Package: bind9 / 1:9.16.15-1

Metadata

Package Version Patches format
bind9 1:9.16.15-1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Add_ install layout=deb_to_setup.py_call.patch | (download)

bin/python/Makefile.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 add_--install-layout=deb_to_setup.py_call


0002 python fix for dist packages.patch | (download)

bin/python/dnssec-checkds.py.in | 2 1 + 1 - 0 !
bin/python/dnssec-coverage.py.in | 2 1 + 1 - 0 !
bin/python/dnssec-keymgr.py.in | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 python fix for dist-packages


0003 Add patch to fix sphinx build failure on Ubuntu Xeni.patch | (download)

doc/arm/logging-categories.rst | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 add patch to fix sphinx-build failure on ubuntu xenial


0004 Reduce nsec3 max iterations to 150.patch | (download)

bin/dnssec/dnssec-signzone.c | 7 2 + 5 - 0 !
bin/named/server.c | 3 2 + 1 - 0 !
lib/dns/include/dns/nsec3.h | 14 3 + 11 - 0 !
lib/dns/nsec3.c | 75 3 + 72 - 0 !
lib/dns/tests/nsec3_test.c | 9 4 + 5 - 0 !
lib/ns/update.c | 9 3 + 6 - 0 !
6 files changed, 17 insertions(+), 100 deletions(-)

 reduce nsec3 max iterations to 150


0005 Check dnssec policy nsec3param iterations limit.patch | (download)

bin/tests/system/checkconf/bad-kasp-iterations.conf | 14 14 + 0 - 0 !
bin/tests/system/checkconf/good-kasp-iterations.conf | 14 14 + 0 - 0 !
2 files changed, 28 insertions(+)

 check dnssec-policy nsec3param iterations limit


0006 Warn if there is excessive NSEC3 iterations.patch | (download)

lib/dns/zone.c | 32 22 + 10 - 0 !
1 file changed, 22 insertions(+), 10 deletions(-)

 warn if there is excessive nsec3 iterations


0007 nsupdate reject attempts to add NSEC3PARAM with exce.patch | (download)

bin/nsupdate/nsupdate.c | 14 14 + 0 - 0 !
bin/tests/system/nsupdate/tests.sh | 17 16 + 1 - 0 !
2 files changed, 30 insertions(+), 1 deletion(-)

 nsupdate: reject attempts to add nsec3param with excessive
 iterations


0008 Check that named rejects excessive iterations via UP.patch | (download)

bin/tests/system/nsupdate/tests.sh | 3 2 + 1 - 0 !
bin/tests/system/nsupdate/update_test.pl | 4 4 + 0 - 0 !
2 files changed, 6 insertions(+), 1 deletion(-)

 check that named rejects excessive iterations via update


0009 Check NSEC3 iterations with dnssec signzone.patch | (download)

bin/tests/system/dnssec/signer/general/Kexample.com.+008+15002.key | 5 5 + 0 - 0 !
bin/tests/system/dnssec/signer/general/Kexample.com.+008+15002.private | 13 13 + 0 - 0 !
bin/tests/system/dnssec/signer/general/Kexample.com.+008+63613.key | 5 5 + 0 - 0 !
bin/tests/system/dnssec/signer/general/Kexample.com.+008+63613.private | 13 13 + 0 - 0 !
bin/tests/system/dnssec/signer/general/test9.zone | 17 17 + 0 - 0 !
bin/tests/system/dnssec/tests.sh | 32 28 + 4 - 0 !
6 files changed, 81 insertions(+), 4 deletions(-)

 check nsec3 iterations with dnssec-signzone


0010 Check that excessive iterations in logged by named w.patch | (download)

bin/dnssec/dnssec-signzone.c | 20 16 + 4 - 0 !
bin/tests/system/dnssec/clean.sh | 1 1 + 0 - 0 !
bin/tests/system/dnssec/ns1/root.db.in | 2 2 + 0 - 0 !
bin/tests/system/dnssec/ns1/sign.sh | 1 1 + 0 - 0 !
bin/tests/system/dnssec/ns2/named.conf.in | 5 5 + 0 - 0 !
bin/tests/system/dnssec/ns2/sign.sh | 11 11 + 0 - 0 !
bin/tests/system/dnssec/ns2/too-many-iterations.db.in | 25 25 + 0 - 0 !
bin/tests/system/dnssec/ns3/named.conf.in | 6 6 + 0 - 0 !
bin/tests/system/dnssec/ns4/named4.conf.in | 1 1 + 0 - 0 !
bin/tests/system/dnssec/tests.sh | 8 8 + 0 - 0 !
10 files changed, 76 insertions(+), 4 deletions(-)

 check that excessive iterations in logged by named when

loading an existing zone or transfering from the primary.

0011 dnssec policy reduce NSEC3 iterations to 150.patch | (download)

bin/tests/system/checkconf/bad-kasp-iterations.conf | 14 0 + 14 - 0 !
bin/tests/system/checkconf/good-kasp-iterations.conf | 14 0 + 14 - 0 !
bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf | 8 4 + 4 - 0 !
bin/tests/system/checkconf/tests.sh | 2 0 + 2 - 0 !
lib/isccfg/kaspconf.c | 8 2 + 6 - 0 !
5 files changed, 6 insertions(+), 40 deletions(-)

 dnssec-policy: reduce nsec3 iterations to 150

When reducing the number of NSEC3 iterations to 150, commit
aa26cde2aea459d682f6f609a7c902ef9a7a35eb added tests for dnssec-policy
to check that a too high iteration count is a configuration failure.

The test is not sufficient because 151 was always too high for
0012 Mark DNSSEC responses with NSEC3 records that exceed.patch | (download)

lib/dns/include/dns/nsec3.h | 1 1 + 0 - 0 !
lib/dns/nsec3.c | 9 8 + 1 - 0 !
lib/dns/validator.c | 36 34 + 2 - 0 !
3 files changed, 43 insertions(+), 3 deletions(-)

 mark dnssec responses with nsec3 records that exceed 150 as insecure


0013 Check insecure responses returned with too many NSEC.patch | (download)

bin/tests/system/dnssec/tests.sh | 51 51 + 0 - 0 !
1 file changed, 51 insertions(+)

 check insecure responses returned with too many nsec3 iterations