers == 0) @@ -1573,6 +1630,19 @@ getsection(isc_buffer_t *source, dns_mes INSIST(free_rdataset == ISC_FALSE); } + /* + * If any of DS, NSEC or NSEC3 appeared in the + * authority section of a query response without + * a covering RRSIG, FORMERR + */ + if (sectionid == DNS_SECTION_AUTHORITY && + msg->opcode == dns_opcode_query && + ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) && + ((msg->flags & DNS_MESSAGEFLAG_TC) == 0) && + !preserve_order && + !auth_signed(section)) + DO_FORMERR; + if (seen_problem) return (DNS_R_RECOVERABLE); return (ISC_R_SUCCESS); Index: src/external/bsd/bind/dist/lib/dns/resolver.c diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.19.2.3.2.3 src/external/bsd/bind/dist/lib/dns/resolver.c:1.19.2.3.2.4 --- src/external/bsd/bind/dist/lib/dns/resolver.c:1.19.2.3.2.3 Sat Nov 5 17:47:33 2016 +++ src/external/bsd/bind/dist/lib/dns/resolver.c Mon Jan 16 11:56:44 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: resolver.c,v 1.19.2.3.2.3 2016/11/05 17:47:33 martin Exp $ */ +/* $NetBSD: resolver.c,v 1.19.2.3.2.4 2017/01/16 11:56:44 martin Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -5467,16 +5467,13 @@ cache_name(fetchctx_t *fctx, dns_name_t rdataset->type, &noqname); if (tresult == ISC_R_SUCCESS && - noqname != NULL) { - tresult = - dns_rdataset_addnoqname( + noqname != NULL) + (void) dns_rdataset_addnoqname( rdataset, noqname); - RUNTIME_CHECK(tresult == - ISC_R_SUCCESS); - } } - if ((fctx->options & DNS_FETCHOPT_PREFETCH) != 0) - options = DNS_DBADD_PREFETCH; + if ((fctx->options & + DNS_FETCHOPT_PREFETCH) != 0) + options = DNS_DBADD_PREFETCH; addedrdataset = ardataset; result = dns_db_addrdataset(fctx->cache, node, NULL, now, rdataset, @@ -5609,11 +5606,9 @@ cache_name(fetchctx_t *fctx, dns_name_t tresult = findnoqname(fctx, name, rdataset->type, &noqname); if (tresult == ISC_R_SUCCESS && - noqname != NULL) { - tresult = dns_rdataset_addnoqname( - rdataset, noqname); - RUNTIME_CHECK(tresult == ISC_R_SUCCESS); - } + noqname != NULL) + (void) dns_rdataset_addnoqname( + rdataset, noqname); } /* @@ -6751,7 +6746,7 @@ static isc_result_t answer_response(fetchctx_t *fctx) { isc_result_t result; dns_message_t *message; - dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name; + dns_name_t *name, *dname = NULL, *qname, tname, *ns_name; dns_name_t *cname = NULL; dns_rdataset_t *rdataset, *ns_rdataset; isc_boolean_t done, external, chaining, aa, found, want_chaining; @@ -6759,7 +6754,7 @@ answer_response(fetchctx_t *fctx) { isc_boolean_t wanted_chaining; unsigned int aflag; dns_rdatatype_t type; - dns_fixedname_t fdname, fqname, fqdname; + dns_fixedname_t fdname, fqname; dns_view_t *view; FCTXTRACE("answer_response"); @@ -6783,13 +6778,12 @@ answer_response(fetchctx_t *fctx) { aa = ISC_TRUE; else aa = ISC_FALSE; - dqname = qname = &fctx->name; + qname = &fctx->name; type = fctx->type; view = fctx->res->view; - dns_fixedname_init(&fqdname); result = dns_message_firstname(message, DNS_SECTION_ANSWER); while (!done && result == ISC_R_SUCCESS) { - dns_namereln_t namereln, dnamereln; + dns_namereln_t namereln; int order; unsigned int nlabels; @@ -6797,8 +6791,6 @@ answer_response(fetchctx_t *fctx) { dns_message_currentname(message, DNS_SECTION_ANSWER, &name); external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain)); namereln = dns_name_fullcompare(qname, name, &order, &nlabels); - dnamereln = dns_name_fullcompare(dqname, name, &order, - &nlabels); if (namereln == dns_namereln_equal) { wanted_chaining = ISC_FALSE; for (rdataset = ISC_LIST_HEAD(name->list); @@ -6815,6 +6807,19 @@ answer_response(fetchctx_t *fctx) { log_formerr(fctx, "NSEC3 in answer"); return (DNS_R_FORMERR); } + if (rdataset->type == dns_rdatatype_tkey) { + /* + * TKEY is not a valid record in a + * response to any query we can make. + */ + log_formerr(fctx, "TKEY in answer"); + return (DNS_R_FORMERR); + } + if (rdataset->rdclass != fctx->res->rdclass) { + log_formerr(fctx, "Mismatched class " + "in answer"); + return (DNS_R_FORMERR); + } /* * Apply filters, if given, on answers to reject @@ -6923,15 +6928,19 @@ answer_response(fetchctx_t *fctx) { * a CNAME or DNAME). */ INSIST(!external); - if ((rdataset->type != - dns_rdatatype_cname) || - !found_dname || - (aflag == - DNS_RDATASETATTR_ANSWER)) + /* + * Don't use found_cname here + * as we have just set it + * above. + */ + if (cname == NULL && + !found_dname && + aflag == + DNS_RDATASETATTR_ANSWER) { have_answer = ISC_TRUE; - if (rdataset->type == - dns_rdatatype_cname) + if (found_cname && + cname == NULL) cname = name; name->attributes |= DNS_NAMEATTR_ANSWER; @@ -7001,6 +7010,12 @@ answer_response(fetchctx_t *fctx) { rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { + if (rdataset->rdclass != fctx->res->rdclass) { + log_formerr(fctx, "Mismatched class " + "in answer"); + return (DNS_R_FORMERR); + } + /* * Only pass DNAME or RRSIG(DNAME). */ @@ -7028,11 +7043,24 @@ answer_response(fetchctx_t *fctx) { return (DNS_R_FORMERR); } - if (dnamereln != dns_namereln_subdomain) { + /* + * If DNAME + synthetic CNAME then the + * namereln is dns_namereln_subdomain. + * + * If synthetic CNAME + DNAME then the + * namereln is dns_namereln_commonancestor + * and the number of label must match the + * DNAME. This order is not RFC compliant. + */ + + if (namereln != dns_namereln_subdomain && + (namereln != dns_namereln_commonancestor || + nlabels != dns_name_countlabels(name))) + { char qbuf[DNS_NAME_FORMATSIZE]; char obuf[DNS_NAME_FORMATSIZE]; - dns_name_format(dqname, qbuf, + dns_name_format(qname, qbuf, sizeof(qbuf)); dns_name_format(name, obuf, sizeof(obuf)); @@ -7047,7 +7075,7 @@ answer_response(fetchctx_t *fctx) { want_chaining = ISC_TRUE; POST(want_chaining); aflag = DNS_RDATASETATTR_ANSWER; - result = dname_target(rdataset, dqname, + result = dname_target(rdataset, qname, nlabels, &fdname); if (result == ISC_R_NOSPACE) { /* @@ -7064,13 +7092,11 @@ answer_response(fetchctx_t *fctx) { dname = dns_fixedname_name(&fdname); if (!is_answertarget_allowed(view, - dqname, rdataset->type, + qname, rdataset->type, dname, &fctx->domain)) { return (DNS_R_SERVFAIL); } - dqname = dns_fixedname_name(&fqdname); - dns_name_copy(dname, dqname, NULL); } else { /* * We've found a signature that @@ -7216,7 +7242,8 @@ answer_response(fetchctx_t *fctx) { rdataset->trust = dns_trust_additional; - if (rdataset->type == dns_rdatatype_ns) { + if (rdataset->type == dns_rdatatype_ns) + { ns_name = name; ns_rdataset = rdataset; } Index: src/external/bsd/bind/dist/lib/isc/api diff -u src/external/bsd/bind/dist/lib/isc/api:1.1.1.15.2.2.2.2 src/external/bsd/bind/dist/lib/isc/api:1.1.1.15.2.2.2.3 --- src/external/bsd/bind/dist/lib/isc/api:1.1.1.15.2.2.2.2 Fri Oct 14 11:42:48 2016 +++ src/external/bsd/bind/dist/lib/isc/api Mon Jan 16 11:56:44 2017 @@ -6,5 +6,5 @@ # 9.9-sub: 130-139 # 9.10: 140-149, 160-169 LIBINTERFACE = 161 -LIBREVISION = 1 +LIBREVISION = 2 LIBAGE = 1 Index: src/external/bsd/bind/dist/lib/isc/unix/socket.c diff -u src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.15.2.2.2.2 src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.15.2.2.2.3 --- src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.15.2.2.2.2 Fri Oct 14 11:42:50 2016 +++ src/external/bsd/bind/dist/lib/isc/unix/socket.c Mon Jan 16 11:56:44 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: socket.c,v 1.15.2.2.2.2 2016/10/14 11:42:50 martin Exp $ */ +/* $NetBSD: socket.c,v 1.15.2.2.2.3 2017/01/16 11:56:44 martin Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -4077,7 +4077,8 @@ process_fds(isc__socketmgr_t *manager, s * events. Note also that the read or write attempt * won't block because we use non-blocking sockets. */ - events[i].events |= (EPOLLIN | EPOLLOUT); + int fd = events[i].data.fd; + events[i].events |= manager->epoll_events[fd]; } process_fd(manager, events[i].data.fd, (events[i].events & EPOLLIN) != 0, Index: src/external/bsd/bind/dist/lib/isc/win32/socket.c diff -u src/external/bsd/bind/dist/lib/isc/win32/socket.c:1.8.2.2.2.1 src/external/bsd/bind/dist/lib/isc/win32/socket.c:1.8.2.2.2.2 --- src/external/bsd/bind/dist/lib/isc/win32/socket.c:1.8.2.2.2.1 Fri Oct 14 11:42:50 2016 +++ src/external/bsd/bind/dist/lib/isc/win32/socket.c Mon Jan 16 11:56:45 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: socket.c,v 1.8.2.2.2.1 2016/10/14 11:42:50 martin Exp $ */ +/* $NetBSD: socket.c,v 1.8.2.2.2.2 2017/01/16 11:56:45 martin Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -2490,15 +2490,18 @@ SocketIoThread(LPVOID ThreadContext) { request = lpo->request_type; - errstatus = 0; - if (!bSuccess) { + if (!bSuccess) + errstatus = GetLastError(); + else + errstatus = 0; + if (!bSuccess && errstatus != ERROR_MORE_DATA) { isc_result_t isc_result; /* * Did the I/O operation complete? */ - errstatus = GetLastError(); - isc_result = isc__errno2resultx(errstatus, __FILE__, __LINE__); + isc_result = isc__errno2resultx(errstatus, + __FILE__, __LINE__); LOCK(&sock->lock); CONSISTENT(sock);