--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/patches/005-RT9522.patch	Wed Jan 20 16:41:39 2016 +0000
@@ -0,0 +1,44 @@
+This patch was derived from ISC source differences between bind-9.10.3-P2 and bind-9.10.3-P3
+
+diff -r f899dcaa07f7 CHANGES
+--- a/CHANGES	Fri Jan 15 12:48:27 2016 +0000
++++ b/CHANGES	Fri Jan 15 13:12:34 2016 +0000
+@@ -1,3 +1,8 @@
++	--- 9.6-ESV-R11-P5 released ---
++
++4285.	[security]	Specific APL data could trigger a INSIST.
++			(CVE-2015-8704) [RT #41396]
++
+ 	--- 9.6-ESV-R11-P4 released ---
+ 
+ 4260.	[security]	Insufficient testing when parsing a message allowed
+diff -r f899dcaa07f7 lib/dns/rdata/in_1/apl_42.c
+--- a/lib/dns/rdata/in_1/apl_42.c	Fri Jan 15 12:48:27 2016 +0000
++++ b/lib/dns/rdata/in_1/apl_42.c	Fri Jan 15 13:12:34 2016 +0000
+@@ -116,7 +116,7 @@
+ 	isc_uint8_t len;
+ 	isc_boolean_t neg;
+ 	unsigned char buf[16];
+-	char txt[sizeof(" !64000")];
++	char txt[sizeof(" !64000:")];
+ 	const char *sep = "";
+ 	int n;
+ 
+@@ -140,7 +140,7 @@
+ 		isc_region_consume(&sr, 1);
+ 		INSIST(len <= sr.length);
+ 		n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-			     neg ? "!": "", afi);
++			     neg ? "!" : "", afi);
+ 		INSIST(n < (int)sizeof(txt));
+ 		RETERR(str_totext(txt, target));
+ 		switch (afi) {
+diff -r f899dcaa07f7 version
+--- a/version	Fri Jan 15 12:48:27 2016 +0000
++++ b/version	Fri Jan 15 13:12:34 2016 +0000
+@@ -10,4 +10,4 @@
+ PATCHVER=
+ RELEASETYPE=-ESV
+ RELEASEVER=-R11
+-EXTENSIONS=-P4
++EXTENSIONS=-P5