From owner-cvs-src-old@FreeBSD.ORG Sun Feb 7 20:28:56 2010 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C8291065786 for ; Sun, 7 Feb 2010 20:28:56 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 271DA8FC08 for ; Sun, 7 Feb 2010 20:28:56 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o17KSuRL077290 for ; Sun, 7 Feb 2010 20:28:56 GMT (envelope-from dougb@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o17KSuLL077289 for cvs-src-old@freebsd.org; Sun, 7 Feb 2010 20:28:56 GMT (envelope-from dougb@repoman.freebsd.org) Message-Id: <201002072028.o17KSuLL077289@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to dougb@repoman.freebsd.org using -f From: Doug Barton Date: Sun, 7 Feb 2010 20:28:24 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: RELENG_8 Subject: cvs commit: src/contrib/bind9 CHANGES FAQ FAQ.xml version src/contrib/bind9/bin/dnssec dnssec-signzone.8 dnssec-signzone.html src/contrib/bind9/bin/named query.c src/contrib/bind9/doc/arm Bv9ARM.pdf man.dnssec-signzone.html man.named-checkconf.html ... X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 20:28:56 -0000 dougb 2010-02-07 20:28:24 UTC FreeBSD src repository Modified files: (Branch: RELENG_8) contrib/bind9 CHANGES FAQ FAQ.xml version contrib/bind9/bin/dnssec dnssec-signzone.8 dnssec-signzone.html contrib/bind9/bin/named query.c contrib/bind9/doc/arm Bv9ARM.pdf man.dnssec-signzone.html man.named-checkconf.html man.named-checkzone.html man.named.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html contrib/bind9/lib/dns rbtdb.c resolver.c validator.c contrib/bind9/lib/dns/include/dns db.h ncache.h types.h contrib/bind9/lib/lwres/man lwres.html lwres_buffer.html lwres_config.html lwres_context.html lwres_gabn.html lwres_gai_strerror.html lwres_getaddrinfo.html lwres_gethostent.html lwres_getipnode.html lwres_getnameinfo.html lwres_getrrsetbyname.html lwres_gnba.html lwres_hstrerror.html lwres_inetntop.html lwres_noop.html lwres_packet.html lwres_resutil.html Log: SVN rev 203635 on 2010-02-07 20:28:24Z by dougb MFC 202961: Upgrade to BIND 9.6.1-P3. This version address the following vulnerabilities: BIND 9 Cache Update from Additional Section https://www.isc.org/advisories/CVE-2009-4022v6 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses https://www.isc.org/advisories/CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly These issues only affect systems with DNSSEC validation enabled. Revision Changes Path 1.9.2.2 +12 -0 src/contrib/bind9/CHANGES 1.3.2.1 +17 -12 src/contrib/bind9/FAQ 1.3.2.1 +18 -13 src/contrib/bind9/FAQ.xml 1.4.2.1 +229 -105 src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.4.2.1 +8 -8 src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.3.2.2 +7 -47 src/contrib/bind9/bin/named/query.c 1.4.2.1 +7344 -7152 src/contrib/bind9/doc/arm/Bv9ARM.pdf 1.4.2.1 +8 -8 src/contrib/bind9/doc/arm/man.dnssec-signzone.html 1.4.2.1 +6 -6 src/contrib/bind9/doc/arm/man.named-checkconf.html 1.4.2.1 +6 -6 src/contrib/bind9/doc/arm/man.named-checkzone.html 1.4.2.1 +8 -8 src/contrib/bind9/doc/arm/man.named.html 1.2.2.1 +7 -7 src/contrib/bind9/doc/arm/man.nsupdate.html 1.4.2.1 +6 -6 src/contrib/bind9/doc/arm/man.rndc-confgen.html 1.4.2.1 +6 -6 src/contrib/bind9/doc/arm/man.rndc.conf.html 1.4.2.1 +6 -6 src/contrib/bind9/doc/arm/man.rndc.html 1.2.2.1 +10 -9 src/contrib/bind9/lib/dns/include/dns/db.h 1.2.2.1 +2 -2 src/contrib/bind9/lib/dns/include/dns/ncache.h 1.2.2.2 +3 -1 src/contrib/bind9/lib/dns/include/dns/types.h 1.3.2.2 +3 -1 src/contrib/bind9/lib/dns/rbtdb.c 1.6.2.2 +13 -23 src/contrib/bind9/lib/dns/resolver.c 1.4.2.2 +7 -7 src/contrib/bind9/lib/dns/validator.c 1.2.2.1 +7 -7 src/contrib/bind9/lib/lwres/man/lwres.html 1.2.2.1 +3 -3 src/contrib/bind9/lib/lwres/man/lwres_buffer.html 1.2.2.1 +6 -6 src/contrib/bind9/lib/lwres/man/lwres_config.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_context.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_gabn.html 1.2.2.1 +4 -4 src/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html 1.2.2.1 +6 -6 src/contrib/bind9/lib/lwres/man/lwres_gethostent.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_getipnode.html 1.2.2.1 +6 -6 src/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_gnba.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_hstrerror.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_inetntop.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_noop.html 1.2.2.1 +4 -4 src/contrib/bind9/lib/lwres/man/lwres_packet.html 1.2.2.1 +5 -5 src/contrib/bind9/lib/lwres/man/lwres_resutil.html 1.9.2.2 +2 -2 src/contrib/bind9/version