SRU for bind9 to 9.4.2.dfsg.P2 on hardy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: bind9
This update is an upstream microversion update that fixes bugs #252675. ISC has described this update as:
This is the SECOND security patch for BIND 9.4.2, addressing performance and stability issues in BIND 9.4.2-P1. Key features are as follows:
- performance improvement over the P1 releases, namely
+ significantly remedying the port allocation issues
+ allowing TCP queries and zone transfers while issuing as many
outstanding UDP queries as possible
+ additional security of port randomization at the same level as P1
In addition to the above, this update includes fixes for bug #257682 (compile dig with -DDIG_SIGCHASE) and an apparmor addition to allow access to /var/log/named
The apparmor policy and dig changes have minimal regression potential. The upstream upgrade to P2 is required for for high volume sites, as performance regressions were introduced in the security update for CVE-2008-1447 in these circumstances.
Intrepid has these updates in the 9.5.0 P2 series
There is no practical test case for the performance regression, other than using it in a very high volume capacity. Test case for dig:
% dig +sigchase +dnssec DS fugue.se.
Invalid option: +sigchase
Lamont, can you comment on the regression potential for this update?
$ diffstat ./bind9_ 9.4.2.dfsg. P2-2.debdiff controlconf. c | 10 interfacemgr. c | 9 named.conf. docbook | 6 sig0_test. c | 8 sock_test. c | 8 system/ ifconfig. sh | 10 apparmor- profile | 8 libbind9- 30.files | 2 libdns35. files | 2 libisc32. files | 2 libisc32. postinst | 5 libisc35. files | 2 libisc35. postinst | 5 libisccfg30. files | 2 Bv9ARM- book.xml | 23 +++++++ ++++++- ------- ------- ------ configure. in | 6 include/ dns/dispatch. h | 4 include/ isc/resource. h | 19 include/ isc/socket. h | 21 include/ isc/timer. h | 8 unix/resource. c | 78 unix/socket. c | 243 +- unix/socket_ p.h | 4 win32/libisc. def | 2 win32/resource. c | 16 win32/socket. c | 27 namedconf. c | 7
CHANGES | 46
COPYRIGHT | 4
bin/dig/dighost.c | 14
bin/named/client.c | 4
bin/named/config.c | 7
bin/named/
bin/named/
bin/named/lwresd.c | 9
bin/named/
bin/named/server.c | 69
bin/rndc/rndc.c | 10
bin/tests/
bin/tests/
bin/tests/
configure | 8
configure.in | 6
debian/
debian/changelog | 43
debian/control | 23
debian/
debian/
debian/
debian/
debian/
debian/
debian/
debian/rules | 4
doc/arm/
doc/arm/Bv9ARM.pdf | 4352 +++++++
lib/bind/configure | 2
lib/bind/
lib/dns/api | 2
lib/dns/dispatch.c | 34
lib/dns/
lib/dns/request.c | 10
lib/dns/resolver.c | 22
lib/dns/xfrin.c | 7
lib/isc/api | 4
lib/isc/
lib/isc/
lib/isc/
lib/isc/timer.c | 16
lib/isc/unix/app.c | 8
lib/isc/
lib/isc/
lib/isc/
lib/isc/
lib/isc/
lib/isc/
lib/isccfg/api | 2
lib/isccfg/
version | 4
52 files changed, 2867 insertions(+), 2380 deletions(-)