ubuntu/+source/bind9:ubuntu/xenial-proposed

Last commit made on 2017-11-08
Get this branch:
git clone -b ubuntu/xenial-proposed https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-proposed
Repository:
lp:ubuntu/+source/bind9

Recent commits

802816e... by Andreas Hasenack on 2017-11-06

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: cc1c0c21b3990155234416d1c803fe18049a990e
Upload parent: 79ab6e7438ad26be74098a893717ef8098cdae8b

New changelog entries:
  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

79ab6e7... by Andreas Hasenack on 2017-11-06

changelog

67d4b7d... by Andreas Hasenack on 2017-11-06

  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

cc1c0c2... by Marc Deslauriers on 2017-09-15

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 7744d0657bed6e7aaf6275179e0b032eeb5b29bd

New changelog entries:
  * SECURITY REGRESSION: regression in last security update
    - debian/patches/CVE-2017-3142-regression.patch: fix verification of
      TSIG signed TCP message sequences where not all the messages contain
      TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
  * debian/patches/update_keys.patch: Update the built in managed keys to
    include the upcoming root KSK in bind.keys, bind.keys.h.

da88765... by Marc Deslauriers on 2017-09-15

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 627768fe0cfa3484fef4a17dbd798aae4350b726

New changelog entries:
  * SECURITY REGRESSION: regression in last security update
    - debian/patches/CVE-2017-3142-regression.patch: fix verification of
      TSIG signed TCP message sequences where not all the messages contain
      TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
  * debian/patches/update_keys.patch: Update the built in managed keys to
    include the upcoming root KSK in bind.keys, bind.keys.h.

7744d06... by Marc Deslauriers on 2017-06-29

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: eb6fd53d13e1a6973b99f0f5df0e027baf295cf6

New changelog entries:
  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

627768f... by Marc Deslauriers on 2017-06-29

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Publish parent: 82a0f42921cd52c4f8ca23df84eaca1cbe4147be

New changelog entries:
  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

eb6fd53... by Steve Beattie on 2017-04-12

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 3b40698a2ad7ee34f9ce00ab64c582447df3b1eb

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
      called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - debian/patches/CVE-2017-3137.patch: don't expect a specific
      ordering of answer components; add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
      command token is given; add testcase.
    - CVE-2017-3138

82a0f42... by Steve Beattie on 2017-04-12

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.6 to ubuntu/xenial-security

Imported using usd-importer.

Publish parent: 90f9bdb8c067c86420bc2e51a1e3f026045571e1

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
      called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - debian/patches/CVE-2017-3137.patch: don't expect a specific
      ordering of answer components; add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
      command token is given; add testcase.
    - CVE-2017-3138

3b40698... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 1:9.10.3.dfsg.P4-8ubuntu1.5 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f80a80619f0eb28a1fb4db4b92b2ea6cb1d3c194

New changelog entries:
  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
      combination in bin/named/query.c, lib/dns/message.c,
      lib/dns/rdataset.c.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
      was still being cached when it should have been in lib/dns/resolver.c,
      added tests to bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
    - No CVE number