ubuntu/+source/bind9:debian/stretch

Last commit made on 2018-03-10
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/bind9

Recent commits

9f58780... by Salvatore Bonaccorso on 2018-01-15

Import patches-unapplied version 1:9.10.3.dfsg.P4-12.3+deb9u4 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 914739121df134ac43bde61d53062f25b46038f4

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Addresses could be referenced after being freed in resolver.c, causing an
    assertion failure. (CVE-2017-3145)

9147391... by Ondřej Surý on 2017-08-28

Import patches-unapplied version 1:9.10.3.dfsg.P4-12.3+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: fc49ba32629a05714042621f1c3d5a2321879628

New changelog entries:
  [ Bernhard Schmidt ]
  * Import upcoming DNSSEC KSK-2017 from 9.10.5
  [ Ondřej Surý ]
  * Non-maintainer upload.
  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2017-3142_regression added, fix a regression introduced in with the
    correction for CVE-2017-3142.

fc49ba3... by Yves-Alexis Perez on 2017-06-30

Import patches-unapplied version 1:9.10.3.dfsg.P4-12.3+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 652cd0c4cdd5a30bd0cd47a2cf938e370a947c3d

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
      CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
      transfers. An attacker may be able to circumvent TSIG authentication of
      AXFR and Notify requests.
      CVE-2017-3143: error in TSIG authentication can permit unauthorized
      dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
      signature for a dynamic update.

652cd0c... by Salvatore Bonaccorso on 2017-05-07

Import patches-unapplied version 1:9.10.3.dfsg.P4-12.3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c30044bb4f227ba45157da2bc7417eef8c4d22ab

New changelog entries:
  * Non-maintainer upload.
  * Dns64 with "break-dnssec yes;" can result in a assertion failure
    (CVE-2017-3136) (Closes: #860224)
  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
    assertion failures (CVE-2017-3137) (Closes: #860225)
  * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
    (Closes: #860226)

c30044b... by James Cowgill on 2017-04-18

Import patches-unapplied version 1:9.10.3.dfsg.P4-12.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: adba86e10621f02099e662322905eb928e37614d

New changelog entries:
  * Non-maintainer upload.
  * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes
    hangs and crashes on MIPS. (Closes: #778720)

adba86e... by Bastian Blank on 2017-03-17

Import patches-unapplied version 1:9.10.3.dfsg.P4-12.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9a8f142324207abe0cbedb3c38ac7b73814b3582

New changelog entries:
  * Non-maintainer upload.
  * Use /dev/urandom to avoid blocking in the server process.
    (closes: #854243)

9a8f142... by Michael Gilbert <email address hidden> on 2017-02-19

Import patches-unapplied version 1:9.10.3.dfsg.P4-12 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7752df7abfd2d68c2c93266cf3d3744409e40dca

New changelog entries:
  * Merge and accept the non-maintainer upload.
  * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
  * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
    both DNS64 and RPZ are being used (closes: #855520).

7752df7... by Arturo Borrero Gonzalez on 2017-02-07

Import patches-unapplied version 1:9.10.3.dfsg.P4-11.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6ffa4c255a2e9bd3f80b09455daab71635f3f53a

New changelog entries:
  * Non-maintainer upload.
  * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
    Patch by Marc Haber <email address hidden> (Closes: #820974).

6ffa4c2... by Michael Gilbert <email address hidden> on 2017-01-19

Import patches-unapplied version 1:9.10.3.dfsg.P4-11 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cd03982cb475ef6ba14eada3f54deeed43dcf6ca

New changelog entries:
  * Fix some lintian warnings.
  * Add lsb-base dependency to lwresd (closes: #848519).
  * Fix CVE-2016-2775: crash in lwresd due to a long query name
    (closes: #831796).
  * Fix CVE-2016-2776: maliciously crafted query can cause named to crash
    (closes: #839010).
  * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
    named to crash (closes: #842858).
  * Fix CVE-2016-9131: maliciously crafted response to an ANY query can
    cause named to crash (closes: #851065).
  * Fix CVE-2016-9147: query with contradictory DNSSEC information can
    cause named to crash (closes: #851063).
  * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
    record can cause named to crash (closes: #851062).
  * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
    (closes: #828082).
  [ LaMont Jones ]
  * Update VCS fields in control.
  * -DDIG_SIGCHASE got dropped by the change in hardening.
  [ Stefan Bader ]
  * Use the defaults file in systemd.

cd03982... by Christian Hofstaedtler on 2016-07-02

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 055083d85aa4aac7a66245cc4fd20ec5abe15bc9

New changelog entries:
  * Non-maintainer upload.
  * Add explicit ordering for nss-lookup.target in bind9.service,
    lwresd.service. Patches by Michael Biebl <email address hidden>.
    (Closes: #826243, #826245)