Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
22338063 Upgrade BIND to 9.6-ESV-R11-P4
authorStacey Marshall <Stacey.Marshall@Oracle.COM>
Wed, 16 Dec 2015 08:57:57 +0000
changeset 5200 07b9fdb30f45
parent 5199 36df3dbf2f0f
child 5201 fcbaf4272e09
22338063 Upgrade BIND to 9.6-ESV-R11-P4 22269064 problem in SERVICE/DNS-SERVER
components/bind/Makefile file | annotate | diff | comparison | revisions
components/bind/patches/004-RT9171.patch file | annotate | diff | comparison | revisions 
--- a/components/bind/Makefile	Tue Dec 15 09:07:54 2015 -0800
+++ b/components/bind/Makefile	Wed Dec 16 08:57:57 2015 +0000
@@ -24,8 +24,8 @@
 
 COMPONENT_NAME=		bind
 COMPONENT_VERSION=	9.6-ESV-R11
-HUMAN_VERSION=		$(COMPONENT_VERSION)-P3
-IPS_COMPONENT_VERSION=	9.6.3.11.3
+HUMAN_VERSION=		$(COMPONENT_VERSION)-P4
+IPS_COMPONENT_VERSION=	9.6.3.11.4
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_PROJECT_URL=	http://www.isc.org/software/bind/
@@ -37,7 +37,7 @@
 	http://ftp.isc.org/isc/bind9/$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	service/dns-server
 
-TPNO=			24244
+TPNO=			25905
 
 include $(WS_MAKE_RULES)/prep.mk
 include $(WS_MAKE_RULES)/configure.mk
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/patches/004-RT9171.patch	Wed Dec 16 08:57:57 2015 +0000
@@ -0,0 +1,209 @@
+This patch was derived from ISC source differences between bind-9.9.8
+and bind-9.9.8-P1.
+
+diff -u -r bind-9.6-ESV-R11/CHANGES security_fix/CHANGES
+--- bind-9.6-ESV-R11/CHANGES	2015-11-25 10:51:09.302761399 +0000
++++ security_fix/CHANGES	2015-11-25 11:09:12.099398001 +0000
+@@ -1,3 +1,10 @@
++	--- 9.6-ESV-R11-P4 released ---
++
++4260.	[security]	Insufficient testing when parsing a message allowed
++			records with an incorrect class to be be accepted,
++			triggering a REQUIRE failure when those records
++			were subsequently cached. (CVE-2015-8000) [RT #40987]
++
+ 	--- 9.6-ESV-R11-P3 released ---
+ 
+ 4168.	[security]	A buffer accounting error could trigger an
+diff -u -r bind-9.6-ESV-R11/lib/dns/include/dns/message.h security_fix/lib/dns/include/dns/message.h
+--- bind-9.6-ESV-R11/lib/dns/include/dns/message.h	2014-01-27 19:00:45.000000000 +0000
++++ security_fix/lib/dns/include/dns/message.h	2015-11-25 10:36:05.092923013 +0000
+@@ -15,8 +15,6 @@
+  * PERFORMANCE OF THIS SOFTWARE.
+  */
+ 
+-/* $Id$ */
+-
+ #ifndef DNS_MESSAGE_H
+ #define DNS_MESSAGE_H 1
+ 
+@@ -207,6 +205,8 @@
+ 	unsigned int			verify_attempted : 1;
+ 	unsigned int			free_query : 1;
+ 	unsigned int			free_saved : 1;
++	unsigned int			tkey : 1;
++	unsigned int			rdclass_set : 1;
+ 
+ 	unsigned int			opt_reserved;
+ 	unsigned int			sig_reserved;
+@@ -1363,6 +1363,15 @@
+  * \li	 other.
+  */
+ 
++void
++dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass);
++/*%<
++ * Set the expected class of records in the response.
++ *
++ * Requires:
++ * \li   msg be a valid message with parsing intent.
++ */
++
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_MESSAGE_H */
+diff -u -r bind-9.6-ESV-R11/lib/dns/message.c security_fix/lib/dns/message.c
+--- bind-9.6-ESV-R11/lib/dns/message.c	2014-01-27 19:00:45.000000000 +0000
++++ security_fix/lib/dns/message.c	2015-11-25 10:36:05.089305076 +0000
+@@ -436,6 +436,8 @@
+ 	m->saved.base = NULL;
+ 	m->saved.length = 0;
+ 	m->free_saved = 0;
++	m->tkey = 0;
++	m->rdclass_set = 0;
+ 	m->querytsig = NULL;
+ }
+ 
+@@ -1084,13 +1086,19 @@
+ 		 * If this class is different than the one we already read,
+ 		 * this is an error.
+ 		 */
+-		if (msg->state == DNS_SECTION_ANY) {
+-			msg->state = DNS_SECTION_QUESTION;
++		if (msg->rdclass_set == 0) {
+ 			msg->rdclass = rdclass;
++			msg->rdclass_set = 1;
+ 		} else if (msg->rdclass != rdclass)
+ 			DO_FORMERR;
+ 
+ 		/*
++		 * Is this a TKEY query?
++		 */
++		if (rdtype == dns_rdatatype_tkey)
++			msg->tkey = 1;
++
++		/*
+ 		 * Can't ask the same question twice.
+ 		 */
+ 		result = dns_message_find(name, rdclass, rdtype, 0, NULL);
+@@ -1234,12 +1242,12 @@
+ 		 * If there was no question section, we may not yet have
+ 		 * established a class.  Do so now.
+ 		 */
+-		if (msg->state == DNS_SECTION_ANY &&
++		if (msg->rdclass_set == 0 &&
+ 		    rdtype != dns_rdatatype_opt &&	/* class is UDP SIZE */
+ 		    rdtype != dns_rdatatype_tsig &&	/* class is ANY */
+ 		    rdtype != dns_rdatatype_tkey) {	/* class is undefined */
+ 			msg->rdclass = rdclass;
+-			msg->state = DNS_SECTION_QUESTION;
++			msg->rdclass_set = 1;
+ 		}
+ 
+ 		/*
+@@ -1249,7 +1257,7 @@
+ 		if (msg->opcode != dns_opcode_update
+ 		    && rdtype != dns_rdatatype_tsig
+ 		    && rdtype != dns_rdatatype_opt
+-		    && rdtype != dns_rdatatype_dnskey /* in a TKEY query */
++		    && rdtype != dns_rdatatype_key /* in a TKEY query */
+ 		    && rdtype != dns_rdatatype_sig /* SIG(0) */
+ 		    && rdtype != dns_rdatatype_tkey /* Win2000 TKEY */
+ 		    && msg->rdclass != dns_rdataclass_any
+@@ -1257,6 +1265,16 @@
+ 			DO_FORMERR;
+ 
+ 		/*
++		 * If this is not a TKEY query/response then the KEY
++		 * record's class needs to match.
++		 */
++		if (msg->opcode != dns_opcode_update && !msg->tkey &&
++		    rdtype == dns_rdatatype_key &&
++		    msg->rdclass != dns_rdataclass_any &&
++		    msg->rdclass != rdclass)
++			DO_FORMERR;
++
++		/*
+ 		 * Special type handling for TSIG, OPT, and TKEY.
+ 		 */
+ 		if (rdtype == dns_rdatatype_tsig) {
+@@ -1370,6 +1388,10 @@
+ 				skip_name_search = ISC_TRUE;
+ 				skip_type_search = ISC_TRUE;
+ 				issigzero = ISC_TRUE;
++			} else {
++				if (msg->rdclass != dns_rdataclass_any &&
++				    msg->rdclass != rdclass)
++					DO_FORMERR;
+ 			}
+ 		} else
+ 			covers = 0;
+@@ -1608,6 +1630,7 @@
+ 	msg->counts[DNS_SECTION_ADDITIONAL] = isc_buffer_getuint16(source);
+ 
+ 	msg->header_ok = 1;
++	msg->state = DNS_SECTION_QUESTION;
+ 
+ 	/*
+ 	 * -1 means no EDNS.
+@@ -3491,3 +3514,15 @@
+ 		dns_message_puttemprdatalist(message, &rdatalist);
+ 	return (result);
+ }
++
++void
++dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass) {
++
++	REQUIRE(DNS_MESSAGE_VALID(msg));
++	REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTPARSE);
++	REQUIRE(msg->state == DNS_SECTION_ANY);
++	REQUIRE(msg->rdclass_set == 0);
++
++	msg->rdclass = rdclass;
++	msg->rdclass_set = 1;
++}
+diff -u -r bind-9.6-ESV-R11/lib/dns/resolver.c security_fix/lib/dns/resolver.c
+--- bind-9.6-ESV-R11/lib/dns/resolver.c	2015-11-25 10:51:09.306905077 +0000
++++ security_fix/lib/dns/resolver.c	2015-11-25 10:48:57.126663153 +0000
+@@ -6614,6 +6614,8 @@
+ 			goto done;
+ 	}
+ 
++	dns_message_setclass(message, fctx->res->rdclass);
++
+ 	result = dns_message_parse(message, &devent->buffer, 0);
+ 	if (result != ISC_R_SUCCESS) {
+ 		switch (result) {
+@@ -6686,6 +6690,12 @@
+ 	 */
+ 	log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
+ 
++	if (message->rdclass != fctx->res->rdclass) {
++		resend = ISC_TRUE;
++		FCTXTRACE("bad class");
++		goto done;
++	}
++
+ 	/*
+ 	 * Process receive opt record.
+ 	 */
+diff -u -r bind-9.6-ESV-R11/lib/dns/xfrin.c security_fix/lib/dns/xfrin.c
+--- bind-9.6-ESV-R11/lib/dns/xfrin.c	2014-01-27 19:00:45.000000000 +0000
++++ security_fix/lib/dns/xfrin.c	2015-11-25 10:36:05.092532938 +0000
+@@ -1205,6 +1205,8 @@
+ 	msg->tsigctx = xfr->tsigctx;
+ 	xfr->tsigctx = NULL;
+ 
++	dns_message_setclass(msg, xfr->rdclass);
++
+ 	if (xfr->nmsg > 0)
+ 		msg->tcp_continuation = 1;
+ 
+--- bind-9.6-ESV-R11/version	2015-08-24 00:18:24.000000000 +0000
++++ security_fix/version	2015-11-25 10:36:05.092532938 +0000
+@@ -10,4 +10,4 @@
+ PATCHVER=
+ RELEASETYPE=-ESV
+ RELEASEVER=-R11
+-EXTENSIONS=-P3
++EXTENSIONS=-P4
upstream/oracle/userland-gate