24341425 Upgrade Solaris to BIND 9.6-ESV-R11-S7
24299918 problem in SERVICE/DNS-SERVER
--- a/components/bind/Makefile Fri Jul 29 12:35:10 2016 -0700
+++ b/components/bind/Makefile Mon Aug 08 19:24:47 2016 -0700
@@ -24,8 +24,8 @@
COMPONENT_NAME= bind
COMPONENT_VERSION= 9.6-ESV-R11
-HUMAN_VERSION= $(COMPONENT_VERSION)-P6
-IPS_COMPONENT_VERSION= 9.6.3.11.6
+HUMAN_VERSION= $(COMPONENT_VERSION)-S7
+IPS_COMPONENT_VERSION= 9.6.3.11.7
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_PROJECT_URL= http://www.isc.org/software/bind/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/patches/008-RT42694.patch Mon Aug 08 19:24:47 2016 -0700
@@ -0,0 +1,59 @@
+This patch was derived from a source code patch provided by ISC to
+resolve ISC ticket RT #42694. [9.6-ESV-R11-S7]
+
+--- a/CHANGES Fri Jul 22 13:32:19 2016
++++ b/CHANGES Fri Jul 22 13:32:19 2016
+@@ -1,3 +1,11 @@
++ --- 9.6-ESV-R11-S7 released ---
++
++4406. [bug] getrrsetbyname with a non absolute name could
++ trigger an infinite recursion bug in lwresd
++ and named with lwres configured if when combined
++ with a search list entry the resulting name is
++ too long. (CVE-2016-2775) [RT #42694]
++
+ --- 9.6-ESV-R11-P6 released ---
+
+ 4319. [security] Fix resolver assertion failure due to improper
+--- a/bin/named/lwdgrbn.c Fri Jul 22 13:32:19 2016
++++ b/bin/named/lwdgrbn.c Fri Jul 22 13:32:19 2016
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2004-2007, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (C) 2004-2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+@@ -403,14 +403,18 @@
+ INSIST(client->lookup == NULL);
+
+ dns_fixedname_init(&absname);
+- result = ns_lwsearchctx_current(&client->searchctx,
+- dns_fixedname_name(&absname));
++
+ /*
+- * This will return failure if relative name + suffix is too long.
+- * In this case, just go on to the next entry in the search path.
++ * Perform search across all search domains until success
++ * is returned. Return in case of failure.
+ */
+- if (result != ISC_R_SUCCESS)
+- start_lookup(client);
++ while (ns_lwsearchctx_current(&client->searchctx,
++ dns_fixedname_name(&absname)) != ISC_R_SUCCESS) {
++ if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) {
++ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
++ return;
++ }
++ }
+
+ result = dns_lookup_create(cm->mctx,
+ dns_fixedname_name(&absname),
+--- a/version Fri Jul 22 13:41:04 2016
++++ b/version Fri Jul 22 13:41:04 2016
+@@ -10,4 +10,4 @@
+ PATCHVER=
+ RELEASETYPE=-ESV
+ RELEASEVER=-R11
+-EXTENSIONS=-P6
++EXTENSIONS=-S7