From owner-svn-src-all@FreeBSD.ORG Tue Jul 28 23:59:22 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC5E7106568C; Tue, 28 Jul 2009 23:59:22 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id AECA28FC15; Tue, 28 Jul 2009 23:59:22 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6SNxMl7047459; Tue, 28 Jul 2009 23:59:22 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6SNxMib047455; Tue, 28 Jul 2009 23:59:22 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <200907282359.n6SNxMib047455@svn.freebsd.org> From: Doug Barton Date: Tue, 28 Jul 2009 23:59:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r195933 - in stable/7/contrib/bind9: . bin/named lib/dns X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2009 23:59:23 -0000 Author: dougb Date: Tue Jul 28 23:59:22 2009 New Revision: 195933 URL: http://svn.freebsd.org/changeset/base/195933 Log: Update to version 9.4.3-P3 which addresses a remote DoS vulnerability: Receipt of a specially-crafted dynamic update message may cause BIND 9 servers to exit. This vulnerability affects all servers -- it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround. More details can be found here: https://www.isc.org/node/474 All BIND users are encouraged to update to a patched version ASAP. Modified: stable/7/contrib/bind9/ (props changed) stable/7/contrib/bind9/CHANGES (contents, props changed) stable/7/contrib/bind9/bin/named/update.c stable/7/contrib/bind9/lib/dns/validator.c (props changed) stable/7/contrib/bind9/version (contents, props changed) Modified: stable/7/contrib/bind9/CHANGES ============================================================================== --- stable/7/contrib/bind9/CHANGES Tue Jul 28 23:42:39 2009 (r195932) +++ stable/7/contrib/bind9/CHANGES Tue Jul 28 23:59:22 2009 (r195933) @@ -1,3 +1,8 @@ + --- 9.4.3-P3 released --- + +2640. [security] A specially crafted update packet will cause named + to exit. [RT #20000] + --- 9.4.3-P2 released --- 2579. [bug] DNSSEC lookaside validation failed to handle unknown Modified: stable/7/contrib/bind9/bin/named/update.c ============================================================================== --- stable/7/contrib/bind9/bin/named/update.c Tue Jul 28 23:42:39 2009 (r195932) +++ stable/7/contrib/bind9/bin/named/update.c Tue Jul 28 23:59:22 2009 (r195933) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.109.18.27 2008/02/07 03:16:08 marka Exp $ */ +/* $Id: update.c,v 1.109.18.27.4.1 2009/07/28 13:57:27 marka Exp $ */ #include @@ -865,7 +865,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t * if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* Modified: stable/7/contrib/bind9/version ============================================================================== --- stable/7/contrib/bind9/version Tue Jul 28 23:42:39 2009 (r195932) +++ stable/7/contrib/bind9/version Tue Jul 28 23:59:22 2009 (r195933) @@ -1,4 +1,4 @@ -# $Id: version,v 1.29.134.23.2.2 2009/03/17 02:23:49 marka Exp $ +# $Id: version,v 1.29.134.23.2.3 2009/07/28 13:57:27 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=4 PATCHVER=3 RELEASETYPE=-P -RELEASEVER=2 +RELEASEVER=3