From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] bind: Update to 9.10.3
Date: Sat, 07 Nov 2015 07:33:57 +0100
Message-ID: <1446878037-1121-1-git-send-email-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4789036071484464350=="
List-Id: <development.lists.ipfire.org>

--===============4789036071484464350==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

bind: Update to 9.10.3

Security fixes:
An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an asse=
rtion failure. This flaw is disclosed in CVE-2015-5986. [RT #40286]

A buffer accounting error could trigger an assertion failure when parsing cer=
tain malformed DNSSEC keys.
This flaw was discovered by Hanno B=C3=B6ck of the Fuzzing Project, and is di=
sclosed in CVE-2015-5722. [RT #40212]

A specially crafted query could trigger an assertion failure in message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477=
. [RT #40046]

On servers configured to perform DNSSEC validation, an assertion failure coul=
d be triggered on answers from a specially configured server.
This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-20=
15-4620. [RT #39795]

Bug fixes:
Asynchronous zone loads were not handled correctly when the zone load was alr=
eady in progress; this could trigger a crash in zt.c. [RT #37573]

A race during shutdown or reconfiguration could cause an assertion failure in=
 mem.c. [RT #38979]

Some answer formatting options didn't work correctly with dig +short. [RT #39=
291]

Malformed records of some types, including NSAP and UNSPEC, could trigger ass=
ertion failures when loading text zone files. [RT #40274] [RT #40285]

Fixed a possible crash in ratelimiter.c caused by NOTIFY messages being remov=
ed from the wrong rate limiter queue. [RT #40350]

The default rrset-order of random was inconsistently applied. [RT #40456]

BADVERS responses from broken authoritative name servers were not handled cor=
rectly. [RT #40427]

Several bugs have been fixed in the RPZ implementation.

For a complete list, see:
https://kb.isc.org/article/AA-01306/0/BIND-9.10.3-Release-Notes.html

Regards,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/bind | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/bind b/lfs/bind
index 0814cde..6480798 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
=20
 include Config
=20
-VER        =3D 9.10.2-P4
+VER        =3D 9.10.3
=20
 THISAPP    =3D bind-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 8b1f5064837756c938eadc1537dec5c7
+$(DL_FILE)_MD5 =3D d8cbf04a62a139a841d4bf878087a555
=20
 install : $(TARGET)
=20
--=20
2.6.3


--===============4789036071484464350==--