Page MenuHomeSolus
Differential D381

Update to 9.11.1_P1
ClosedPublic
Actions

Authored by poltertec on Jun 13 2017, 9:48 PM.
Tags
Referenced Files
F10907066: D381.id1058.diff
Jul 6 2023, 5:09 PM
F10900930: D381.id1140.diff
Jul 4 2023, 2:56 PM
F10855981: D381.id811.diff
Jun 14 2023, 6:35 PM
F10839420: D381.id1140.diff
Jun 9 2023, 8:41 PM
F10838996: D381.id1058.diff
Jun 9 2023, 6:57 PM
F10837825: D381.id811.diff
Jun 9 2023, 7:46 AM
F10834283: D381.diff
Jun 7 2023, 9:46 AM
F10819976: D381.diff
Jun 2 2023, 12:30 AM
View All 12 Files
Subscribers
JoshStrobl
poltertec
sunnyflunk
Triage Team

Details

Reviewers
JoshStrobl
sunnyflunk
Group Reviewers
Triage Team
Commits
R431:59e52e944c2e: Update to 9.11.1_P1
Summary

This update addresses the following CVEs:
• CVE-2017-3141
• CVE-2017-3140

Feature Changes:
• dnstap now stores both the local and remote addresses for all messages, instead of only the remote
address. The default output format for dnstap-read has been updated to include these addresses,
with the initiating address first and the responding address second, separated by "-%gt;" or "%lt;-"
to indicate in which direction the message was sent.
• Expanded and improved the YAML output from dnstap-read -y: it now includes packet size and
a detailed breakdown of message contents.
• If an ACL is specified with an address prefix in which the prefix length is longer than the address
portion (for example, 192.0.2.1/8), named will now log a warning. In future releases this will be a
fatal configuration error.

Bug Fixes:
• named could deadlock if multiple changes to NSEC/NSEC3 parameters for the same zone were
being processed at the same time.
• named could trigger an assertion when sending NOTIFY messages.
• Referencing a nonexistent zone in a response-policy statement could cause an assertion failure
during configuration.
• rndc addzone could cause a crash when attempting to add a zone with a type other than master
or slave. Such zones are now rejected.
• named could hang when encountering log file names with large apparent gaps in version number
(for example, when files exist called "logfile.0", "logfile.1", and "logfile.1482954169"). This is now
handled correctly.
• If a zone was updated while named was processing a query for nonexistent data, it could return
out-of-sync NSEC3 records causing potential DNSSEC validation failure.

Diff Detail

Repository
R431 bind-utils
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

poltertec created this revision.Jun 13 2017, 9:48 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptJun 13 2017, 9:48 PM
poltertec added a project: Patch Submission.Jun 13 2017, 9:49 PM
poltertec added subscribers: poltertec, Triage Team.Jun 15 2017, 10:28 PM
JoshStrobl requested changes to this revision.Jun 24 2017, 6:29 PM
JoshStrobl added a subscriber: JoshStrobl.

I believe you should be using patchset 1: ftp://ftp.isc.org/isc/bind9/9.11.1-P1/

This revision now requires changes to proceed.Jun 24 2017, 6:29 PM
poltertec updated this revision to Diff 1058.Jun 24 2017, 10:27 PM
poltertec edited edge metadata.

Update to 9.11.1_P1

poltertec retitled this revision from Update to 9.11.1 to Update to 9.11.1_P1.Jun 24 2017, 10:32 PM
poltertec edited the summary of this revision. (Show Details)
poltertec edited the summary of this revision. (Show Details)Jun 25 2017, 10:39 AM
sunnyflunk accepted this revision.Jun 30 2017, 10:29 AM
sunnyflunk added a subscriber: sunnyflunk.

LGTM. thanks

Closed by commit R431:59e52e944c2e: Update to 9.11.1_P1 (authored by poltertec, committed by sunnyflunk). · Explain WhyJun 30 2017, 10:30 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
6 lines
14 lines

Diff 1140

View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.