lp://staging/~davewalker/ubuntu/lucid/bind9/lp_651875

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #651875: Bind 9.7.0-P1 validation errors

Medium

Won't Fix

Link a bug report

Related blueprints

22. By Dave Walker on 2011-02-10

lib/dns/validator.c: Correctly check that DNSSEC/DLV auth status before
declaring the chain broken. Mainly resolving DNSSEC validation errors
when a new DS record is inserted into a trusted DNSSEC validation tree.
Causing a return of SERVFAIL to queries under the newly inserted DS.
Patch courtesy of upstream [RT #21131]. (LP: #651875)

21. By Marc Deslauriers on 2010-11-26

* SECURITY UPDATE: denial of service via ncache entry and a rrsig for the
  same type
  - lib/dns/rbtdb.c: properly mark existing RRSIG records as stale.
  - bin/tests/system/resolver/*: added tests.
  - CVE-2010-3613
* SECURITY UPDATE: answers incorrectly marked as insecure during key
  algorithm rollover
  - lib/dns/include/dns/types.h, lib/dns/validator.c: improve logic.
  - bin/tests/system/dnssec/*: added tests.
  - CVE-2010-3614

20. By LaMont Jones on 2010-03-17

[Internet Software Consortium, Inc]

* 9.7.0-P1
  - 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]

19. By LaMont Jones on 2010-03-12

[Niko Tyni]

* fix mips/mipsel startup. Closes: #516616

[LaMont Jones]

* ignore failures due to a lack of /etc/bind/named.conf*. LP: #422968
* ldap API changed regarding % sign. LP: #227344
* Drop more rfc and draft files. Closes: #572606
* update config.guess, config.sub. Closes: #572528

18. By LaMont Jones on 2010-03-04

[Aurelien Jarno]

* kfreebsd has linux threads. Closes: #470500

[LaMont Jones]

* do not error out on initial install. Closes: #572443

17. By LaMont Jones on 2010-02-17

New upstream release

16. By LaMont Jones on 2010-01-19

New upstream release. CVE-2010-0097

15. By LaMont Jones on 2009-11-27

[Internet Software Consortium, Inc]

* 9.6.1-P2
  - When validating, track whether pending data was from the
    additional section or not and only return it if validates
    as secure. [RT #20438] CVE-2009-4022

[LaMont Jones]

* prerm: do not stop named on upgrade. Closes: #542888
* Drop some RFCs that crept into the diff.
* meta: add ${misc:Depends}
* lintian: update config.guess, config.sub in idnkit-1.0 tree
* dnsutils: remove pre-sarge dpkg-divert calls in postinst
* meta: soname changes
* l10n: missing newline in pofile.

14. By LaMont Jones on 2009-08-17

Build-Depend on the fixed libgeoip-dev. Closes: #540973

13. By LaMont Jones on 2009-07-28

[Internet Software Consortium, Inc]

* A specially crafted update packet will cause named to exit.
  CVE-2009-0696, CERT VU#725188. Closes: #538975

[InterNIC]

* Update db.root hints file.

[LaMont Jones]

* Move default zone definitions from named.conf to named.conf.default-zones.
   Closes: #492308
* use start-stop-daemon if rndc stop fails. Closes: #536487
* lwresd: pidfile name was wrong in init script. Closes: #527137