From owner-svn-src-all@FreeBSD.ORG  Wed Jul 29 00:15:40 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1A0A1106564A;
	Wed, 29 Jul 2009 00:15:40 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id E1C988FC17;
	Wed, 29 Jul 2009 00:15:39 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6T0FduV047960;
	Wed, 29 Jul 2009 00:15:39 GMT (envelope-from dougb@svn.freebsd.org)
Received: (from dougb@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6T0Fd3L047955;
	Wed, 29 Jul 2009 00:15:39 GMT (envelope-from dougb@svn.freebsd.org)
Message-Id: <200907290015.n6T0Fd3L047955@svn.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Wed, 29 Jul 2009 00:15:39 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r195936 - in head/contrib/bind9: . bin/named
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2009 00:15:40 -0000

Author: dougb
Date: Wed Jul 29 00:15:39 2009
New Revision: 195936
URL: http://svn.freebsd.org/changeset/base/195936

Log:
  Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
  
  	Receipt of a specially-crafted dynamic update message may
  	cause BIND 9 servers to exit. This vulnerability affects all
  	servers -- it is not limited to those that are configured to
  	allow dynamic updates. Access controls will not provide an
  	effective workaround.
  
  More details can be found here: https://www.isc.org/node/474
  
  All BIND users are encouraged to update to a patched version ASAP.
  
  Approved by:	re (re -> SO -> dougb)

Modified:
  head/contrib/bind9/   (props changed)
  head/contrib/bind9/CHANGES
  head/contrib/bind9/bin/named/update.c
  head/contrib/bind9/version

Modified: head/contrib/bind9/CHANGES
==============================================================================
--- head/contrib/bind9/CHANGES	Wed Jul 29 00:14:14 2009	(r195935)
+++ head/contrib/bind9/CHANGES	Wed Jul 29 00:15:39 2009	(r195936)
@@ -1,3 +1,7 @@
+	--- 9.6.1-P1 released ---
+
+2640.	[security]	A specially crafted update packet will cause named
+			to exit. [RT #20000]
 
 	--- 9.6.1 released ---
 

Modified: head/contrib/bind9/bin/named/update.c
==============================================================================
--- head/contrib/bind9/bin/named/update.c	Wed Jul 29 00:14:14 2009	(r195935)
+++ head/contrib/bind9/bin/named/update.c	Wed Jul 29 00:15:39 2009	(r195936)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.151.12.5 2009/04/30 07:03:37 marka Exp $ */
+/* $Id: update.c,v 1.151.12.5.12.1 2009/07/28 14:18:08 marka Exp $ */
 
 #include <config.h>
 
@@ -979,7 +979,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*

Modified: head/contrib/bind9/version
==============================================================================
--- head/contrib/bind9/version	Wed Jul 29 00:14:14 2009	(r195935)
+++ head/contrib/bind9/version	Wed Jul 29 00:15:39 2009	(r195936)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.5 2009/06/04 04:02:41 marka Exp $
+# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=6
 PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1