Module Name: src
Committed By: martin
Date: Mon Jan 16 11:56:45 UTC 2017
Modified Files:
src/doc [netbsd-7-0]: 3RDPARTY
src/external/bsd/bind [netbsd-7-0]: Makefile.inc
src/external/bsd/bind/dist [netbsd-7-0]: CHANGES README srcid version
src/external/bsd/bind/dist/bin/tests/system/dname [netbsd-7-0]:
tests.sh
src/external/bsd/bind/dist/bin/tests/system/dname/ns2 [netbsd-7-0]:
example.db
src/external/bsd/bind/dist/doc/arm [netbsd-7-0]: Bv9ARM.ch01.html
Bv9ARM.ch02.html Bv9ARM.ch03.html Bv9ARM.ch04.html Bv9ARM.ch05.html
Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html
Bv9ARM.ch10.html Bv9ARM.ch11.html Bv9ARM.ch12.html Bv9ARM.ch13.html
Bv9ARM.html man.arpaname.html man.ddns-confgen.html man.delv.html
man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html
man.dnssec-dsfromkey.html man.dnssec-importkey.html
man.dnssec-keyfromlabel.html man.dnssec-keygen.html
man.dnssec-revoke.html man.dnssec-settime.html
man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html
man.host.html man.isc-hmac-fixup.html man.lwresd.html
man.named-checkconf.html man.named-checkzone.html
man.named-journalprint.html man.named-rrchecker.html
man.named.conf.html man.named.html man.nsec3hash.html
man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html
man.rndc.html notes.html notes.pdf notes.xml
src/external/bsd/bind/dist/lib/dns [netbsd-7-0]: api message.c
resolver.c
src/external/bsd/bind/dist/lib/isc [netbsd-7-0]: api
src/external/bsd/bind/dist/lib/isc/unix [netbsd-7-0]: socket.c
src/external/bsd/bind/dist/lib/isc/win32 [netbsd-7-0]: socket.c
Removed Files:
src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat [netbsd-7-0]:
zkt-ls zkt-signer
src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical
[netbsd-7-0]:
zkt-ls zkt-signer
Log Message:
Pull up following revision(s) (requested by snj in ticket #1348):
doc/3RDPARTY: 1.1397 via patch
external/bsd/bind/Makefile.inc: up to 1.24 via patch
external/bsd/bind/dist/CHANGES: up to 1.24
external/bsd/bind/dist/README: up to 1.12
external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db: up to
1.1.1.3
external/bsd/bind/dist/bin/tests/system/dname/tests.sh: up to 1.1.1.4
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls delete
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer delete
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls
delete
external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer delete
external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html: up to 1.1.1.22
external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html: up to 1.1.1.19
external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html: up to 1.1.1.24
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html: up to 1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html: up to 1.1.1.25
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html: up to 1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html: up to 1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html: up to 1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html: up to 1.12
external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html: up to 1.1.1.21
external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html: up to 1.1.1.10
external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html: up to 1.1.1.10
external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html: up to 1.1.1.10
external/bsd/bind/dist/doc/arm/Bv9ARM.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.arpaname.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.delv.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dig.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.genrandom.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.host.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.lwresd.html: up to 1.1.1.4
external/bsd/bind/dist/doc/arm/man.named-checkconf.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.named-checkzone.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.named-journalprint.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.named.conf.html: up to 1.1.1.4
external/bsd/bind/dist/doc/arm/man.named.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.nsec3hash.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.nsupdate.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.rndc.conf.html: up to 1.12
external/bsd/bind/dist/doc/arm/man.rndc.html: up to 1.12
external/bsd/bind/dist/doc/arm/notes.html: up to 1.1.1.10
external/bsd/bind/dist/doc/arm/notes.pdf: up to 1.1.1.10
external/bsd/bind/dist/doc/arm/notes.xml: up to 1.1.1.10
external/bsd/bind/dist/lib/dns/api: up to 1.12
external/bsd/bind/dist/lib/dns/message.c: up to 1.21
external/bsd/bind/dist/lib/dns/resolver.c: up to 1.28
external/bsd/bind/dist/lib/isc/api: up to 1.1.1.21
external/bsd/bind/dist/lib/isc/unix/socket.c: up to 1.20
external/bsd/bind/dist/lib/isc/win32/socket.c: up to 1.12
external/bsd/bind/dist/srcid: up to 1.18
external/bsd/bind/dist/version: up to 1.22
external/bsd/bind/include/isc/platform.h: up to 1.22 via patch
Update BIND to 9.10.4-P5, fixing CVE-2016-9131, CVE-2016-9147,
and CVE-2016-9444.
To generate a diff of this commit:
cvs rdiff -u -r1.1145.2.18.2.11 -r1.1145.2.18.2.12 src/doc/3RDPARTY
cvs rdiff -u -r1.21.2.1.2.2 -r1.21.2.1.2.3 src/external/bsd/bind/Makefile.inc
cvs rdiff -u -r1.12.2.5.2.3 -r1.12.2.5.2.4 src/external/bsd/bind/dist/CHANGES
cvs rdiff -u -r1.1.1.14.2.5.2.3 -r1.1.1.14.2.5.2.4 \
src/external/bsd/bind/dist/README
cvs rdiff -u -r1.6.2.5.2.3 -r1.6.2.5.2.4 src/external/bsd/bind/dist/srcid
cvs rdiff -u -r1.10.2.5.2.3 -r1.10.2.5.2.4 src/external/bsd/bind/dist/version
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 \
src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.14.1 \
src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db
cvs rdiff -u -r1.1 -r0 \
src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls \
src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer
cvs rdiff -u -r1.1 -r0 \
src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls \
src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer
cvs rdiff -u -r1.1.1.11.2.4.2.3 -r1.1.1.11.2.4.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html
cvs rdiff -u -r1.1.1.8.2.4.2.3 -r1.1.1.8.2.4.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html
cvs rdiff -u -r1.1.1.13.2.4.2.3 -r1.1.1.13.2.4.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html
cvs rdiff -u -r1.1.1.15.2.5.2.3 -r1.1.1.15.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \
src/external/bsd/bind/dist/doc/arm/man.dig.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \
src/external/bsd/bind/dist/doc/arm/man.host.html \
src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \
src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \
src/external/bsd/bind/dist/doc/arm/man.named.html \
src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \
src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \
src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \
src/external/bsd/bind/dist/doc/arm/man.rndc.html
cvs rdiff -u -r1.1.1.14.2.4.2.3 -r1.1.1.14.2.4.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html
cvs rdiff -u -r1.1.1.10.2.4.2.3 -r1.1.1.10.2.4.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html
cvs rdiff -u -r1.1.1.1.2.4.2.3 -r1.1.1.1.2.4.2.4 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html \
src/external/bsd/bind/dist/doc/arm/notes.html \
src/external/bsd/bind/dist/doc/arm/notes.pdf \
src/external/bsd/bind/dist/doc/arm/notes.xml
cvs rdiff -u -r1.1.1.12.2.5.2.3 -r1.1.1.12.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.arpaname.html \
src/external/bsd/bind/dist/doc/arm/man.genrandom.html \
src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \
src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html
cvs rdiff -u -r1.1.1.13.2.5.2.3 -r1.1.1.13.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html
cvs rdiff -u -r1.1.1.1.4.5.2.3 -r1.1.1.1.4.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.delv.html
cvs rdiff -u -r1.1.1.3.2.5.2.3 -r1.1.1.3.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html
cvs rdiff -u -r1.1.1.2.2.5.2.3 -r1.1.1.2.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \
src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html
cvs rdiff -u -r1.1.1.5.2.5.2.3 -r1.1.1.5.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html
cvs rdiff -u -r1.1.1.11.2.5.2.3 -r1.1.1.11.2.5.2.4 \
src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html
cvs rdiff -u -r1.1.1.2.2.3 -r1.1.1.2.2.4 \
src/external/bsd/bind/dist/doc/arm/man.lwresd.html \
src/external/bsd/bind/dist/doc/arm/man.named.conf.html
cvs rdiff -u -r1.1.1.16.2.5.2.3 -r1.1.1.16.2.5.2.4 \
src/external/bsd/bind/dist/lib/dns/api
cvs rdiff -u -r1.13.2.2.2.2 -r1.13.2.2.2.3 \
src/external/bsd/bind/dist/lib/dns/message.c
cvs rdiff -u -r1.19.2.3.2.3 -r1.19.2.3.2.4 \
src/external/bsd/bind/dist/lib/dns/resolver.c
cvs rdiff -u -r1.1.1.15.2.2.2.2 -r1.1.1.15.2.2.2.3 \
src/external/bsd/bind/dist/lib/isc/api
cvs rdiff -u -r1.15.2.2.2.2 -r1.15.2.2.2.3 \
src/external/bsd/bind/dist/lib/isc/unix/socket.c
cvs rdiff -u -r1.8.2.2.2.1 -r1.8.2.2.2.2 \
src/external/bsd/bind/dist/lib/isc/win32/socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/3RDPARTY
diff -u src/doc/3RDPARTY:1.1145.2.18.2.11 src/doc/3RDPARTY:1.1145.2.18.2.12
--- src/doc/3RDPARTY:1.1145.2.18.2.11 Wed Dec 14 08:21:38 2016
+++ src/doc/3RDPARTY Mon Jan 16 11:56:45 2017
@@ -1,4 +1,4 @@
-# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.11 2016/12/14 08:21:38 snj Exp $
+# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.12 2017/01/16 11:56:45 martin Exp $
#
# This file contains a list of the software that has been integrated into
# NetBSD where we are not the primary maintainer.
@@ -113,8 +113,8 @@ Notes:
bc includes dc, both of which are in the NetBSD tree.
Package: bind [named and utils]
-Version: 9.10.4-P4
-Current Vers: 9.10.4-P4
+Version: 9.10.4-P5
+Current Vers: 9.10.4-P5
Maintainer: Paul Vixie <[email protected]>
Archive Site: ftp://ftp.isc.org/isc/bind9/
Home Page: http://www.isc.org/software/bind/
Index: src/external/bsd/bind/Makefile.inc
diff -u src/external/bsd/bind/Makefile.inc:1.21.2.1.2.2 src/external/bsd/bind/Makefile.inc:1.21.2.1.2.3
--- src/external/bsd/bind/Makefile.inc:1.21.2.1.2.2 Sat Nov 5 17:47:30 2016
+++ src/external/bsd/bind/Makefile.inc Mon Jan 16 11:56:42 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.21.2.1.2.2 2016/11/05 17:47:30 martin Exp $
+# $NetBSD: Makefile.inc,v 1.21.2.1.2.3 2017/01/16 11:56:42 martin Exp $
.if !defined(BIND9_MAKEFILE_INC)
BIND9_MAKEFILE_INC=yes
Index: src/external/bsd/bind/dist/CHANGES
diff -u src/external/bsd/bind/dist/CHANGES:1.12.2.5.2.3 src/external/bsd/bind/dist/CHANGES:1.12.2.5.2.4
--- src/external/bsd/bind/dist/CHANGES:1.12.2.5.2.3 Sat Nov 5 17:47:30 2016
+++ src/external/bsd/bind/dist/CHANGES Mon Jan 16 11:56:42 2017
@@ -1,3 +1,27 @@
+ --- 9.10.4-P5 released ---
+
+4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
+ in responses resulting in SERVFAIL being returned.
+ [RT #43779]
+
+4528. [bug] Only set the flag bits for the i/o we are waiting
+ for on EPOLLERR or EPOLLHUP. [RT #43617]
+
+4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
+
+4517. [security] Named could mishandle authority sections that were
+ missing RRSIGs triggering an assertion failure.
+ (CVE-2016-9444) [RT # 43632]
+
+4510. [security] Named mishandled some responses where covering RRSIG
+ records are returned without the requested data
+ resulting in a assertion failure. (CVE-2016-9147)
+ [RT #43548]
+
+4508. [security] Named incorrectly tried to cache TKEY records which
+ could trigger a assertion failure when there was
+ a class mismatch. (CVE-2016-9131) [RT #43522]
+
--- 9.10.4-P4 released ---
4489. [security] It was possible to trigger assertions when processing
Index: src/external/bsd/bind/dist/README
diff -u src/external/bsd/bind/dist/README:1.1.1.14.2.5.2.3 src/external/bsd/bind/dist/README:1.1.1.14.2.5.2.4
--- src/external/bsd/bind/dist/README:1.1.1.14.2.5.2.3 Sat Nov 5 17:47:30 2016
+++ src/external/bsd/bind/dist/README Mon Jan 16 11:56:42 2017
@@ -51,6 +51,11 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P5
+
+ This version contains fixes for CVE-2016-9131, CVE-2016-9147,
+ CVE-2016-9444 and CVE-2016-9778.
+
BIND 9.10.4-P4
This version contains a fix for CVE-2016-8864.
Index: src/external/bsd/bind/dist/srcid
diff -u src/external/bsd/bind/dist/srcid:1.6.2.5.2.3 src/external/bsd/bind/dist/srcid:1.6.2.5.2.4
--- src/external/bsd/bind/dist/srcid:1.6.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/srcid Mon Jan 16 11:56:42 2017
@@ -1 +1 @@
-SRCID=853aa4b
+SRCID=2b12043
Index: src/external/bsd/bind/dist/version
diff -u src/external/bsd/bind/dist/version:1.10.2.5.2.3 src/external/bsd/bind/dist/version:1.10.2.5.2.4
--- src/external/bsd/bind/dist/version:1.10.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/version Mon Jan 16 11:56:43 2017
@@ -7,5 +7,5 @@ MAJORVER=9
MINORVER=10
PATCHVER=4
RELEASETYPE=-P
-RELEASEVER=4
+RELEASEVER=5
EXTENSIONS=
Index: src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh
diff -u src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh:1.1.1.3 src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh:1.1.1.3.12.1
--- src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh:1.1.1.3 Tue Dec 4 19:22:35 2012
+++ src/external/bsd/bind/dist/bin/tests/system/dname/tests.sh Mon Jan 16 11:56:43 2017
@@ -63,6 +63,24 @@ grep "status: YXDOMAIN" dig.out.ns4.tool
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:checking cname to dname from authoritative"
+ret=0
+$DIG cname.example @10.53.0.2 a -p 5300 > dig.out.ns2.cname
+grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking cname to dname from recursive"
+ret=0
+$DIG cname.example @10.53.0.4 a -p 5300 > dig.out.ns4.cname
+grep "status: NOERROR" dig.out.ns4.cname > /dev/null || ret=1
+grep '^cname.example.' dig.out.ns4.cname > /dev/null || ret=1
+grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
+grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
+grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
Index: src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db
diff -u src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db:1.1.1.2 src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db:1.1.1.2.14.1
--- src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db:1.1.1.2 Mon Jun 4 17:54:22 2012
+++ src/external/bsd/bind/dist/bin/tests/system/dname/ns2/example.db Mon Jan 16 11:56:43 2017
@@ -29,4 +29,6 @@ a.short A 10.0.0.1
short-dname DNAME short
a.longlonglonglonglonglonglonglonglonglonglonglonglong A 10.0.0.2
long-dname DNAME longlonglonglonglonglonglonglonglonglonglonglonglong
-;
+cname CNAME a.cnamedname
+cnamedname DNAME target
+a.target A 10.0.0.3
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html:1.1.1.11.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html:1.1.1.11.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html:1.1.1.11.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html Mon Jan 16 11:56:43 2017
@@ -555,6 +555,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html:1.1.1.8.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html:1.1.1.8.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html:1.1.1.8.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html Mon Jan 16 11:56:43 2017
@@ -153,6 +153,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html:1.1.1.13.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html:1.1.1.13.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html:1.1.1.13.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html Mon Jan 16 11:56:43 2017
@@ -669,6 +669,6 @@ controls {
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Mon Jan 16 11:56:43 2017
@@ -2326,6 +2326,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Mon Jan 16 11:56:43 2017
@@ -12845,6 +12845,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Mon Jan 16 11:56:43 2017
@@ -248,6 +248,6 @@ zone "example.com" {
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Mon Jan 16 11:56:43 2017
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Mon Jan 16 11:56:43 2017
@@ -44,7 +44,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P4</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,6 +68,10 @@
This document summarizes changes since BIND 9.10.4:
</p>
<p>
+ BIND 9.10.4-P5 addresses the security issues described in
+ CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
+ </p>
+<p>
BIND 9.10.4-P4 addresses the security issue described in
CVE-2016-8864.
</p>
@@ -103,6 +107,22 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ Named could mishandle authority sections that were missing
+ RRSIGs triggering an assertion failure. This flaw is
+ disclosed in CVE-2016-9444. [RT # 43632]
+ </p></li>
+<li class="listitem"><p>
+ Named mishandled some responses where covering RRSIG
+ records are returned without the requested data
+ resulting in a assertion failure. This flaw is disclosed in
+ CVE-2016-9147. [RT #43548]
+ </p></li>
+<li class="listitem"><p>
+ Named incorrectly tried to cache TKEY records which could
+ trigger a assertion failure when there was a class mismatch.
+ This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ </p></li>
+<li class="listitem"><p>
It was possible to trigger assertions when processing
a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
</p></li>
@@ -198,6 +218,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html Mon Jan 16 11:56:44 2017
@@ -40,7 +40,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.4-P4</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.4-P5</p></div>
<div><p class="copyright">Copyright � 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright � 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -239,7 +239,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -385,6 +385,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dig.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dig.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dig.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dig.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dig.html Mon Jan 16 11:56:44 2017
@@ -809,6 +809,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html Mon Jan 16 11:56:44 2017
@@ -213,6 +213,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html Mon Jan 16 11:56:44 2017
@@ -381,6 +381,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html Mon Jan 16 11:56:44 2017
@@ -455,6 +455,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html Mon Jan 16 11:56:44 2017
@@ -564,6 +564,6 @@ db.example.com.signed
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.host.html
diff -u src/external/bsd/bind/dist/doc/arm/man.host.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.host.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.host.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.host.html Mon Jan 16 11:56:44 2017
@@ -247,6 +247,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html Mon Jan 16 11:56:44 2017
@@ -151,6 +151,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html Mon Jan 16 11:56:44 2017
@@ -338,6 +338,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.named.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.named.html Mon Jan 16 11:56:44 2017
@@ -369,6 +369,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.nsupdate.html
diff -u src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html Mon Jan 16 11:56:44 2017
@@ -663,6 +663,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html
diff -u src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html Mon Jan 16 11:56:44 2017
@@ -223,6 +223,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html
diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html Mon Jan 16 11:56:44 2017
@@ -246,6 +246,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.rndc.html
diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.1.1.15.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.1.1.15.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.1.1.15.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.rndc.html Mon Jan 16 11:56:44 2017
@@ -621,6 +621,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html:1.1.1.14.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html:1.1.1.14.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html:1.1.1.14.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html Mon Jan 16 11:56:43 2017
@@ -138,6 +138,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html:1.1.1.10.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html:1.1.1.10.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html:1.1.1.10.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html Mon Jan 16 11:56:43 2017
@@ -155,6 +155,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html:1.1.1.1.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html Mon Jan 16 11:56:43 2017
@@ -497,6 +497,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html:1.1.1.1.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html Mon Jan 16 11:56:44 2017
@@ -543,6 +543,6 @@ $ <strong class="userinput"><code>sample
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html:1.1.1.1.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:31 2016
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html Mon Jan 16 11:56:44 2017
@@ -154,6 +154,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/notes.html
diff -u src/external/bsd/bind/dist/doc/arm/notes.html:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/notes.html:1.1.1.1.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/notes.html:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/notes.html Mon Jan 16 11:56:44 2017
@@ -21,7 +21,7 @@
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.10.4-P4</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -29,6 +29,10 @@
This document summarizes changes since BIND 9.10.4:
</p>
<p>
+ BIND 9.10.4-P5 addresses the security issues described in
+ CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
+ </p>
+<p>
BIND 9.10.4-P4 addresses the security issue described in
CVE-2016-8864.
</p>
@@ -64,6 +68,22 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ Named could mishandle authority sections that were missing
+ RRSIGs triggering an assertion failure. This flaw is
+ disclosed in CVE-2016-9444. [RT # 43632]
+ </p></li>
+<li class="listitem"><p>
+ Named mishandled some responses where covering RRSIG
+ records are returned without the requested data
+ resulting in a assertion failure. This flaw is disclosed in
+ CVE-2016-9147. [RT #43548]
+ </p></li>
+<li class="listitem"><p>
+ Named incorrectly tried to cache TKEY records which could
+ trigger a assertion failure when there was a class mismatch.
+ This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ </p></li>
+<li class="listitem"><p>
It was possible to trigger assertions when processing
a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
</p></li>
Index: src/external/bsd/bind/dist/doc/arm/notes.pdf
Binary files are different
Index: src/external/bsd/bind/dist/doc/arm/notes.xml
diff -u src/external/bsd/bind/dist/doc/arm/notes.xml:1.1.1.1.2.4.2.3 src/external/bsd/bind/dist/doc/arm/notes.xml:1.1.1.1.2.4.2.4
--- src/external/bsd/bind/dist/doc/arm/notes.xml:1.1.1.1.2.4.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/notes.xml Mon Jan 16 11:56:44 2017
@@ -24,6 +24,10 @@
This document summarizes changes since BIND 9.10.4:
</para>
<para>
+ BIND 9.10.4-P5 addresses the security issues described in
+ CVE-2016-9131, CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778.
+ </para>
+ <para>
BIND 9.10.4-P4 addresses the security issue described in
CVE-2016-8864.
</para>
@@ -59,6 +63,37 @@
<itemizedlist>
<listitem>
<para>
+ A coding error in the <option>nxdomain-redirect</option>
+ feature could lead to an assertion failure if the redirection
+ namespace was served from a local authoritative data source
+ such as a local zone or a DLZ instead of via recursive
+ lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Named could mishandle authority sections that were missing
+ RRSIGs triggering an assertion failure. This flaw is
+ disclosed in CVE-2016-9444. [RT # 43632]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Named mishandled some responses where covering RRSIG
+ records are returned without the requested data
+ resulting in a assertion failure. This flaw is disclosed in
+ CVE-2016-9147. [RT #43548]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Named incorrectly tried to cache TKEY records which could
+ trigger a assertion failure when there was a class mismatch.
+ This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
It was possible to trigger assertions when processing
a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
</para>
Index: src/external/bsd/bind/dist/doc/arm/man.arpaname.html
diff -u src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.1.1.12.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.arpaname.html Mon Jan 16 11:56:44 2017
@@ -81,6 +81,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.genrandom.html
diff -u src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.1.1.12.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.genrandom.html Mon Jan 16 11:56:44 2017
@@ -102,6 +102,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.1.1.12.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html Mon Jan 16 11:56:44 2017
@@ -102,6 +102,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html
diff -u src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.1.1.12.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.1.1.12.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.1.1.12.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html Mon Jan 16 11:56:44 2017
@@ -103,6 +103,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html
diff -u src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.1.1.13.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.1.1.13.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.1.1.13.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Mon Jan 16 11:56:44 2017
@@ -185,6 +185,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.1.1.13.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.1.1.13.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.1.1.13.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html Mon Jan 16 11:56:44 2017
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.1.1.13.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.1.1.13.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.1.1.13.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html Mon Jan 16 11:56:44 2017
@@ -264,6 +264,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.delv.html
diff -u src/external/bsd/bind/dist/doc/arm/man.delv.html:1.1.1.1.4.5.2.3 src/external/bsd/bind/dist/doc/arm/man.delv.html:1.1.1.1.4.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.delv.html:1.1.1.1.4.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.delv.html Mon Jan 16 11:56:44 2017
@@ -498,6 +498,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.1.1.3.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.1.1.3.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.1.1.3.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html Mon Jan 16 11:56:44 2017
@@ -112,6 +112,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.1.1.3.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.1.1.3.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.1.1.3.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html Mon Jan 16 11:56:44 2017
@@ -219,6 +219,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.1.1.2.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.1.1.2.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.1.1.2.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html Mon Jan 16 11:56:44 2017
@@ -177,6 +177,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.1.1.2.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.1.1.2.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.1.1.2.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html Mon Jan 16 11:56:44 2017
@@ -104,6 +104,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.1.1.5.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.1.1.5.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.1.1.5.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html Mon Jan 16 11:56:44 2017
@@ -164,6 +164,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html
diff -u src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.1.1.11.2.5.2.3 src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.1.1.11.2.5.2.4
--- src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.1.1.11.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html Mon Jan 16 11:56:44 2017
@@ -112,6 +112,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.lwresd.html
diff -u src/external/bsd/bind/dist/doc/arm/man.lwresd.html:1.1.1.2.2.3 src/external/bsd/bind/dist/doc/arm/man.lwresd.html:1.1.1.2.2.4
--- src/external/bsd/bind/dist/doc/arm/man.lwresd.html:1.1.1.2.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.lwresd.html Mon Jan 16 11:56:44 2017
@@ -253,6 +253,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named.conf.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named.conf.html:1.1.1.2.2.3 src/external/bsd/bind/dist/doc/arm/man.named.conf.html:1.1.1.2.2.4
--- src/external/bsd/bind/dist/doc/arm/man.named.conf.html:1.1.1.2.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/doc/arm/man.named.conf.html Mon Jan 16 11:56:44 2017
@@ -676,6 +676,6 @@ zone�<em class="replaceable"><code>strin
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
</body>
</html>
Index: src/external/bsd/bind/dist/lib/dns/api
diff -u src/external/bsd/bind/dist/lib/dns/api:1.1.1.16.2.5.2.3 src/external/bsd/bind/dist/lib/dns/api:1.1.1.16.2.5.2.4
--- src/external/bsd/bind/dist/lib/dns/api:1.1.1.16.2.5.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/lib/dns/api Mon Jan 16 11:56:44 2017
@@ -6,5 +6,5 @@
# 9.9-sub: 130-139, 150-159
# 9.10: 140-149, 160-169
LIBINTERFACE = 165
-LIBREVISION = 3
+LIBREVISION = 4
LIBAGE = 0
Index: src/external/bsd/bind/dist/lib/dns/message.c
diff -u src/external/bsd/bind/dist/lib/dns/message.c:1.13.2.2.2.2 src/external/bsd/bind/dist/lib/dns/message.c:1.13.2.2.2.3
--- src/external/bsd/bind/dist/lib/dns/message.c:1.13.2.2.2.2 Fri Oct 14 11:42:46 2016
+++ src/external/bsd/bind/dist/lib/dns/message.c Mon Jan 16 11:56:44 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: message.c,v 1.13.2.2.2.2 2016/10/14 11:42:46 martin Exp $ */
+/* $NetBSD: message.c,v 1.13.2.2.2.3 2017/01/16 11:56:44 martin Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -1158,6 +1158,63 @@ update(dns_section_t section, dns_rdatac
return (ISC_FALSE);
}
+/*
+ * Check to confirm that all DNSSEC records (DS, NSEC, NSEC3) have
+ * covering RRSIGs.
+ */
+static isc_boolean_t
+auth_signed(dns_namelist_t *section) {
+ dns_name_t *name;
+
+ for (name = ISC_LIST_HEAD(*section);
+ name != NULL;
+ name = ISC_LIST_NEXT(name, link))
+ {
+ int auth_dnssec = 0, auth_rrsig = 0;
+ dns_rdataset_t *rds;
+
+ for (rds = ISC_LIST_HEAD(name->list);
+ rds != NULL;
+ rds = ISC_LIST_NEXT(rds, link))
+ {
+ switch (rds->type) {
+ case dns_rdatatype_ds:
+ auth_dnssec |= 0x1;
+ break;
+ case dns_rdatatype_nsec:
+ auth_dnssec |= 0x2;
+ break;
+ case dns_rdatatype_nsec3:
+ auth_dnssec |= 0x4;
+ break;
+ case dns_rdatatype_rrsig:
+ break;
+ default:
+ continue;
+ }
+
+ switch (rds->covers) {
+ case dns_rdatatype_ds:
+ auth_rrsig |= 0x1;
+ break;
+ case dns_rdatatype_nsec:
+ auth_rrsig |= 0x2;
+ break;
+ case dns_rdatatype_nsec3:
+ auth_rrsig |= 0x4;
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (auth_dnssec != auth_rrsig)
+ return (ISC_FALSE);
+ }
+
+ return (ISC_TRUE);
+}
+
static isc_result_t
getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
dns_section_t sectionid, unsigned int options)
@@ -1183,12 +1240,12 @@ getsection(isc_buffer_t *source, dns_mes
best_effort = ISC_TF(options & DNS_MESSAGEPARSE_BESTEFFORT);
seen_problem = ISC_FALSE;
+ section = &msg->sections[sectionid];
+
for (count = 0; count < msg->counts[sectionid]; count++) {
int recstart = source->current;
isc_boolean_t skip_name_search, skip_type_search;
- section = &msg->sections[sectionid];
-
skip_name_search = ISC_FALSE;
skip_type_search = ISC_FALSE;
free_rdataset = ISC_FALSE;
@@ -1362,7 +1419,7 @@ getsection(isc_buffer_t *source, dns_mes
goto cleanup;
rdata->rdclass = rdclass;
issigzero = ISC_FALSE;
- if (rdtype == dns_rdatatype_rrsig &&
+ if (rdtype == dns_rdatatype_rrsig &&
rdata->flags == 0) {
covers = dns_rdata_covers(rdata);
if (covers == 0)
@@ -1573,6 +1630,19 @@ getsection(isc_buffer_t *source, dns_mes
INSIST(free_rdataset == ISC_FALSE);
}
+ /*
+ * If any of DS, NSEC or NSEC3 appeared in the
+ * authority section of a query response without
+ * a covering RRSIG, FORMERR
+ */
+ if (sectionid == DNS_SECTION_AUTHORITY &&
+ msg->opcode == dns_opcode_query &&
+ ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) &&
+ ((msg->flags & DNS_MESSAGEFLAG_TC) == 0) &&
+ !preserve_order &&
+ !auth_signed(section))
+ DO_FORMERR;
+
if (seen_problem)
return (DNS_R_RECOVERABLE);
return (ISC_R_SUCCESS);
Index: src/external/bsd/bind/dist/lib/dns/resolver.c
diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.19.2.3.2.3 src/external/bsd/bind/dist/lib/dns/resolver.c:1.19.2.3.2.4
--- src/external/bsd/bind/dist/lib/dns/resolver.c:1.19.2.3.2.3 Sat Nov 5 17:47:33 2016
+++ src/external/bsd/bind/dist/lib/dns/resolver.c Mon Jan 16 11:56:44 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.19.2.3.2.3 2016/11/05 17:47:33 martin Exp $ */
+/* $NetBSD: resolver.c,v 1.19.2.3.2.4 2017/01/16 11:56:44 martin Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -5467,16 +5467,13 @@ cache_name(fetchctx_t *fctx, dns_name_t
rdataset->type,
&noqname);
if (tresult == ISC_R_SUCCESS &&
- noqname != NULL) {
- tresult =
- dns_rdataset_addnoqname(
+ noqname != NULL)
+ (void) dns_rdataset_addnoqname(
rdataset, noqname);
- RUNTIME_CHECK(tresult ==
- ISC_R_SUCCESS);
- }
}
- if ((fctx->options & DNS_FETCHOPT_PREFETCH) != 0)
- options = DNS_DBADD_PREFETCH;
+ if ((fctx->options &
+ DNS_FETCHOPT_PREFETCH) != 0)
+ options = DNS_DBADD_PREFETCH;
addedrdataset = ardataset;
result = dns_db_addrdataset(fctx->cache, node,
NULL, now, rdataset,
@@ -5609,11 +5606,9 @@ cache_name(fetchctx_t *fctx, dns_name_t
tresult = findnoqname(fctx, name,
rdataset->type, &noqname);
if (tresult == ISC_R_SUCCESS &&
- noqname != NULL) {
- tresult = dns_rdataset_addnoqname(
- rdataset, noqname);
- RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
- }
+ noqname != NULL)
+ (void) dns_rdataset_addnoqname(
+ rdataset, noqname);
}
/*
@@ -6751,7 +6746,7 @@ static isc_result_t
answer_response(fetchctx_t *fctx) {
isc_result_t result;
dns_message_t *message;
- dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name;
+ dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
dns_name_t *cname = NULL;
dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t done, external, chaining, aa, found, want_chaining;
@@ -6759,7 +6754,7 @@ answer_response(fetchctx_t *fctx) {
isc_boolean_t wanted_chaining;
unsigned int aflag;
dns_rdatatype_t type;
- dns_fixedname_t fdname, fqname, fqdname;
+ dns_fixedname_t fdname, fqname;
dns_view_t *view;
FCTXTRACE("answer_response");
@@ -6783,13 +6778,12 @@ answer_response(fetchctx_t *fctx) {
aa = ISC_TRUE;
else
aa = ISC_FALSE;
- dqname = qname = &fctx->name;
+ qname = &fctx->name;
type = fctx->type;
view = fctx->res->view;
- dns_fixedname_init(&fqdname);
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (!done && result == ISC_R_SUCCESS) {
- dns_namereln_t namereln, dnamereln;
+ dns_namereln_t namereln;
int order;
unsigned int nlabels;
@@ -6797,8 +6791,6 @@ answer_response(fetchctx_t *fctx) {
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
- dnamereln = dns_name_fullcompare(dqname, name, &order,
- &nlabels);
if (namereln == dns_namereln_equal) {
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
@@ -6815,6 +6807,19 @@ answer_response(fetchctx_t *fctx) {
log_formerr(fctx, "NSEC3 in answer");
return (DNS_R_FORMERR);
}
+ if (rdataset->type == dns_rdatatype_tkey) {
+ /*
+ * TKEY is not a valid record in a
+ * response to any query we can make.
+ */
+ log_formerr(fctx, "TKEY in answer");
+ return (DNS_R_FORMERR);
+ }
+ if (rdataset->rdclass != fctx->res->rdclass) {
+ log_formerr(fctx, "Mismatched class "
+ "in answer");
+ return (DNS_R_FORMERR);
+ }
/*
* Apply filters, if given, on answers to reject
@@ -6923,15 +6928,19 @@ answer_response(fetchctx_t *fctx) {
* a CNAME or DNAME).
*/
INSIST(!external);
- if ((rdataset->type !=
- dns_rdatatype_cname) ||
- !found_dname ||
- (aflag ==
- DNS_RDATASETATTR_ANSWER))
+ /*
+ * Don't use found_cname here
+ * as we have just set it
+ * above.
+ */
+ if (cname == NULL &&
+ !found_dname &&
+ aflag ==
+ DNS_RDATASETATTR_ANSWER)
{
have_answer = ISC_TRUE;
- if (rdataset->type ==
- dns_rdatatype_cname)
+ if (found_cname &&
+ cname == NULL)
cname = name;
name->attributes |=
DNS_NAMEATTR_ANSWER;
@@ -7001,6 +7010,12 @@ answer_response(fetchctx_t *fctx) {
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link))
{
+ if (rdataset->rdclass != fctx->res->rdclass) {
+ log_formerr(fctx, "Mismatched class "
+ "in answer");
+ return (DNS_R_FORMERR);
+ }
+
/*
* Only pass DNAME or RRSIG(DNAME).
*/
@@ -7028,11 +7043,24 @@ answer_response(fetchctx_t *fctx) {
return (DNS_R_FORMERR);
}
- if (dnamereln != dns_namereln_subdomain) {
+ /*
+ * If DNAME + synthetic CNAME then the
+ * namereln is dns_namereln_subdomain.
+ *
+ * If synthetic CNAME + DNAME then the
+ * namereln is dns_namereln_commonancestor
+ * and the number of label must match the
+ * DNAME. This order is not RFC compliant.
+ */
+
+ if (namereln != dns_namereln_subdomain &&
+ (namereln != dns_namereln_commonancestor ||
+ nlabels != dns_name_countlabels(name)))
+ {
char qbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
- dns_name_format(dqname, qbuf,
+ dns_name_format(qname, qbuf,
sizeof(qbuf));
dns_name_format(name, obuf,
sizeof(obuf));
@@ -7047,7 +7075,7 @@ answer_response(fetchctx_t *fctx) {
want_chaining = ISC_TRUE;
POST(want_chaining);
aflag = DNS_RDATASETATTR_ANSWER;
- result = dname_target(rdataset, dqname,
+ result = dname_target(rdataset, qname,
nlabels, &fdname);
if (result == ISC_R_NOSPACE) {
/*
@@ -7064,13 +7092,11 @@ answer_response(fetchctx_t *fctx) {
dname = dns_fixedname_name(&fdname);
if (!is_answertarget_allowed(view,
- dqname, rdataset->type,
+ qname, rdataset->type,
dname, &fctx->domain))
{
return (DNS_R_SERVFAIL);
}
- dqname = dns_fixedname_name(&fqdname);
- dns_name_copy(dname, dqname, NULL);
} else {
/*
* We've found a signature that
@@ -7216,7 +7242,8 @@ answer_response(fetchctx_t *fctx) {
rdataset->trust =
dns_trust_additional;
- if (rdataset->type == dns_rdatatype_ns) {
+ if (rdataset->type == dns_rdatatype_ns)
+ {
ns_name = name;
ns_rdataset = rdataset;
}
Index: src/external/bsd/bind/dist/lib/isc/api
diff -u src/external/bsd/bind/dist/lib/isc/api:1.1.1.15.2.2.2.2 src/external/bsd/bind/dist/lib/isc/api:1.1.1.15.2.2.2.3
--- src/external/bsd/bind/dist/lib/isc/api:1.1.1.15.2.2.2.2 Fri Oct 14 11:42:48 2016
+++ src/external/bsd/bind/dist/lib/isc/api Mon Jan 16 11:56:44 2017
@@ -6,5 +6,5 @@
# 9.9-sub: 130-139
# 9.10: 140-149, 160-169
LIBINTERFACE = 161
-LIBREVISION = 1
+LIBREVISION = 2
LIBAGE = 1
Index: src/external/bsd/bind/dist/lib/isc/unix/socket.c
diff -u src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.15.2.2.2.2 src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.15.2.2.2.3
--- src/external/bsd/bind/dist/lib/isc/unix/socket.c:1.15.2.2.2.2 Fri Oct 14 11:42:50 2016
+++ src/external/bsd/bind/dist/lib/isc/unix/socket.c Mon Jan 16 11:56:44 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: socket.c,v 1.15.2.2.2.2 2016/10/14 11:42:50 martin Exp $ */
+/* $NetBSD: socket.c,v 1.15.2.2.2.3 2017/01/16 11:56:44 martin Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -4077,7 +4077,8 @@ process_fds(isc__socketmgr_t *manager, s
* events. Note also that the read or write attempt
* won't block because we use non-blocking sockets.
*/
- events[i].events |= (EPOLLIN | EPOLLOUT);
+ int fd = events[i].data.fd;
+ events[i].events |= manager->epoll_events[fd];
}
process_fd(manager, events[i].data.fd,
(events[i].events & EPOLLIN) != 0,
Index: src/external/bsd/bind/dist/lib/isc/win32/socket.c
diff -u src/external/bsd/bind/dist/lib/isc/win32/socket.c:1.8.2.2.2.1 src/external/bsd/bind/dist/lib/isc/win32/socket.c:1.8.2.2.2.2
--- src/external/bsd/bind/dist/lib/isc/win32/socket.c:1.8.2.2.2.1 Fri Oct 14 11:42:50 2016
+++ src/external/bsd/bind/dist/lib/isc/win32/socket.c Mon Jan 16 11:56:45 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: socket.c,v 1.8.2.2.2.1 2016/10/14 11:42:50 martin Exp $ */
+/* $NetBSD: socket.c,v 1.8.2.2.2.2 2017/01/16 11:56:45 martin Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -2490,15 +2490,18 @@ SocketIoThread(LPVOID ThreadContext) {
request = lpo->request_type;
- errstatus = 0;
- if (!bSuccess) {
+ if (!bSuccess)
+ errstatus = GetLastError();
+ else
+ errstatus = 0;
+ if (!bSuccess && errstatus != ERROR_MORE_DATA) {
isc_result_t isc_result;
/*
* Did the I/O operation complete?
*/
- errstatus = GetLastError();
- isc_result = isc__errno2resultx(errstatus, __FILE__, __LINE__);
+ isc_result = isc__errno2resultx(errstatus,
+ __FILE__, __LINE__);
LOCK(&sock->lock);
CONSISTENT(sock);
