Bug#868952: marked as done (bind9: regression introduced in DSA-3904-1 can cause problems with zone transfers from some non-BIND servers)

2017-08-05 Thread Debian Bug Tracking System
Your message dated Sat, 05 Aug 2017 19:49:40 +
with message-id 
and subject line Bug#868952: fixed in bind9 1:9.9.5.dfsg-9+deb8u13
has caused the Debian Bug report #868952,
regarding bind9: regression introduced in DSA-3904-1 can cause problems with 
zone transfers from some non-BIND servers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bind9
Version: 1:9.10.3.dfsg.P4-12.4
Severity: serious
Tags: upstream fixed-upstream
Justification: regression relative to DSA-3904-1
Control: affects -1 security.debian.org,release.debian.org
Control: found -1 1:9.9.5.dfsg-9+deb8u12
Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u1

Hi

DSA-3904-1 (and the respective DLA) introduced a regression as
described in:

https://lists.isc.org/pipermail/bind-announce/2017-July/001054.html

"Problems may occur when transferring from another server if
TSIG is used *and* the AXFR or IXFR is more than two messages
in length *and* the master server does not sign every message.
NSD is an example of a popular DNS product that behaves in this
manner [note: NSD's behavior is in compliance with the requirements
of the RFC; it is BIND that has introduced a problem here.]"

Commit in master:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=58f0fb325bbd9258d06431281eb8fdea2b126305

Commit cherry-picked to v9_9_10_P3
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6fcdcabc11f18eb128167f7f7eca4a244bf75c52

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bind9
Source-Version: 1:9.9.5.dfsg-9+deb8u13

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez  (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 23 Jul 2017 15:15:58 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 
libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd 
libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 
libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 
libirs-export91-udeb
Architecture: source all amd64
Version: 1:9.9.5.dfsg-9+deb8u13
Distribution: jessie-security
Urgency: high
Maintainer: LaMont Jones 
Changed-By: Yves-Alexis Perez 
Description:
 bind9  - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host   - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind-export-dev - Development files for the exported BIND libraries
 libbind9-90 - BIND9 Shared Library used by BIND
 libdns-export100 - Exported DNS Shared Library
 libdns-export100-udeb - Exported DNS library for debian-installer (udeb)
 libdns100  - DNS Shared Library used by BIND
 libirs-export91 - Exported IRS Shared Library
 libirs-export91-udeb - Exported IRS library for debian-installer (udeb)
 libisc-export95 - Exported ISC Shared Library
 libisc-export95-udeb - Exported ISC library for debian-installer (udeb)
 libisc95   - ISC Shared Library used by BIND
 libisccc90 - Command Channel Library used by BIND
 libisccfg-export90 - Exported ISC CFG Shared Library
 libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb)
 libisccfg90 - Config File Handling Library used by BIND
 liblwres90 - Lightweight Resolver Library used by BIND
 lwresd - Lightweight Resolver Daemon
Closes: 868952
Changes:
 bind9 (1:9.9.5.dfsg-9+deb8u13) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patch to fix regression introduced by patch for CVE-2017-3042.
 closes: #868952
Checksums-Sha1:
 536a263bf811f76c67c92465ad3adfaf02ffa37b 3120 bind9_9.9

Bug#868952: marked as done (bind9: regression introduced in DSA-3904-1 can cause problems with zone transfers from some non-BIND servers)

2017-07-22 Thread Debian Bug Tracking System
Your message dated Sun, 23 Jul 2017 06:18:51 +
with message-id 
and subject line Bug#868952: fixed in bind9 1:9.10.3.dfsg.P4-12.5
has caused the Debian Bug report #868952,
regarding bind9: regression introduced in DSA-3904-1 can cause problems with 
zone transfers from some non-BIND servers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bind9
Version: 1:9.10.3.dfsg.P4-12.4
Severity: serious
Tags: upstream fixed-upstream
Justification: regression relative to DSA-3904-1
Control: affects -1 security.debian.org,release.debian.org
Control: found -1 1:9.9.5.dfsg-9+deb8u12
Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u1

Hi

DSA-3904-1 (and the respective DLA) introduced a regression as
described in:

https://lists.isc.org/pipermail/bind-announce/2017-July/001054.html

"Problems may occur when transferring from another server if
TSIG is used *and* the AXFR or IXFR is more than two messages
in length *and* the master server does not sign every message.
NSD is an example of a popular DNS product that behaves in this
manner [note: NSD's behavior is in compliance with the requirements
of the RFC; it is BIND that has introduced a problem here.]"

Commit in master:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=58f0fb325bbd9258d06431281eb8fdea2b126305

Commit cherry-picked to v9_9_10_P3
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6fcdcabc11f18eb128167f7f7eca4a244bf75c52

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bind9
Source-Version: 1:9.10.3.dfsg.P4-12.5

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 21 Jul 2017 22:28:32 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 
libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils 
lwresd libbind-export-dev libdns-export162 libdns-export162-udeb 
libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 
libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 
libirs-export141-udeb
Architecture: source
Version: 1:9.10.3.dfsg.P4-12.5
Distribution: unstable
Urgency: medium
Maintainer: LaMont Jones 
Changed-By: Salvatore Bonaccorso 
Closes: 868952
Description: 
 bind9  - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host   - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind-export-dev - Development files for the exported BIND libraries
 libbind9-140 - BIND9 Shared Library used by BIND
 libdns-export162 - Exported DNS Shared Library
 libdns-export162-udeb - Exported DNS library for debian-installer (udeb)
 libdns162  - DNS Shared Library used by BIND
 libirs-export141 - Exported IRS Shared Library
 libirs-export141-udeb - Exported IRS library for debian-installer (udeb)
 libirs141  - DNS Shared Library used by BIND
 libisc-export160 - Exported ISC Shared Library
 libisc-export160-udeb - Exported ISC library for debian-installer (udeb)
 libisc160  - ISC Shared Library used by BIND
 libisccc-export140 - Command Channel Library used by BIND
 libisccc-export140-udeb - Command Channel Library used by BIND (udeb)
 libisccc140 - Command Channel Library used by BIND
 libisccfg-export140 - Exported ISC CFG Shared Library
 libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb)
 libisccfg140 - Config File Handling Library used by BIND
 liblwres141 - Lightweight Resolver Library used by BIND
 lwresd - Lightweight Resolver Daemon
Changes:
 bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Change