From 588284218a5989f369c51a456a3b924f50d71eb7 Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Wed, 10 May 2017 22:06:46 -0700 Subject: [PATCH] bind: Update to bind-9.10.5 This change includes fixes for several security issues: * CVE-2017-3138: rndc "" could trigger an assertion failure in named. * CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. * CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion failure. * CVE-2017-3135: If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. * CVE-2016-9444: named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. * CVE-2016-9131: named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. * CVE-2016-9131: named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. * CVE-2016-8864: It was possible to trigger assertions when processing responses containing answers of type DNAME. * CVE-2016-6170: Added the ability to specify the maximum number of records permitted in a zone (max-records #;). This provides a mechanism to block overly large zone transfers, which is a potential risk with slave zones from other parties. * CVE-2016-2776: It was possible to trigger an assertion when rendering a message using a specially crafted request. * CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could trigger an infinite recursion bug in lwresd or named with lwres configured if, when combined with a search list entry from resolv.conf, the resulting name is too long. Signed-off-by: Noah Meyerhans --- net/bind/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bind/Makefile b/net/bind/Makefile index a4a8b8510..033e93f9d 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.10.4-P5 +PKG_VERSION:=9.10.5 PKG_RELEASE:=1 USERID:=bind=57:bind=57 @@ -20,7 +20,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ ftp://ftp.isc.org/isc/bind9/$(PKG_VERSION) \ http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_MD5SUM:=c53a3e34e7aabb16820b036ae9afd3c9 +PKG_MD5SUM:=8359e000eaec76efd6dfa186c12c3b93 PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4