ubuntu/+source/bind9:ubuntu/precise-devel

Last commit made on 2017-04-17
Get this branch:
git clone -b ubuntu/precise-devel https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-devel
Repository:
lp:ubuntu/+source/bind9

Recent commits

198b16e... by Steve Beattie on 2017-04-13

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.22 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4dcd37adb9d87170356960c574f51a9247f4b31a

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - CVE-2017-3138

4dcd37a... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.21 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a059f1fa1f9e0f50666cd52adff62abc345f7bbc

New changelog entries:
  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

a059f1f... by Marc Deslauriers on 2017-01-09

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.20 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 434fc25f1042dd6d0e25aea673c29126b08f025d

New changelog entries:
  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

434fc25... by Marc Deslauriers on 2016-10-31

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.19 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8dc4e9a0e522b170dfe6b3a3df38ca1148c2d5f1

New changelog entries:
  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

8dc4e9a... by Marc Deslauriers on 2016-10-17

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.18 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 450e1260e69a748fa15125b0bfacabf200e16431

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed options
    - Backported upstream commit 4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
    - CVE-2016-2848

450e126... by Marc Deslauriers on 2016-09-26

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 11e5eba4fb4808a78ba9a603c1eb56583105c4f4

New changelog entries:
  * SECURITY UPDATE: denial of service via assertion failure
    - lib/dns/message.c: properly handle lengths.
    - backported from patch provided by upstream.
    - CVE-2016-2776

11e5eba... by Marc Deslauriers on 2016-03-08

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.16 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 28085abdbf3704780dd805601e05d9140212b815

New changelog entries:
  * SECURITY UPDATE: denial of service via rndc control channel input
    parsing error
    - properly check data in bin/named/control.c, bin/named/controlconf.c,
      bin/rndc/rndc.c, lib/isccc/cc.c.
    - CVE-2016-1285
  * SECURITY UPDATE: denial of service via resource record signatures
    parsing issue
    - fix improper DNAME handling in lib/dns/resolver.c.
    - CVE-2016-1286

28085ab... by Marc Deslauriers on 2016-01-18

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.15 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8738cc737812805a6ebae88028e3d938461ac90b

New changelog entries:
  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

8738cc7... by Marc Deslauriers on 2015-12-14

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.14 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: df9f2e99686c356b672a17f3a76aef5bdfc7db81

New changelog entries:
  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

df9f2e9... by Marc Deslauriers on 2015-09-01

Import patches-unapplied version 1:9.8.1.dfsg.P1-4ubuntu0.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f24d740dd1728a57f66eb2795e7fc908f90abd9e

New changelog entries:
  * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
    via malformed keys
    - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
      lib/dns/ncache.c, lib/dns/openssldh_link.c,
      lib/dns/openssldsa_link.c, lib/dns/opensslrsa_link.c,
      lib/dns/resolver.c.
    - CVE-2015-5722