ubuntu/+source/bind9:ubuntu/trusty-devel

Last commit made on 2019-02-22
Get this branch:
git clone -b ubuntu/trusty-devel https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-devel
Repository:
lp:ubuntu/+source/bind9

Recent commits

aa1a789... by Marc Deslauriers on 2019-02-20

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.19 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ded96db9a2664bedb6d0053a62d2309893ddf5f2

New changelog entries:
  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - lib/dns/zone.c: enhance rfc 5011 logging
    - lib/dns/include/dst/dst.h, lib/dns/zone.c: properly handle situations
      when the key tag cannot be computed.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - bin/named/xfrout.c: handle zone transfers marked in the zone table as
      a DLZ zone.
    - CVE-2019-6465

ded96db... by Marc Deslauriers on 2018-09-19

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.18 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7fb10de6676c8f534b6f0bb5e5bfdab50bdfef04

New changelog entries:
  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - lib/dns/resolver.c: explicit DNAME query could trigger a crash if
      deny-answer-aliases was set
    - Patch backported from 9.9.13-P1.
    - CVE-2018-5740

7fb10de... by Marc Deslauriers on 2018-01-16

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.17 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b8bcd698c1ccaf4e7a71cf3e28abe2ba92c72a71

New changelog entries:
  * SECURITY UPDATE: assertion failure via improper cleanup
    - lib/dns/resolver.c: fix cleanup handling.
    - Patch backported from 9.9.11-P1.
    - CVE-2017-3145

b8bcd69... by Marc Deslauriers on 2017-09-15

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.16 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2bec1e0526784f4d8cb3f22b20625d0514982cc9

New changelog entries:
  * SECURITY REGRESSION: regression in last security update
    - fix verification of TSIG signed TCP message sequences where not all
      the messages contain TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
    - 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
  * Update the built in managed keys to include the upcoming root KSK in
    bind.keys, bin/named/bind.keys.h.
    - 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7

2bec1e0... by Marc Deslauriers on 2017-06-29

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.15 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: e24127338a71b4a5dba41e8073395f3e996afc46

New changelog entries:
  * SECURITY UPDATE: TSIG authentication issues
    - lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c: fix TSIG logic.
    - CVE-2017-3142
    - CVE-2017-3143

e241273... by Steve Beattie on 2017-04-12

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.14 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3ecbd1dc66cbd0dc5807ca68a0e2dd11de51d852

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - bin/tests/system/rndc/tests.sh: add testcase.
    - CVE-2017-3138

3ecbd1d... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 31c49d986d0c8b2475c6be71986a13a7cadb096e

New changelog entries:
  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

31c49d9... by LaMont Jones on 2017-02-03

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.12 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: d20e8b51a77de15dc3b51937b4bee528da491ad3

New changelog entries:
  * Backport (70_precise_mtime.diff) 18b87b2a58d422fe4d3073540bf89b5a812ed2e5
    to trusty. LP: #1553176

d20e8b5... by Marc Deslauriers on 2017-01-09

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.11 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: e3d6a3ad185d0eb3d6a23f6a10c473ad22c9d1c3

New changelog entries:
  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - lib/dns/message.c, lib/dns/resolver.c: handle missing RRSIGs.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

e3d6a3a... by Marc Deslauriers on 2016-10-31

Import patches-unapplied version 1:9.9.5.dfsg-3ubuntu0.10 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ef2709cf1c7da6fd5a5a7aed482398dd98ee3f23

New changelog entries:
  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864