ubuntu/+source/bind9:applied/ubuntu/precise-devel

Last commit made on 2017-04-17
Get this branch:
git clone -b applied/ubuntu/precise-devel https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-devel
Repository:
lp:ubuntu/+source/bind9

Recent commits

d125eb9... by Steve Beattie on 2017-04-13

Import patches-applied version 1:9.8.1.dfsg.P1-4ubuntu0.22 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 6b95c611fb08556435bc674d8a295eb835ce5b5c
Unapplied parent: 198b16ea6bc8f3f9209f264be6fe3db063180b8e

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - CVE-2017-3138

198b16e... by Steve Beattie on 2017-04-13

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.22 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4dcd37adb9d87170356960c574f51a9247f4b31a

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - CVE-2017-3138

6b95c61... by Marc Deslauriers on 2017-02-15

Import patches-applied version 1:9.8.1.dfsg.P1-4ubuntu0.21 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b4b5014c8be587dfddc9cb09b1f7ea9ed29b22dd
Unapplied parent: 4dcd37adb9d87170356960c574f51a9247f4b31a

New changelog entries:
  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

4dcd37a... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.21 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a059f1fa1f9e0f50666cd52adff62abc345f7bbc

New changelog entries:
  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

b4b5014... by Marc Deslauriers on 2017-01-09

Import patches-applied version 1:9.8.1.dfsg.P1-4ubuntu0.20 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: facc78b84fef9f3bcb697c444d0fc78e522e4e28
Unapplied parent: a059f1fa1f9e0f50666cd52adff62abc345f7bbc

New changelog entries:
  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

a059f1f... by Marc Deslauriers on 2017-01-09

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.20 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 434fc25f1042dd6d0e25aea673c29126b08f025d

New changelog entries:
  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

facc78b... by Marc Deslauriers on 2016-10-31

Import patches-applied version 1:9.8.1.dfsg.P1-4ubuntu0.19 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: edbe9ab5e553fb5fe74746051e02cb950a9fd090
Unapplied parent: 434fc25f1042dd6d0e25aea673c29126b08f025d

New changelog entries:
  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

434fc25... by Marc Deslauriers on 2016-10-31

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.19 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8dc4e9a0e522b170dfe6b3a3df38ca1148c2d5f1

New changelog entries:
  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

edbe9ab... by Marc Deslauriers on 2016-10-17

Import patches-applied version 1:9.8.1.dfsg.P1-4ubuntu0.18 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 45ccd81c9abb002f777a428499bcf8fad43d8404
Unapplied parent: 8dc4e9a0e522b170dfe6b3a3df38ca1148c2d5f1

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed options
    - Backported upstream commit 4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
    - CVE-2016-2848

8dc4e9a... by Marc Deslauriers on 2016-10-17

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.18 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 450e1260e69a748fa15125b0bfacabf200e16431

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed options
    - Backported upstream commit 4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
    - CVE-2016-2848