aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2016-11-02 04:35:05 +0000
committerXin LI <delphij@FreeBSD.org>2016-11-02 04:35:05 +0000
commit3c74729a3f6c4083d309b2b3e0a4bbb5bbd92adf (patch)
tree6b5bfe733f2750f9935e503dc405b7e9954a18f2
parentc2a8859aa5c96190c179c911d3841c4de17b9c34 (diff)
downloadsrc-vendor/bind9.tar.gz
src-vendor/bind9.zip
Vendor import of BIND 9.9.9-P4.vendor/bind9/9.9.9-P4vendor/bind9
Notes
Notes: svn path=/vendor/bind9/dist/; revision=308191 svn path=/vendor/bind9/9.9.9-P4/; revision=308192; tag=vendor/bind9/9.9.9-P4
-rw-r--r--CHANGES5
-rw-r--r--README4
-rw-r--r--doc/arm/Bv9ARM.ch01.html2
-rw-r--r--doc/arm/Bv9ARM.ch02.html2
-rw-r--r--doc/arm/Bv9ARM.ch03.html2
-rw-r--r--doc/arm/Bv9ARM.ch04.html2
-rw-r--r--doc/arm/Bv9ARM.ch05.html2
-rw-r--r--doc/arm/Bv9ARM.ch06.html2
-rw-r--r--doc/arm/Bv9ARM.ch07.html2
-rw-r--r--doc/arm/Bv9ARM.ch08.html2
-rw-r--r--doc/arm/Bv9ARM.ch09.html16
-rw-r--r--doc/arm/Bv9ARM.ch10.html2
-rw-r--r--doc/arm/Bv9ARM.ch11.html2
-rw-r--r--doc/arm/Bv9ARM.ch12.html2
-rw-r--r--doc/arm/Bv9ARM.ch13.html2
-rw-r--r--doc/arm/Bv9ARM.html6
-rw-r--r--doc/arm/Bv9ARM.pdfbin1135210 -> 1135272 bytes
-rw-r--r--doc/arm/man.arpaname.html2
-rw-r--r--doc/arm/man.ddns-confgen.html2
-rw-r--r--doc/arm/man.dig.html2
-rw-r--r--doc/arm/man.dnssec-checkds.html2
-rw-r--r--doc/arm/man.dnssec-coverage.html2
-rw-r--r--doc/arm/man.dnssec-dsfromkey.html2
-rw-r--r--doc/arm/man.dnssec-importkey.html2
-rw-r--r--doc/arm/man.dnssec-keyfromlabel.html2
-rw-r--r--doc/arm/man.dnssec-keygen.html2
-rw-r--r--doc/arm/man.dnssec-revoke.html2
-rw-r--r--doc/arm/man.dnssec-settime.html2
-rw-r--r--doc/arm/man.dnssec-signzone.html2
-rw-r--r--doc/arm/man.dnssec-verify.html2
-rw-r--r--doc/arm/man.genrandom.html2
-rw-r--r--doc/arm/man.host.html2
-rw-r--r--doc/arm/man.isc-hmac-fixup.html2
-rw-r--r--doc/arm/man.lwresd.html2
-rw-r--r--doc/arm/man.named-checkconf.html2
-rw-r--r--doc/arm/man.named-checkzone.html2
-rw-r--r--doc/arm/man.named-journalprint.html2
-rw-r--r--doc/arm/man.named.conf.html2
-rw-r--r--doc/arm/man.named.html2
-rw-r--r--doc/arm/man.nsec3hash.html2
-rw-r--r--doc/arm/man.nsupdate.html2
-rw-r--r--doc/arm/man.rndc-confgen.html2
-rw-r--r--doc/arm/man.rndc.conf.html2
-rw-r--r--doc/arm/man.rndc.html2
-rw-r--r--doc/arm/notes.html12
-rw-r--r--doc/arm/notes.pdfbin43434 -> 43816 bytes
-rw-r--r--doc/arm/notes.xml12
-rw-r--r--lib/dns/api2
-rw-r--r--lib/dns/resolver.c69
-rw-r--r--version2
50 files changed, 133 insertions, 73 deletions
diff --git a/CHANGES b/CHANGES
index 5b9e552bb7d3..d7f94a8ec133 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+ --- 9.9.9-P4 released ---
+
+4489. [security] It was possible to trigger assertions when processing
+ a response. (CVE-2016-8864) [RT #43465]
+
--- 9.9.9-P3 released ---
4467. [security] It was possible to trigger a assertion when rendering
diff --git a/README b/README
index d0b35568976e..ecbd03c59946 100644
--- a/README
+++ b/README
@@ -51,6 +51,10 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.9.9-P4
+
+ This version contains a fix for CVE-2016-8864.
+
BIND 9.9.9-P3
This version contains a fix for CVE-2016-2776.
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index ea1407325e45..b74c75aa4c3b 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -555,6 +555,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 8f65b88b8e1c..912d698f92f8 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -153,6 +153,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index fa809476210d..0d4ed0b41adc 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -663,6 +663,6 @@ controls {
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index fc56caf65b4b..caf75df341de 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1960,6 +1960,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 17ddab0c8072..89f272b37215 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -138,6 +138,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 51e7f755eeac..6b2ba7a60292 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -12314,6 +12314,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 95aa52f2f0bd..beec4e85c0b6 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -248,6 +248,6 @@ zone "example.com" {
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 4120cfc426f3..b7c0b92f6493 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 08d15df68710..58f84a36017d 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -44,7 +44,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P4</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.9.9-P3</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.9.9-P4</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,7 +68,11 @@
This document summarizes changes since BIND 9.9.9:
</p>
<p>
- BIND 9.10.9-P3 addresses the security issue described in
+ BIND 9.9.9-P4 addresses the security issue described in
+ CVE-2016-8864.
+ </p>
+<p>
+ BIND 9.9.9-P3 addresses the security issue described in
CVE-2016-2776.
</p>
<p>
@@ -97,6 +101,10 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ It was possible to trigger assertions when processing
+ a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
+ </p></li>
+<li class="listitem"><p>
It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is
disclosed in CVE-2016-2776. [RT #43139]
@@ -184,6 +192,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index e2c60355c34f..fbec8771be8a 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -155,6 +155,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html
index c842b29f629e..3231e97c93ed 100644
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -497,6 +497,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index ccce85620416..ee35ee8a02ed 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -539,6 +539,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html
index 474badc3fec0..7ae1a65aa69e 100644
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -148,6 +148,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 3eb4077193b8..b38541b468ef 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -40,7 +40,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.9.9-P3</p></div>
+<div><p class="releaseinfo">BIND Version 9.9.9-P4</p></div>
<div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -233,7 +233,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P4</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -373,6 +373,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index 5dd76894943f..72b3706220ca 100644
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
Binary files differ
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index c05cbf11abfe..2afaccb456f7 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -81,6 +81,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 3b2f7e472a0a..5b18a4b6a189 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -170,6 +170,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 25496707aed0..26d2307dbd8b 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -746,6 +746,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index c11e1b4f220a..b7c0fefdaec3 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -112,6 +112,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index 6cd24c947031..6d028683742a 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -195,6 +195,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index c4006a824eab..5cffca20b224 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -213,6 +213,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index f24553ed4dd6..96b07491785a 100644
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -177,6 +177,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 8931f8d21ef2..2f0df556ede1 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -346,6 +346,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index dd46bf33ea7b..21adf26b0957 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -448,6 +448,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 2adbbb403440..23a625eac3cd 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -125,6 +125,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 2d4afe24a099..7092f9baae4f 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -255,6 +255,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 0a387d41f622..9131d83dfd94 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -538,6 +538,6 @@ db.example.com.signed
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index 3d1bb32254a9..e2805eef1ac9 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -150,6 +150,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index 9552a57c7aa5..f73e69299d08 100644
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -102,6 +102,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 393de1676ca3..5720d694d260 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -248,6 +248,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index ca78b731ef22..887fead6b0e3 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -112,6 +112,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html
index f62e50157a25..1749d97c18b6 100644
--- a/doc/arm/man.lwresd.html
+++ b/doc/arm/man.lwresd.html
@@ -253,6 +253,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 37495c1fdb9b..9cd0107e8e64 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -151,6 +151,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 244371986067..2240f8e60d52 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -321,6 +321,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index 74ccac0a9d6a..2738b23e081a 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -102,6 +102,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index 8242a0e28107..86e2dfb8d7ab 100644
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -672,6 +672,6 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index ddcf66271593..ab368cc2817f 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -351,6 +351,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index ef3b6cdd8d2a..934bad8a0efd 100644
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -103,6 +103,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 45b5b31701a8..ba2f46e0e287 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -639,6 +639,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 697e44cda784..a0e0a58624fa 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -216,6 +216,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 877c1e4dffdf..0895c0c2040b 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -245,6 +245,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 59a1360e7ecb..a1f2d7c0e024 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -581,6 +581,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index d0639bc21fb8..e2630415323e 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -21,7 +21,7 @@
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.9.9-P3</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.9.9-P4</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -29,7 +29,11 @@
This document summarizes changes since BIND 9.9.9:
</p>
<p>
- BIND 9.10.9-P3 addresses the security issue described in
+ BIND 9.9.9-P4 addresses the security issue described in
+ CVE-2016-8864.
+ </p>
+<p>
+ BIND 9.9.9-P3 addresses the security issue described in
CVE-2016-2776.
</p>
<p>
@@ -58,6 +62,10 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ It was possible to trigger assertions when processing
+ a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
+ </p></li>
+<li class="listitem"><p>
It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is
disclosed in CVE-2016-2776. [RT #43139]
diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf
index 228070f438e8..ccee6308a083 100644
--- a/doc/arm/notes.pdf
+++ b/doc/arm/notes.pdf
Binary files differ
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 72cebb286a77..9b711b51fd4f 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -24,7 +24,11 @@
This document summarizes changes since BIND 9.9.9:
</para>
<para>
- BIND 9.10.9-P3 addresses the security issue described in
+ BIND 9.9.9-P4 addresses the security issue described in
+ CVE-2016-8864.
+ </para>
+ <para>
+ BIND 9.9.9-P3 addresses the security issue described in
CVE-2016-2776.
</para>
<para>
@@ -53,6 +57,12 @@
<itemizedlist>
<listitem>
<para>
+ It was possible to trigger assertions when processing
+ a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is
disclosed in CVE-2016-2776. [RT #43139]
diff --git a/lib/dns/api b/lib/dns/api
index 95055594c127..3da4ea4809f5 100644
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -7,5 +7,5 @@
# 9.10: 140-149
# 9.11: 160-169
LIBINTERFACE = 172
-LIBREVISION = 2
+LIBREVISION = 3
LIBAGE = 0
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 5f75bc08396e..2bc44612cd87 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -593,7 +593,9 @@ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
valarg->addrinfo = addrinfo;
if (!ISC_LIST_EMPTY(fctx->validators))
- INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
+ valoptions |= DNS_VALIDATOR_DEFER;
+ else
+ valoptions &= ~DNS_VALIDATOR_DEFER;
result = dns_validator_create(fctx->res->view, name, type, rdataset,
sigrdataset, fctx->rmessage,
@@ -5277,13 +5279,6 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
rdataset,
sigrdataset,
valoptions, task);
- /*
- * Defer any further validations.
- * This prevents multiple validators
- * from manipulating fctx->rmessage
- * simultaneously.
- */
- valoptions |= DNS_VALIDATOR_DEFER;
}
} else if (CHAINING(rdataset)) {
if (rdataset->type == dns_rdatatype_cname)
@@ -5396,6 +5391,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
eresult == DNS_R_NCACHENXRRSET);
}
event->result = eresult;
+ if (adbp != NULL && *adbp != NULL) {
+ if (anodep != NULL && *anodep != NULL)
+ dns_db_detachnode(*adbp, anodep);
+ dns_db_detach(adbp);
+ }
dns_db_attach(fctx->cache, adbp);
dns_db_transfernode(fctx->cache, &node, anodep);
clone_results(fctx);
@@ -5643,6 +5643,11 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
fctx->attributes |= FCTX_ATTR_HAVEANSWER;
if (event != NULL) {
event->result = eresult;
+ if (adbp != NULL && *adbp != NULL) {
+ if (anodep != NULL && *anodep != NULL)
+ dns_db_detachnode(*adbp, anodep);
+ dns_db_detach(adbp);
+ }
dns_db_attach(fctx->cache, adbp);
dns_db_transfernode(fctx->cache, &node, anodep);
clone_results(fctx);
@@ -6464,13 +6469,15 @@ static isc_result_t
answer_response(fetchctx_t *fctx) {
isc_result_t result;
dns_message_t *message;
- dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
+ dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name;
+ dns_name_t *cname = NULL;
dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t done, external, chaining, aa, found, want_chaining;
- isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
+ isc_boolean_t have_answer, found_cname, found_dname, found_type;
+ isc_boolean_t wanted_chaining;
unsigned int aflag;
dns_rdatatype_t type;
- dns_fixedname_t fdname, fqname;
+ dns_fixedname_t fdname, fqname, fqdname;
dns_view_t *view;
FCTXTRACE("answer_response");
@@ -6484,6 +6491,7 @@ answer_response(fetchctx_t *fctx) {
done = ISC_FALSE;
found_cname = ISC_FALSE;
+ found_dname = ISC_FALSE;
found_type = ISC_FALSE;
chaining = ISC_FALSE;
have_answer = ISC_FALSE;
@@ -6493,12 +6501,13 @@ answer_response(fetchctx_t *fctx) {
aa = ISC_TRUE;
else
aa = ISC_FALSE;
- qname = &fctx->name;
+ dqname = qname = &fctx->name;
type = fctx->type;
view = fctx->res->view;
+ dns_fixedname_init(&fqdname);
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (!done && result == ISC_R_SUCCESS) {
- dns_namereln_t namereln;
+ dns_namereln_t namereln, dnamereln;
int order;
unsigned int nlabels;
@@ -6506,6 +6515,8 @@ answer_response(fetchctx_t *fctx) {
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
+ dnamereln = dns_name_fullcompare(dqname, name, &order,
+ &nlabels);
if (namereln == dns_namereln_equal) {
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
@@ -6600,7 +6611,7 @@ answer_response(fetchctx_t *fctx) {
}
} else if (rdataset->type == dns_rdatatype_rrsig
&& rdataset->covers ==
- dns_rdatatype_cname
+ dns_rdatatype_cname
&& !found_type) {
/*
* We're looking for something else,
@@ -6630,11 +6641,18 @@ answer_response(fetchctx_t *fctx) {
* a CNAME or DNAME).
*/
INSIST(!external);
- if (aflag ==
- DNS_RDATASETATTR_ANSWER) {
+ if ((rdataset->type !=
+ dns_rdatatype_cname) ||
+ !found_dname ||
+ (aflag ==
+ DNS_RDATASETATTR_ANSWER))
+ {
have_answer = ISC_TRUE;
+ if (rdataset->type ==
+ dns_rdatatype_cname)
+ cname = name;
name->attributes |=
- DNS_NAMEATTR_ANSWER;
+ DNS_NAMEATTR_ANSWER;
}
rdataset->attributes |= aflag;
if (aa)
@@ -6728,11 +6746,11 @@ answer_response(fetchctx_t *fctx) {
return (DNS_R_FORMERR);
}
- if (namereln != dns_namereln_subdomain) {
+ if (dnamereln != dns_namereln_subdomain) {
char qbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
- dns_name_format(qname, qbuf,
+ dns_name_format(dqname, qbuf,
sizeof(qbuf));
dns_name_format(name, obuf,
sizeof(obuf));
@@ -6747,7 +6765,7 @@ answer_response(fetchctx_t *fctx) {
want_chaining = ISC_TRUE;
POST(want_chaining);
aflag = DNS_RDATASETATTR_ANSWER;
- result = dname_target(rdataset, qname,
+ result = dname_target(rdataset, dqname,
nlabels, &fdname);
if (result == ISC_R_NOSPACE) {
/*
@@ -6764,10 +6782,13 @@ answer_response(fetchctx_t *fctx) {
dname = dns_fixedname_name(&fdname);
if (!is_answertarget_allowed(view,
- qname, rdataset->type,
- dname, &fctx->domain)) {
+ dqname, rdataset->type,
+ dname, &fctx->domain))
+ {
return (DNS_R_SERVFAIL);
}
+ dqname = dns_fixedname_name(&fqdname);
+ dns_name_copy(dname, dqname, NULL);
} else {
/*
* We've found a signature that
@@ -6792,6 +6813,10 @@ answer_response(fetchctx_t *fctx) {
INSIST(!external);
if (aflag == DNS_RDATASETATTR_ANSWER) {
have_answer = ISC_TRUE;
+ found_dname = ISC_TRUE;
+ if (cname != NULL)
+ cname->attributes &=
+ ~DNS_NAMEATTR_ANSWER;
name->attributes |=
DNS_NAMEATTR_ANSWER;
}
diff --git a/version b/version
index 1aebb0ce7d62..d9ca69007dcd 100644
--- a/version
+++ b/version
@@ -7,5 +7,5 @@ MAJORVER=9
MINORVER=9
PATCHVER=9
RELEASETYPE=-P
-RELEASEVER=3
+RELEASEVER=4
EXTENSIONS=