![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / bind9
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.114, Wed Feb 10 17:30:26 2010 UTC (12 years, 11 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
HEAD
Changes since 1.113: +1 -1
lines
FILE REMOVED
Retire bind9.
Revision 1.110.2.2 / (download) - annotate - [select for diffs], Mon Feb 1 15:00:11 2010 UTC (13 years ago) by spz
Branch: pkgsrc-2009Q4
Changes since 1.110.2.1: +2 -2
lines
Diff to previous 1.110.2.1 (colored) to branchpoint 1.110 (colored) next main 1.111 (colored)
Pullup ticket 2983 - requested by joerg
syntax fix
Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.113
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Mon Feb 1 12:56:28 UTC 2010
Modified Files:
pkgsrc/net/bind9: Makefile
Log Message:
Fix version number. Just assume that -P always should be translated to
pl.
To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/net/bind9/Makefile
Revision 1.113 / (download) - annotate - [select for diffs], Mon Feb 1 12:56:28 2010 UTC (13 years ago) by joerg
Branch: MAIN
Changes since 1.112: +2 -2
lines
Diff to previous 1.112 (colored)
Fix version number. Just assume that -P always should be translated to pl.
Revision 1.110.2.1 / (download) - annotate - [select for diffs], Thu Jan 21 21:20:16 2010 UTC (13 years ago) by tron
Branch: pkgsrc-2009Q4
Changes since 1.110: +2 -3
lines
Diff to previous 1.110 (colored)
Pullup ticket #2966 - requested by spz bind9: security update Revisions pulled up: - net/bind9/Makefile 1.112 via patch - net/bind9/distinfo 1.46 --- Module Name: pkgsrc Committed By: spz Date: Thu Jan 21 19:54:33 UTC 2010 Modified Files: pkgsrc/net/bind9: Makefile distinfo Log Message: security update: BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. Changes since 9.4.3-P3: 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3. It addresses two potential cache poisoning vulnerabilities, both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid. CVE identifiers: CVE-2009-4022, CVE-2010-0097 CERT advisories: VU#418861, VU#360341 Changes since 9.4.3-P4: 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
Revision 1.112 / (download) - annotate - [select for diffs], Thu Jan 21 19:54:33 2010 UTC (13 years ago) by spz
Branch: MAIN
Changes since 1.111: +2 -3
lines
Diff to previous 1.111 (colored)
security update: BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. Changes since 9.4.3-P3: 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3. It addresses two potential cache poisoning vulnerabilities, both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid. CVE identifiers: CVE-2009-4022, CVE-2010-0097 CERT advisories: VU#418861, VU#360341 Changes since 9.4.3-P4: 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
Revision 1.111 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:30 2010 UTC (13 years ago) by wiz
Branch: MAIN
Changes since 1.110: +2 -2
lines
Diff to previous 1.110 (colored)
Recursive PKGREVISION bump for jpeg update to 8.
Revision 1.110 / (download) - annotate - [select for diffs], Fri Dec 11 16:21:21 2009 UTC (13 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Changes since 1.109: +2 -1
lines
Diff to previous 1.109 (colored)
Modify named9.sh to create /dev/random in chrooted environment as base system's /etc/rc.d/named. Bump PKGREVISION.
Revision 1.107.2.1 / (download) - annotate - [select for diffs], Wed Jul 29 07:43:16 2009 UTC (13 years, 6 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.107: +3 -3
lines
Diff to previous 1.107 (colored) next main 1.108 (colored)
Pullup ticket 2844 - requested by reed
security update
second part of pullups for PR 41796
Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.109
- pkgsrc/net/bind9/distinfo 1.44
Module Name: pkgsrc
Committed By: reed
Date: Tue Jul 28 20:39:45 UTC 2009
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
Log Message:
Updated to 9.4.3-P3 for security issue:
https://www.isc.org/node/474
To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 pkgsrc/net/bind9/Makefile
cvs rdiff -u -r1.43 -r1.44 pkgsrc/net/bind9/distinfo
Revision 1.109 / (download) - annotate - [select for diffs], Tue Jul 28 20:39:45 2009 UTC (13 years, 6 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.108: +3 -3
lines
Diff to previous 1.108 (colored)
Updated to 9.4.3-P3 for security issue: https://www.isc.org/node/474
Revision 1.108 / (download) - annotate - [select for diffs], Fri Jul 24 12:30:00 2009 UTC (13 years, 6 months ago) by obache
Branch: MAIN
Changes since 1.107: +2 -2
lines
Diff to previous 1.107 (colored)
Update HOMEPAGE url.
Revision 1.107 / (download) - annotate - [select for diffs], Sun Jun 14 22:58:06 2009 UTC (13 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.106: +1 -5
lines
Diff to previous 1.106 (colored)
Remove @dirrm related logic.
Revision 1.106 / (download) - annotate - [select for diffs], Mon Mar 23 14:43:13 2009 UTC (13 years, 10 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.105: +3 -2
lines
Diff to previous 1.105 (colored)
Add URL for mirror on "ftp.belnet.be" to master site list.
Revision 1.105 / (download) - annotate - [select for diffs], Sun Mar 22 15:31:44 2009 UTC (13 years, 10 months ago) by adrianp
Branch: MAIN
Changes since 1.104: +3 -3
lines
Diff to previous 1.104 (colored)
--- 9.4.3-P2 released --- 2579. [bug] DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479]
Revision 1.102.6.1 / (download) - annotate - [select for diffs], Mon Jan 19 11:44:15 2009 UTC (14 years ago) by tron
Branch: pkgsrc-2008Q4
Changes since 1.102: +6 -3
lines
Diff to previous 1.102 (colored) next main 1.103 (colored)
Pullup ticket #2645 - requested by mlelstv bind9: security update Revisions pulled up: - net/bind9/Makefile 1.103-1.104 - net/bind9/PLIST 1.23 - net/bind9/distinfo 1.39-1.40 - net/bind9/patches/patch-ai 1.10 - net/bind9/patches/patch-ap delete --- Module Name: pkgsrc Committed By: adrianp Date: Sun Jan 4 00:16:03 UTC 2009 Modified Files: pkgsrc/net/bind9: Makefile PLIST distinfo pkgsrc/net/bind9/patches: patch-ai Removed Files: pkgsrc/net/bind9/patches: patch-ap Log Message: Update to 9.4.3 Resolver could try unreachable servers multiple times. Adb's handling of lame addresses was different for IPv4 and IPv6. Remove NULL pointer dereference in dns_journal_print(). libbind: Out of bounds reference in dns_ho.c:addrsort. Set initial timeout to 800ms. TSIG context leak For all the details see: http://oldwww.isc.org/sw/bind/view/?release=9.4.3#RELEASE --- Module Name: pkgsrc Committed By: adrianp Date: Thu Jan 8 09:02:19 UTC 2009 Modified Files: pkgsrc/net/bind9: Makefile distinfo Log Message: Changes since 9.4.3: 2522. [security] Handle -1 from DSA_do_verify(). 2498. [bug] Removed a bogus function argument used with ISC_SOCKET_USE_POLLWATCH: it could cause compiler warning or crash named with the debug 1 level of logging. [RT #18917] To generate a diff of this commit: cvs rdiff -r1.103 -r1.104 pkgsrc/net/bind9/Makefile cvs rdiff -r1.39 -r1.40 pkgsrc/net/bind9/distinfo
Revision 1.104 / (download) - annotate - [select for diffs], Thu Jan 8 09:02:19 2009 UTC (14 years ago) by adrianp
Branch: MAIN
Changes since 1.103: +6 -2
lines
Diff to previous 1.103 (colored)
Changes since 9.4.3: 2522. [security] Handle -1 from DSA_do_verify(). 2498. [bug] Removed a bogus function argument used with ISC_SOCKET_USE_POLLWATCH: it could cause compiler warning or crash named with the debug 1 level of logging. [RT #18917]
Revision 1.103 / (download) - annotate - [select for diffs], Sun Jan 4 00:16:03 2009 UTC (14 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.102: +2 -3
lines
Diff to previous 1.102 (colored)
Update to 9.4.3 Resolver could try unreachable servers multiple times. Adb's handling of lame addresses was different for IPv4 and IPv6. Remove NULL pointer dereference in dns_journal_print(). libbind: Out of bounds reference in dns_ho.c:addrsort. Set initial timeout to 800ms. TSIG context leak For all the details see: http://oldwww.isc.org/sw/bind/view/?release=9.4.3#RELEASE
Revision 1.101.4.1 / (download) - annotate - [select for diffs], Mon Aug 4 08:20:37 2008 UTC (14 years, 6 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.101: +3 -3
lines
Diff to previous 1.101 (colored) next main 1.102 (colored)
pullup ticket #2470 - requested by adrianp bind9: update package for fixes revisions pulled up: pkgsrc/net/bind9/Makefile 1.102 pkgsrc/net/bind9/distinfo 1.38 Module Name: pkgsrc Committed By: adrianp Date: Sun Aug 3 18:41:45 UTC 2008 Modified Files: pkgsrc/net/bind9: Makefile distinfo Log Message: Changes since 9.4.2-P1: --- 9.4.2-P2 released --- 2406. [bug] Some operating systems have FD_SETSIZE set to a low value by default, which can cause resource exhaustion when many simultaneous connections are open. Linux in particular makes it difficult to increase this value. To use more sockets with select(), set ISC_SOCKET_FDSETSIZE. Example: STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure (This should not be necessary in most cases, and never for an authoritative-only server.) [RT #18328] 2404. [port] hpux: files unlimited support. 2403. [bug] TSIG context leak. [RT #18341] 2402. [port] Support Solaris 2.11 and over. [RT #18362] 2401. [bug] Expect to get E[MN]FILE errno internal_accept() (from accept() or fcntl() system calls). [RT #18358] 2399. [bug] Abort timeout queries to reduce the number of open UDP sockets. [RT #18367] 2398. [bug] Improve file descriptor management. New, temporary, named.conf option reserved-sockets, default 512. [RT #18344] 2396. [bug] Don't set SO_REUSEADDR for randomized ports. [RT #18336] 2395. [port] Avoid warning and no effect from "files unlimited" on Linux when running as root. [RT #18335] 2394. [bug] Default configuration options set the limit for open files to 'unlimited' as described in the documentation. [RT #18331] 2392. [bug] remove 'grep -q' from acl test script, some platforms don't support it. [RT #18253] 2322. [port] MacOS: work around the limitation of setrlimit() for RLIMIT_NOFILE. [RT #17526]
Revision 1.102 / (download) - annotate - [select for diffs], Sun Aug 3 18:41:45 2008 UTC (14 years, 6 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
cube-native-xorg-base,
cube-native-xorg
Branch point for: pkgsrc-2008Q4
Changes since 1.101: +3 -3
lines
Diff to previous 1.101 (colored)
Changes since 9.4.2-P1: --- 9.4.2-P2 released --- 2406. [bug] Some operating systems have FD_SETSIZE set to a low value by default, which can cause resource exhaustion when many simultaneous connections are open. Linux in particular makes it difficult to increase this value. To use more sockets with select(), set ISC_SOCKET_FDSETSIZE. Example: STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure (This should not be necessary in most cases, and never for an authoritative-only server.) [RT #18328] 2404. [port] hpux: files unlimited support. 2403. [bug] TSIG context leak. [RT #18341] 2402. [port] Support Solaris 2.11 and over. [RT #18362] 2401. [bug] Expect to get E[MN]FILE errno internal_accept() (from accept() or fcntl() system calls). [RT #18358] 2399. [bug] Abort timeout queries to reduce the number of open UDP sockets. [RT #18367] 2398. [bug] Improve file descriptor management. New, temporary, named.conf option reserved-sockets, default 512. [RT #18344] 2396. [bug] Don't set SO_REUSEADDR for randomized ports. [RT #18336] 2395. [port] Avoid warning and no effect from "files unlimited" on Linux when running as root. [RT #18335] 2394. [bug] Default configuration options set the limit for open files to 'unlimited' as described in the documentation. [RT #18331] 2392. [bug] remove 'grep -q' from acl test script, some platforms don't support it. [RT #18253] 2322. [port] MacOS: work around the limitation of setrlimit() for RLIMIT_NOFILE. [RT #17526]
Revision 1.95.2.2 / (download) - annotate - [select for diffs], Fri Jul 11 06:14:07 2008 UTC (14 years, 6 months ago) by ghen
Branch: pkgsrc-2008Q1
Changes since 1.95.2.1: +2 -3
lines
Diff to previous 1.95.2.1 (colored) to branchpoint 1.95 (colored) next main 1.96 (colored)
Pullup ticket 2447 - requested by adrianp
security update for bind9
- pkgsrc/net/bind9/Makefile 1.100, 1.101
- pkgsrc/net/bind9/PLIST 1.22
- pkgsrc/net/bind9/distinfo 1.36, 1.37
- pkgsrc/net/bind9/patches/patch-ad 1.7, 1.8
- pkgsrc/net/bind9/patches/patch-ai 1.9
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jun 21 22:13:22 UTC 2008
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
pkgsrc/net/bind9/patches: patch-ad patch-ai
Log Message:
Fix two typos: inclue => include
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 10 21:05:30 UTC 2008
Modified Files:
pkgsrc/net/bind9: Makefile PLIST distinfo
pkgsrc/net/bind9/patches: patch-ad
Log Message:
Update to 9.4.2-P1
Please see CHANGES for all the details but the driving factor of this update
is:
2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]
Revision 1.101 / (download) - annotate - [select for diffs], Thu Jul 10 21:05:30 2008 UTC (14 years, 6 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.100: +2 -3
lines
Diff to previous 1.100 (colored)
Update to 9.4.2-P1
Please see CHANGES for all the details but the driving factor of this update
is:
2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]
Revision 1.100 / (download) - annotate - [select for diffs], Sat Jun 21 22:13:22 2008 UTC (14 years, 7 months ago) by adrianp
Branch: MAIN
Changes since 1.99: +2 -2
lines
Diff to previous 1.99 (colored)
Fix two typos: inclue => include
Revision 1.99 / (download) - annotate - [select for diffs], Fri Jun 20 01:09:29 2008 UTC (14 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.98: +14 -14
lines
Diff to previous 1.98 (colored)
Add DESTDIR support.
Revision 1.98 / (download) - annotate - [select for diffs], Mon May 26 02:13:22 2008 UTC (14 years, 8 months ago) by joerg
Branch: MAIN
Changes since 1.97: +3 -2
lines
Diff to previous 1.97 (colored)
Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
Revision 1.95.2.1 / (download) - annotate - [select for diffs], Sun May 11 09:42:39 2008 UTC (14 years, 8 months ago) by ghen
Branch: pkgsrc-2008Q1
Changes since 1.95: +2 -2
lines
Diff to previous 1.95 (colored)
Pullup ticket 2370 - requested by tonnerre security fix for bind 9 - pkgsrc/net/bind9/Makefile 1.97 - pkgsrc/net/bind9/distinfo 1.35 - pkgsrc/net/bind9/patches/patch-ap 1.3 Module Name: pkgsrc Committed By: tonnerre Date: Sun May 11 00:00:59 UTC 2008 Modified Files: pkgsrc/net/bind9: Makefile distinfo Added Files: pkgsrc/net/bind9/patches: patch-ap Log Message: Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary check can be abused for implementation specific exploitation: depending on the use of libbind, this can result in denial of service or even remote code execution.
Revision 1.97 / (download) - annotate - [select for diffs], Sun May 11 00:00:59 2008 UTC (14 years, 8 months ago) by tonnerre
Branch: MAIN
Changes since 1.96: +2 -2
lines
Diff to previous 1.96 (colored)
Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary check can be abused for implementation specific exploitation: depending on the use of libbind, this can result in denial of service or even remote code execution.
Revision 1.96 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:08 2008 UTC (14 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.95: +3 -4
lines
Diff to previous 1.95 (colored)
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
Revision 1.95 / (download) - annotate - [select for diffs], Fri Jan 18 05:08:40 2008 UTC (15 years ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base
Branch point for: pkgsrc-2008Q1
Changes since 1.94: +2 -2
lines
Diff to previous 1.94 (colored)
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Revision 1.94 / (download) - annotate - [select for diffs], Fri Sep 7 22:12:16 2007 UTC (15 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3
Changes since 1.93: +6 -7
lines
Diff to previous 1.93 (colored)
Convert packages that test and use USE_INET6 to use the options framework and to support the "inet6" option instead. Remaining usage of USE_INET6 was solely for the benefit of the scripts that generate the README.html files. Replace: BUILD_DEFS+= USE_INET6 with BUILD_DEFS+= IPV6_READY and teach the README-generation tools to look for that instead. This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code to continue to support USE_INET6 for pkgsrc-wip until it has been nuked from there as well.
Revision 1.93 / (download) - annotate - [select for diffs], Wed Aug 8 18:32:46 2007 UTC (15 years, 5 months ago) by reed
Branch: MAIN
Changes since 1.92: +2 -1
lines
Diff to previous 1.92 (colored)
Fix two typos. I didn't test this. Bump PKGREVISION as on "dragonfly" this may change the build.
Revision 1.89.2.1 / (download) - annotate - [select for diffs], Mon Aug 6 20:51:26 2007 UTC (15 years, 6 months ago) by ghen
Branch: pkgsrc-2007Q2
Changes since 1.89: +3 -3
lines
Diff to previous 1.89 (colored) next main 1.90 (colored)
Pullup ticket 2160 - requested by adrianp security update for bind9 - pkgsrc/net/bind9/Makefile 1.91, 1.92 - pkgsrc/net/bind9/distinfo 1.33 Module Name: pkgsrc Committed By: adrianp Date: Sat Jul 28 11:41:57 UTC 2007 Modified Files: pkgsrc/net/bind9: Makefile distinfo Log Message: Update to 9.4.1-P1 2206. [security] "allow-query-cache" and "allow-recursion" now cross inherit from each other. If allow-query-cache is not set in named.conf then allow-recursion is used if set, otherwise allow-query is used if set, otherwise the default (localnets; localhost;) is used. If allow-recursion is not set in named.conf then allow-query-cache is used if set, otherwise allow-query is used if set, otherwise the default (localnets; localhost;) is used. 2203. [security] Query id generation was cryptographically weak. 2202. [security] The default acls for allow-query-cache and allow-recursion were not being applied. 2193. [port] win32: BINDInstall.exe is now linked statically. 2192. [port] win32: use vcredist_x86.exe to install Visual Studio's redistributable dlls if building with Visual Stdio 2005 or later. --- Module Name: pkgsrc Committed By: adrianp Date: Wed Aug 1 21:09:57 UTC 2007 Modified Files: pkgsrc/net/bind9: Makefile Log Message: Fix for bind package name pointed out by John Klos on tech-pkg@
Revision 1.92 / (download) - annotate - [select for diffs], Wed Aug 1 21:09:57 2007 UTC (15 years, 6 months ago) by adrianp
Branch: MAIN
Changes since 1.91: +2 -1
lines
Diff to previous 1.91 (colored)
Fix for bind package name pointed out by John Klos on tech-pkg@
Revision 1.91 / (download) - annotate - [select for diffs], Sat Jul 28 11:41:56 2007 UTC (15 years, 6 months ago) by adrianp
Branch: MAIN
Changes since 1.90: +2 -3
lines
Diff to previous 1.90 (colored)
Update to 9.4.1-P1 2206. [security] "allow-query-cache" and "allow-recursion" now cross inherit from each other. If allow-query-cache is not set in named.conf then allow-recursion is used if set, otherwise allow-query is used if set, otherwise the default (localnets; localhost;) is used. If allow-recursion is not set in named.conf then allow-query-cache is used if set, otherwise allow-query is used if set, otherwise the default (localnets; localhost;) is used. 2203. [security] Query id generation was cryptographically weak. 2202. [security] The default acls for allow-query-cache and allow-recursion were not being applied. 2193. [port] win32: BINDInstall.exe is now linked statically. 2192. [port] win32: use vcredist_x86.exe to install Visual Studio's redistributable dlls if building with Visual Stdio 2005 or later.
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jul 4 20:54:48 2007 UTC (15 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.89: +5 -2
lines
Diff to previous 1.89 (colored)
Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Revision 1.89 / (download) - annotate - [select for diffs], Tue Jun 12 14:08:37 2007 UTC (15 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base
Branch point for: pkgsrc-2007Q2
Changes since 1.88: +3 -1
lines
Diff to previous 1.88 (colored)
Automatically include pthread variables. Bump revision as it might change some of the binaries.
Revision 1.88 / (download) - annotate - [select for diffs], Wed May 2 08:12:37 2007 UTC (15 years, 9 months ago) by cjs
Branch: MAIN
Changes since 1.87: +2 -2
lines
Diff to previous 1.87 (colored)
Update BIND to 9.4.1: CVE-2007-2241: A sequence of queries can cause a recursive nameserver to exit. While it is unlikely these will occur in normal operation, an attack can use them to cause the affected versions to exit. This attack is a denial of service, and does not allow an attacker to gain control of affected systems.
Revision 1.87 / (download) - annotate - [select for diffs], Sun Apr 15 18:56:49 2007 UTC (15 years, 9 months ago) by cjs
Branch: MAIN
Changes since 1.86: +2 -3
lines
Diff to previous 1.86 (colored)
Upgrade BIND to 9.4.0. I won't attempt to summarize 221 lines of changes in README here.
Revision 1.84.2.1 / (download) - annotate - [select for diffs], Thu Feb 1 09:28:52 2007 UTC (16 years ago) by ghen
Branch: pkgsrc-2006Q4
Changes since 1.84: +5 -3
lines
Diff to previous 1.84 (colored) next main 1.85 (colored)
Pullup ticket 2010 - requested by adrianp security update for bind9 - pkgsrc/net/bind9/Makefile 1.85-1.86 - pkgsrc/net/bind9/distinfo 1.30 - pkgsrc/net/bind9/patches/patch-ao 1.2 - pkgsrc/net/bind9/patches/patch-ap removed - pkgsrc/net/bind9/patches/patch-aq removed Module Name: pkgsrc Committed By: adrianp Date: Sun Jan 28 01:31:52 UTC 2007 Modified Files: pkgsrc/net/bind9: Makefile distinfo pkgsrc/net/bind9/patches: patch-ao Removed Files: pkgsrc/net/bind9/patches: patch-ap patch-aq Log Message: Update to 9.3.4 Lots of changes, see http://www.isc.org/sw/bind/view/?release=9.3.4#RELEASE for all the details: In brief: 2126. [security] Serialise validation of type ANY responses. 2124. [security] It was possible to dereference a freed fetch context. 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. 2088. [security] Change the default RSA exponent from 3 to 65537. 2066. [security] Handle SIG queries gracefully. 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. --- Module Name: pkgsrc Committed By: tron Date: Tue Jan 30 15:04:34 UTC 2007 Modified Files: pkgsrc/net/bind9: Makefile Log Message: Fix permission problems: - "share/doc/bind9" shouldn't be group-writable. - "share/doc/bind9/arm/Bv9ARM.pdf" shouldn't be executable. Bump package revision because of these fixes.
Revision 1.86 / (download) - annotate - [select for diffs], Tue Jan 30 15:04:33 2007 UTC (16 years ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.85: +4 -1
lines
Diff to previous 1.85 (colored)
Fix permission problems: - "share/doc/bind9" shouldn't be group-writable. - "share/doc/bind9/arm/Bv9ARM.pdf" shouldn't be executable. Bump package revision because of these fixes.
Revision 1.85 / (download) - annotate - [select for diffs], Sun Jan 28 01:31:52 2007 UTC (16 years ago) by adrianp
Branch: MAIN
Changes since 1.84: +2 -3
lines
Diff to previous 1.84 (colored)
Update to 9.3.4 Lots of changes, see http://www.isc.org/sw/bind/view/?release=9.3.4#RELEASE for all the details: In brief: 2126. [security] Serialise validation of type ANY responses. 2124. [security] It was possible to dereference a freed fetch context. 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. 2088. [security] Change the default RSA exponent from 3 to 65537. 2066. [security] Handle SIG queries gracefully. 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it.
Revision 1.84 / (download) - annotate - [select for diffs], Thu Nov 23 22:19:38 2006 UTC (16 years, 2 months ago) by hubertf
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base
Branch point for: pkgsrc-2006Q4
Changes since 1.83: +4 -2
lines
Diff to previous 1.83 (colored)
Disable threading on sparc and sparc64 sparc64 tested successfully by Volkmar Seifert <vs@nifelheim.info> OK'd by (and sparc included per suggestion of) martin@
Revision 1.83 / (download) - annotate - [select for diffs], Sun Nov 5 15:49:22 2006 UTC (16 years, 3 months ago) by seb
Branch: MAIN
Changes since 1.82: +5 -6
lines
Diff to previous 1.82 (colored)
Don't install doc/*/Makefile{,.in} as theses do not pass the CHECK_WRKREF
check. Also don't install utility perl scripts for building the
docs. Use pax to install all the doc files in one go.
Bump PKGREVISION to 3 for the PLIST changes.
Revision 1.78.2.1 / (download) - annotate - [select for diffs], Thu Sep 7 11:20:43 2006 UTC (16 years, 5 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.78: +5 -2
lines
Diff to previous 1.78 (colored) next main 1.79 (colored)
Pullup ticket 1816 - requested by adrianp security update for bind9 Revisions pulled up: - pkgsrc/net/bind9/Makefile 1.79,1.81-1.82 - pkgsrc/net/bind9/PLIST 1.19 - pkgsrc/net/bind9/distinfo 1.27 - pkgsrc/net/bind9/patches/patch-aa removed - pkgsrc/net/bind9/patches/patch-ac 1.6 - pkgsrc/net/bind9/patches/patch-ad 1.6 - pkgsrc/net/bind9/patches/patch-ae removed - pkgsrc/net/bind9/patches/patch-af 1.6 - pkgsrc/net/bind9/patches/patch-ah removed - pkgsrc/net/bind9/patches/patch-ai 1.7 - pkgsrc/net/bind9/patches/patch-aj 1.4 - pkgsrc/net/bind9/patches/patch-al 1.2 - pkgsrc/net/bind9/patches/patch-am 1.1 - pkgsrc/net/bind9/patches/patch-ao 1.1 - pkgsrc/net/bind9/patches/patch-ap 1.1 - pkgsrc/net/bind9/patches/patch-aq 1.1 Module Name: pkgsrc Committed By: taca Date: Thu Aug 17 14:14:18 UTC 2006 Modified Files: pkgsrc/net/bind9: Makefile PLIST distinfo pkgsrc/net/bind9/patches: patch-ac patch-ad patch-af patch-ai patch-aj patch-al Added Files: pkgsrc/net/bind9/patches: patch-am Removed Files: pkgsrc/net/bind9/patches: patch-aa patch-ae patch-ah Log Message: Update bind to 9.3.2. Changes are huge, so please see http://www.isc.org/sw/bind/bind9.3.php. --- Module Name: pkgsrc Committed By: seb Date: Mon Aug 28 16:00:45 UTC 2006 Modified Files: pkgsrc/net/bind9: Makefile distinfo Added Files: pkgsrc/net/bind9/patches: patch-an patch-ao Log Message: Bump PKGREVISION to 1. Fix build on NetBSD/sparc64 3.x: sync CPP symbols usage between struct addrinfo definition and its usage in getaddrinfo(). While here define struct addrinfo's pad members the same way as in NetBSD's /usr/include/netbsd.h and sync code in lib/bind/irs/getaddrinfo.c:getaddrinfo(). This had been reported to bind9-bugs at isc dot org. --- Module Name: pkgsrc Committed By: rillig Date: Sun Sep 3 22:58:26 UTC 2006 Modified Files: pkgsrc/net/bind9: Makefile Log Message: Added the relevant variables to BUILD_DEFS. --- Module Name: pkgsrc Committed By: adrianp Date: Tue Sep 5 20:45:32 UTC 2006 Modified Files: pkgsrc/net/bind9: Makefile distinfo Added Files: pkgsrc/net/bind9/patches: patch-ap patch-aq Log Message: Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1 * Assertion failure in ISC BIND SIG query processing (CVE-2006-4095) - Recursive servers Queries for SIG records will trigger an assertion failure if more than one RRset is returned. However exposure can be minimized by restricting which sources can ask for recursion. - Authoritative servers If a nameserver is serving a RFC 2535 DNSSEC zone and is queried for the SIG records where there are multiple RRsets, then the named program will trigger an assertion failure when it tries to construct the response. * INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096) It is possible to trigger an INSIST failure by sending enough recursive queries such that the response to the query arrives after all the clients waiting for the response have left the recursion queue. However exposure can be minimized by restricting which sources can ask for recursion.
Revision 1.82 / (download) - annotate - [select for diffs], Tue Sep 5 20:45:32 2006 UTC (16 years, 5 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.81: +2 -2
lines
Diff to previous 1.81 (colored)
Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1 * Assertion failure in ISC BIND SIG query processing (CVE-2006-4095) - Recursive servers Queries for SIG records will trigger an assertion failure if more than one RRset is returned. However exposure can be minimized by restricting which sources can ask for recursion. - Authoritative servers If a nameserver is serving a RFC 2535 DNSSEC zone and is queried for the SIG records where there are multiple RRsets, then the named program will trigger an assertion failure when it tries to construct the response. * INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096) It is possible to trigger an INSIST failure by sending enough recursive queries such that the response to the query arrives after all the clients waiting for the response have left the recursion queue. However exposure can be minimized by restricting which sources can ask for recursion.
Revision 1.81 / (download) - annotate - [select for diffs], Sun Sep 3 22:58:26 2006 UTC (16 years, 5 months ago) by rillig
Branch: MAIN
Changes since 1.80: +3 -1
lines
Diff to previous 1.80 (colored)
Added the relevant variables to BUILD_DEFS.
Revision 1.80 / (download) - annotate - [select for diffs], Mon Aug 28 16:00:45 2006 UTC (16 years, 5 months ago) by seb
Branch: MAIN
Changes since 1.79: +2 -1
lines
Diff to previous 1.79 (colored)
Bump PKGREVISION to 1. Fix build on NetBSD/sparc64 3.x: sync CPP symbols usage between struct addrinfo definition and its usage in getaddrinfo(). While here define struct addrinfo's pad members the same way as in NetBSD's /usr/include/netbsd.h and sync code in lib/bind/irs/getaddrinfo.c:getaddrinfo(). This had been reported to bind9-bugs at isc dot org.
Revision 1.79 / (download) - annotate - [select for diffs], Thu Aug 17 14:14:18 2006 UTC (16 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.78: +2 -2
lines
Diff to previous 1.78 (colored)
Update bind to 9.3.2. Changes are huge, so please see http://www.isc.org/sw/bind/bind9.3.php.
Revision 1.78 / (download) - annotate - [select for diffs], Tue Jun 20 13:37:22 2006 UTC (16 years, 7 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.77: +5 -1
lines
Diff to previous 1.77 (colored)
The contents of include/bind vary widly between systems as bind9 dutifully installs whatever it thinks might be missing or just substandard on the current system. As the Makefile already adds the contents of share/doc/bind9 dynamically to the PLIST, do the same for include/bind. Fixes the PLIST on RedHat EL 2 & 3, and does not break it on NetBSD/3 No PKGREVISION bump as no change to anything but generated PLIST
Revision 1.77 / (download) - annotate - [select for diffs], Tue Apr 25 16:19:40 2006 UTC (16 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored)
Remove as maintainer of this package. I'm no longer using it on any system I administrate.
Revision 1.76 / (download) - annotate - [select for diffs], Sun Apr 23 00:12:39 2006 UTC (16 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.75: +5 -2
lines
Diff to previous 1.75 (colored)
Modify packages that set PKG_USERS and PKG_GROUPS to follow the new syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
Revision 1.75 / (download) - annotate - [select for diffs], Thu Dec 29 06:21:57 2005 UTC (17 years, 1 month ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.74: +1 -2
lines
Diff to previous 1.74 (colored)
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Revision 1.74 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:13 2005 UTC (17 years, 2 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.73: +3 -3
lines
Diff to previous 1.73 (colored)
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
Revision 1.73 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:44 2005 UTC (17 years, 2 months ago) by rillig
Branch: MAIN
Changes since 1.72: +2 -3
lines
Diff to previous 1.72 (colored)
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Revision 1.72 / (download) - annotate - [select for diffs], Tue Aug 23 11:48:50 2005 UTC (17 years, 5 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored)
The real user name in PKG_USERS does not need to be escaped with double backslashes anymore. A single backslash is enough. Changed the definition in all affected packages. For those that are not caught, an additional check is placed into bsd.pkginstall.mk.
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jun 1 22:23:19 2005 UTC (17 years, 8 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.70: +1 -2
lines
Diff to previous 1.70 (colored)
Don't set "DIST_SUBDIR". BIND 9.x archives include the version number.
Revision 1.70 / (download) - annotate - [select for diffs], Wed Jun 1 22:02:55 2005 UTC (17 years, 8 months ago) by tron
Branch: MAIN
Changes since 1.69: +3 -8
lines
Diff to previous 1.69 (colored)
Update "bind" package to version 9.3.1. Changes since version 9.3.0: BIND 9.3.1 is a maintenance release, containing fixes for a number of bugs in 9.3.0. libbind: corresponds to that from BIND 8.4.6-REL.
Revision 1.69 / (download) - annotate - [select for diffs], Mon Apr 11 21:46:44 2005 UTC (17 years, 9 months ago) by tv
Branch: MAIN
Changes since 1.68: +1 -2
lines
Diff to previous 1.68 (colored)
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Revision 1.68 / (download) - annotate - [select for diffs], Fri Mar 18 01:14:32 2005 UTC (17 years, 10 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.67: +7 -2
lines
Diff to previous 1.67 (colored)
- Incooperate change root non-root support from NetBSD's "/etc/rc.d/named" into "named9.sh". - Create a user and a group "named" for running the name server. - Add a message file which encourages to run the name server in a change root non-root configuration. This address PR pkg/14876 by Greg A. Woods. Bump package revision because of the above changes.
Revision 1.67 / (download) - annotate - [select for diffs], Wed Mar 16 13:56:24 2005 UTC (17 years, 10 months ago) by tron
Branch: MAIN
Changes since 1.66: +3 -2
lines
Diff to previous 1.66 (colored)
- Rename rc script "named" to "named9" to avoid conflicts with NetBSD's builtin script. - Don't set "pidfile" in "named9.sh" because it breaks change rooted configurations. - Disable inlining in "lib/dns/rbt.c" on PowerPC systems because certain GCC version create broken code for that file. Bump package revision because of the above changes.
Revision 1.66 / (download) - annotate - [select for diffs], Tue Mar 15 16:07:01 2005 UTC (17 years, 10 months ago) by tron
Branch: MAIN
Changes since 1.65: +7 -15
lines
Diff to previous 1.65 (colored)
- Reorder assignment to fix "pkglint" warnings. - Use RCD_SCRIPTS mechanism to install startup scripts as suggested by Greg A. Woods in PR pkg/19099.
Revision 1.63.2.1 / (download) - annotate - [select for diffs], Thu Jan 27 13:31:24 2005 UTC (18 years ago) by salo
Branch: pkgsrc-2004Q4
Changes since 1.63: +7 -3
lines
Diff to previous 1.63 (colored) next main 1.64 (colored)
Pullup ticket 249 - requested by Todd Vierling security fix for bind9 Revisions pulled up: - pkgsrc/net/bind9/Makefile 1.65 - pkgsrc/net/bind9/distinfo 1.20 Module Name: pkgsrc Committed By: tron Date: Wed Jan 26 09:32:31 UTC 2005 Modified Files: pkgsrc/net/bind9: Makefile distinfo Log Message: Apply ISC patch to fix a potential DoS in BIND 9.3.0 reported in VU#938617. Bump package version number to 9.3.0pl1 because of this.
Revision 1.65 / (download) - annotate - [select for diffs], Wed Jan 26 09:32:31 2005 UTC (18 years ago) by tron
Branch: MAIN
Changes since 1.64: +7 -3
lines
Diff to previous 1.64 (colored)
Apply ISC patch to fix a potential DoS in BIND 9.3.0 reported in VU#938617. Bump package version number to 9.3.0pl1 because of this.
Revision 1.64 / (download) - annotate - [select for diffs], Wed Dec 29 15:31:24 2004 UTC (18 years, 1 month ago) by minskim
Branch: MAIN
Changes since 1.63: +2 -2
lines
Diff to previous 1.63 (colored)
Use VARBASE.
Revision 1.63 / (download) - annotate - [select for diffs], Sat Dec 18 21:01:46 2004 UTC (18 years, 1 month ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base
Branch point for: pkgsrc-2004Q4
Changes since 1.62: +4 -2
lines
Diff to previous 1.62 (colored)
BIND 9.3.0 dies right after launch on VAX and m68k when threading is enabled. Until this is fixed, we'll turn off threading for VAX and m68k. PowerPC has some other issue, and i386 and SPARC appear to work fine with threading.
Revision 1.62 / (download) - annotate - [select for diffs], Sun Oct 3 09:20:41 2004 UTC (18 years, 4 months ago) by tron
Branch: MAIN
Changes since 1.61: +3 -4
lines
Diff to previous 1.61 (colored)
Update "bind9" package to version 9.3.0. Changes since version 9.2.3: - DNSSEC is now DS based (RFC 3658). See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*. - DNSSEC lookaside validation. - check-names is now implemented. - rrset-order in more complete. - IPv4/IPv6 transition support, dual-stack-servers. - IXFR deltas can now be generated when loading master files, ixfr-from-differences. - It is now possible to specify the size of a journal, max-journal-size. - It is now possible to define a named set of master servers to be used in masters clause, masters. - The advertised EDNS UDP size can now be set, edns-udp-size. allow-v6-synthesis has been obsoleted. NOTE: * Zones containing MD and MF will now be rejected. * dig, nslookup name. now report "Not Implemented" as NOTIMP rather than NOTIMPL. This will have impact on scripts that are looking for NOTIMPL. - libbind: corresponds to that from BIND 8.4.5.
Revision 1.61 / (download) - annotate - [select for diffs], Sun Oct 3 00:17:49 2004 UTC (18 years, 4 months ago) by tv
Branch: MAIN
Changes since 1.60: +2 -2
lines
Diff to previous 1.60 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.60 / (download) - annotate - [select for diffs], Fri Aug 27 06:29:09 2004 UTC (18 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.59: +2 -2
lines
Diff to previous 1.59 (colored)
Replace RPATH_FLAG with LINKER_RPATH_FLAG and COMPILER_RPATH_FLAG,
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
Revision 1.59 / (download) - annotate - [select for diffs], Thu Apr 15 20:13:20 2004 UTC (18 years, 9 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.58: +2 -3
lines
Diff to previous 1.58 (colored)
Bump package revision after recent package list changes because older version of the package miss an important shared library.
Revision 1.58 / (download) - annotate - [select for diffs], Wed Apr 14 20:26:51 2004 UTC (18 years, 9 months ago) by snj
Branch: MAIN
Changes since 1.57: +4 -4
lines
Diff to previous 1.57 (colored)
Convert to buildlink3.
Revision 1.57 / (download) - annotate - [select for diffs], Tue Apr 6 14:54:17 2004 UTC (18 years, 10 months ago) by manu
Branch: MAIN
Changes since 1.56: +2 -2
lines
Diff to previous 1.56 (colored)
Build and install BIND9 resolver in ${prefix}/include/bind/ and
${prefix}/lib/libbind.a , just like the BIND8 package does.
Revision 1.56 / (download) - annotate - [select for diffs], Fri Mar 26 02:27:47 2004 UTC (18 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.55: +2 -2
lines
Diff to previous 1.55 (colored)
PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version.
Revision 1.55 / (download) - annotate - [select for diffs], Sat Feb 14 17:21:46 2004 UTC (18 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.54: +1 -3
lines
Diff to previous 1.54 (colored)
LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
Revision 1.54 / (download) - annotate - [select for diffs], Sun Dec 28 10:30:07 2003 UTC (19 years, 1 month ago) by tron
Branch: MAIN
Changes since 1.53: +3 -4
lines
Diff to previous 1.53 (colored)
Make "${IPV6H}" substitution in package list more efficient.
Revision 1.53 / (download) - annotate - [select for diffs], Wed Nov 12 03:39:41 2003 UTC (19 years, 2 months ago) by jschauma
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.52: +2 -1
lines
Diff to previous 1.52 (colored)
PKGREVISION++ after openssl update.
Revision 1.52 / (download) - annotate - [select for diffs], Mon Oct 27 03:56:03 2003 UTC (19 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.51: +5 -5
lines
Diff to previous 1.51 (colored)
upgrade to 9.2.3.
If you have installed BIND 9.1.3-P1, BIND 9.1.3-P2, BIND 9.2.2-P1,
BIND 9.2.2-P2, BIND 9.2.3rc2 or BIND 9.2.3rc3 it is recommended that
you upgrade. These versions generate false positives when applying
delegation-only tests.
--- 9.2.3 released ---
1525. [bug] dns_cache_create() could trigger a REQUIRE
failure in isc_mem_put() during error cleanup.
1524. [port] AIX needs to be able to resolve all symbols when
creating shared libraries (--with-libtool).
1523. [bug] Fix race condition in rbtdb. [RT# 9189]
1522. [bug] dns_db_findnode() relax the requirements on 'name'.
[RT# 9286]
1518. [bug] dns_nxt_buildrdata(), and hence dns_nxt_build(),
contained a off-by-one error when working out the
number of octets in the bitmap.
1514. [bug] named: isc_hash_destroy() was being called too early.
[RT #9160]
1513. [doc] Add "US" to root-delegation-only exclude list.
--- 9.2.3rc4 released ---
1512. [bug] Extend the delegation-only logging to return query
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
on negative answers from subzones.
--- 9.2.3rc3 released ---
1510. [func] New view option "root-delegation-only". Apply
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE, LV, US and MUSEUM) these can be excluded
from the checks by using exclude.
root-delegation-only exclude {
"DE"; "LV"; "US"; "MUSEUM";
};
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
--- 9.2.3rc2 released ---
1505. [bug] Uninitialised rdataset in sdb. [RT #8750]
1504. [func] New zone type "delegation-only".
1503. [port] win32: install libeay32.dll outside of system32.
(9.2.2-P2 is somewhere around here)
Revision 1.51 / (download) - annotate - [select for diffs], Mon Sep 22 13:22:16 2003 UTC (19 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.50: +4 -4
lines
Diff to previous 1.50 (colored)
Update bind9 package to 9.2.2p3 (9.2.2-P3). --- 9.2.2-P3 released --- 1512. [bug] Extend the delegation-only logging to return query type, class and responding nameserver. 1511. [bug] delegation-only was generating false positives on negative answers from subzones.
Revision 1.50 / (download) - annotate - [select for diffs], Sat Sep 20 12:50:24 2003 UTC (19 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.49: +4 -8
lines
Diff to previous 1.49 (colored)
9.2.2-P2
--- 9.2.2-P2 released ---
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
Revision 1.49 / (download) - annotate - [select for diffs], Wed Sep 17 14:28:51 2003 UTC (19 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.48: +6 -1
lines
Diff to previous 1.48 (colored)
upgrade to 9.2.2p1. --- BIND 9.2.2-P1 is now available. In response to high demand from our users, ISC is releasing a patch for BIND to support the declaration of "delegation-only" zones in caching/recursive name servers. Briefly, a zone which has been declared "delegation-only" will be effectively limited to containing NS RRs for subdomains, but no actual data outside its apex (for example, its SOA RR and apex NS RRset). This can be used to filter out "wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest.
Revision 1.48 / (download) - annotate - [select for diffs], Fri Mar 14 19:37:52 2003 UTC (19 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored)
(1) Publicly export the value of _OPSYS_RPATH_NAME as RPATH_FLAG;
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
Revision 1.47 / (download) - annotate - [select for diffs], Mon Mar 10 03:01:09 2003 UTC (19 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.46: +4 -3
lines
Diff to previous 1.46 (colored)
Make the USE_INET6/IPV6H handling a bit more readable. (won't fix PR 20019 though...)
Revision 1.46 / (download) - annotate - [select for diffs], Wed Mar 5 05:40:45 2003 UTC (19 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.45: +2 -2
lines
Diff to previous 1.45 (colored)
Update bind9 to 9.2.2 Changes: many, at least 1 security related.
Revision 1.45 / (download) - annotate - [select for diffs], Sun Oct 6 16:44:53 2002 UTC (20 years, 4 months ago) by seb
Branch: MAIN
CVS Tags: netbsd-1-6-1-base,
netbsd-1-6-1
Changes since 1.44: +12 -3
lines
Diff to previous 1.44 (colored)
buildlink1 -> buildlink2 Add support for native pthread via mk/pthread.buildlink2.mk
Revision 1.41.4.1 / (download) - annotate - [select for diffs], Thu Sep 5 10:22:55 2002 UTC (20 years, 5 months ago) by agc
Branch: netbsd-1-6
Changes since 1.41: +8 -1
lines
Diff to previous 1.41 (colored) next main 1.42 (colored)
Pull up versions 1.42-1.44 of Makefile, and version 1.4 of PLIST, to the netbsd-1-6 pkgsrc branch. Requested by Grant Beattie. > From: grant beattie <grant@netbsd.org> > Date: Tue, 20 Aug 2002 04:38:18 +0300 (EEST) > > Module Name: pkgsrc > Committed By: grant > Date: Tue Aug 20 01:38:18 UTC 2002 > > Modified Files: > pkgsrc/net/bind9: Makefile PLIST > > Log Message: > deal with optional installation of ipv6.h on non-ipv6 platforms.
Revision 1.44 / (download) - annotate - [select for diffs], Mon Aug 26 12:09:36 2002 UTC (20 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.43: +3 -3
lines
Diff to previous 1.43 (colored)
use USE_INET6 to determine whether or not to install include/isc/ipv6.h
Revision 1.43 / (download) - annotate - [select for diffs], Mon Aug 26 11:25:41 2002 UTC (20 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored)
this extra doublequote causes "make plist" to fail
Revision 1.42 / (download) - annotate - [select for diffs], Tue Aug 20 01:38:16 2002 UTC (20 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.41: +7 -0
lines
Diff to previous 1.41 (colored)
deal with optional installation of ipv6.h on non-ipv6 platforms.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jul 24 12:55:56 2002 UTC (20 years, 6 months ago) by grant
Branch: MAIN
CVS Tags: netbsd-1-6-RELEASE-base
Branch point for: netbsd-1-6
Changes since 1.40: +4 -0
lines
Diff to previous 1.40 (colored)
override built-in libtool to fix shared library major versions on non-NetBSD systems.
Revision 1.40 / (download) - annotate - [select for diffs], Fri Jul 19 11:20:30 2002 UTC (20 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: pkgviews-base,
pkgviews
Changes since 1.39: +3 -3
lines
Diff to previous 1.39 (colored)
Use INSTALL_SCRIPT to install the startup files.
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Sun Jun 23 18:54:53 2002 UTC (20 years, 7 months ago) by jlam
Branch: buildlink2
Changes since 1.38: +9 -8
lines
Diff to previous 1.38 (colored) next main 1.39 (colored)
Merge from pkgsrc-current to buildlink2 branch.
Revision 1.39 / (download) - annotate - [select for diffs], Mon Jun 17 12:58:22 2002 UTC (20 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: buildlink2-base
Changes since 1.38: +9 -8
lines
Diff to previous 1.38 (colored)
Use openssl buildlink.mk instead of USE_SSL.
Revision 1.38 / (download) - annotate - [select for diffs], Sat May 4 14:56:23 2002 UTC (20 years, 9 months ago) by taca
Branch: MAIN
Branch point for: buildlink2
Changes since 1.37: +3 -3
lines
Diff to previous 1.37 (colored)
Update bind9 pacakge to 9.2.1 (with pkglint free).
--- 9.2.1 released ---
1271. [port] win32: a make file contained absolute version specific
references.
1269. [bug] Missing masters clause was not handled gracefully.
[RT #2703]
1244. [bug] Receiving a TCP message from a blackhole address would
prevent further messages being received over that
interface.
1178. [bug] Follow and cache (if appropriate) A6 and other
data chains to completion in the additional section.
--- 9.2.1rc2 released ---
1240. [bug] It was possible to leak zone references by
specifying an incorrect zone to rndc.
1239. [bug] Under certain circumstances named could continue to
use a name after it had been freed triggering
INSIST() failures. [RT #2614]
1238. [bug] It is possible to lockup the server when shutting down
if notifies are being processed. [RT #2591]
1237. [bug] nslookup: "set q=type" failed.
1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
NULL terminated text regions. [RT #2588]
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1229. [bug] named would crash if it received a TSIG signed
query as part of an AXFR response. [RT #2570]
1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
if a number was expected and some other token was
found. [RT#2532]
1222. [bug] Specifying 'port *' did not always result in a system
selected (non-reserved) port being used. [RT #2537]
1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
compared case insensitively. [RT #2542]
1218. [bug] Named incorrectly returned SERVFAIL rather than
NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1216. [bug] Multiple server clauses for the same server were not
reported. [RT #2514]
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
1214. [bug] Win32: isc_file_renameunique() could leave zero length
files behind.
1212. [port] libbind: 64k answer buffers were causing stack space
to be exceeded for certian OS. Use heap space instead.
1211. [bug] dns_name_fromtext() incorrectly handled certain
valid octal bitlabels. [RT #2483]
1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
compatible addresses. [RT #2461]
1208. [bug] dns_master_load*() failed to log a error message if
an error was detected when parsing the ownername of
a record. [RT #2448]
--- 9.2.1rc1 released ---
1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
an invalid pointer.
1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
trigger a non-EDNS retry.
1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
of the message. [RT #2449]
1204. [bug] libbind: res_nupdate() failed to update the name
server addresses before sending the update.
1201. [bug] Require that if 'callbacks' is passed to
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initialized.
1200. [bug] Log 'errno' that we are unable to convert to
isc_result_t. [RT #2404]
1198. [bug] OPT printing style was not consistant with the way the
header fields are printed. The DO bit was not reported
if set. Report if any of the MBZ bits are set.
1197. [bug] Attempts to define the same acl multiple times were not
detected.
1196. [contrib] update mdnkit to 2.2.3.
1195. [bug] Attempts to redefine builtin acls should be caught.
[RT #2403]
1194. [bug] Not all duplicate zone definitions were being detected
at the named.conf checking stage. [RT #2431]
1193. [bug] Best effort parsing didn't handle packet truncation.
1191. [bug] A dynamic update removing the last non-apex name in
a secure zone would fail. [RT #2399]
1189. [bug] On some systems, malloc(0) returns NULL, which
could cause the caller to report an out of memory
error. [RT #2398]
1188. [bug] Dynamic updates of a signed zone would fail if
some of the zone private keys were unavailable.
1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
EOL token when reading to end of line.
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
unless RES_INIT is set when calling res_*init().
1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
when res_*init() is called.
1183. [bug] Handle ENOSR error when writing to the internal
control pipe. [RT #2395]
1182. [bug] The server could throw an assertion failure when
constructing a negative response packet.
1176. [doc] Document that allow-v6-synthesis is only performed
for clients that are supplied recursive service.
[RT #2260]
1175. [bug] named-checkzone failed to call dns_result_register()
at startup which could result in runtime
exceptions when printing "out of memory" errors.
[RT #2335]
1174. [bug] Win32: add WSAECONNRESET to the expected errors
from connect(). [RT #2308]
1173. [bug] Potential memory leaks in isc_log_create() and
isc_log_settag(). [RT #2336]
1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
table of RR types in ARM.
1170. [bug] Don't attempt to print the token when a I/O error
occurs when parsing named.conf. [RT #2275]
1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
1167. [contrib] nslint-2.1a3 (from author).
1166. [bug] "Not Implemented" should be reported as NOTIMP,
not NOTIMPL. [RT #2281]
1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
1164. [bug] Empty masters clauses in slave / stub zones were not
handled gracefully. [RT #2262]
1162. [bug] The allow-notify option was not accepted in slave
zone statements.
1161. [bug] named-checkzone looped on unbalanced brackets.
[RT #2248]
1160. [bug] Generating Diffie-Hellman keys longer than 1024
bits could fail. [RT #2241]
1156. [port] The configure test for strsep() incorrectly
succeeded on certain patched versions of
AIX 4.3.3. [RT #2190]
1154. [bug] Don't attempt to obtain the netmask of a interface
if there is no address configured. [RT #2176]
1152. [bug] libbind: read buffer overflows.
1144. [bug] rndc-confgen would crash if both the -a and -t
options were specified. [RT #2159]
1142. [bug] dnssec-signzone would fail to delete temporary files
in some failure cases. [RT #2144]
1141. [bug] When named rejected a control message, it would
leak a file descriptor and memory. It would also
fail to respond, causing rndc to hang.
[RT #2139, #2164]
1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
to the -s option. [RT #2138]
1136. [bug] CNAME records synthesized from DNAMEs did not
have a TTL of zero as required by RFC2672.
[RT #2129]
1125. [bug] rndc: -k option was missing from usage message.
[RT #2057]
1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
are now documented. [RT #2052]
1123. [bug] dig +[no]fail did not match description. [RT #2052]
1109. [bug] nsupdate accepted illegal ttl values.
1108. [bug] On Win32, rndc was hanging when named was not running
due to failure to select for exceptional conditions
in select(). [RT #1870]
1081. [bug] Multicast queries were incorrectly identified
based on the source address, not the destination
address.
1072. [bug] The TCP client quota could be exceeded when
recursion occurred. [RT #1937]
1071. [bug] Sockets listening for TCP DNS connections
specified an excessive listen backlog. [RT #1937]
1070. [bug] Copy DNSSEC OK (DO) to response as specified by
draft-ietf-dnsext-dnssec-okbit-03.txt.
1014. [bug] Some queries would cause statistics counters to
increment more than once or not at all. [RT #1321]
1012. [bug] The -p option to named did not behave as documented.
988. [bug] 'additional-from-auth no;' did not work reliably
in the case of queries answered from the cache.
[RT #1436]
995. [bug] dig, host, nslookup: using a raw IPv6 address as a
target address should be fatal on a IPv4 only system.
Revision 1.37 / (download) - annotate - [select for diffs], Tue Nov 27 03:38:40 2001 UTC (21 years, 2 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.36: +3 -8
lines
Diff to previous 1.36 (colored)
upgrade to 9.2.0. list of changes between 9.1.3 to 9.2.0 is available at: http://www.isc.org/products/BIND/bind9.html
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jul 4 00:21:34 2001 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.35: +3 -3
lines
Diff to previous 1.35 (colored)
upgrade to 9.1.3 from ISC. changes between 9.1.2 to 9.1.3: --- 9.1.3 released --- --- 9.1.3rc3 released --- 911. [bug] Fail gracefully with multiple hint zones. [RT #1433] 910. [port] Some pre-RFC2133 IPv6 implementations do not define IN6ADDR_ANY_INIT. [RT #1416] --- 9.1.3rc2 released --- 904. [bug] The server would leak memory if attempting to use an expired TSIG key. [RT #1406] 903. [bug] dig should not crash when receiving a TCP packet of length 0. 902. [bug] The -d option was ignored if both -t and -g were also specified. 901. [cleanup] The man pages no longer have empty lines outside of literal blocks. 898. [bug] "dig" failed to set a nonzero exit status on UDP query timeout. [RT #1323] 894. [bug] When using the DNSSEC tools, a message intended to warn when the keyboard was being used because of the lack of a suitable random device was not being printed. 892. [bug] The server could attempt to refresh a zone that was being loaded, causing an assertion failure. [RT #1335] 891. [bug] Return an error when a SIG(0) signed response to an unsigned query is seen. This should actually do the verification, but it's not currently possible. [RT #1391] 888. [bug] Don't die when using TKEY to delete a nonexistent TSIG key. [RT #1392] 860. [interop] Drop cross class glue in zone transfers. 852. [bug] Handle responses from servers which do not now about IXFR. 850. [bug] dns_rbt_findnode() would not find nodes that were split on a bitstring label somewhere other than in the last label of the node. [RT #1351] 705. [port] Work out resource limit type for use where rlim_t is not available. [RT #695] 704. [port] RLIMIT_NOFILE is not available on all platforms. 703. [port] sys/select.h is needed on older platforms. [RT #695] --- 9.1.3rc1 released --- 831. [bug] The configure script tried to determine endianness before making its final decision on which C compiler to use, causing Solaris/x86 systems with gcc to be incorrectly identified as big-endian. [RT #1315] 827. [bug] When an IXFR protocol error occurs, the slave should retry with AXFR. 826. [bug] Some IXFR protocol errors were not detected. 825. [bug] zone.c:ns_query() detached from the wrong zone reference. [RT #1264] 824. [bug] Correct line numbers reported by dns_master_load(). [RT #1263] 822. [bug] Sending nxrrset prerequisites would crash nsupdate. [RT #1248] 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up the calling stack to the zone maintence level, causing zones to not reload when an included file was touched but the top-level zone file was not. 771. [cleanup] TSIG errors related to unsynchronized clocks are logged better. [RT #919] 734. [bug] An attempt to re-lock the zone lock could occur if the server was shutdown during a zone tranfer. [RT #830] 712. [bug] Sending a large signed update message caused an assertion failure. [RT #718] 669. [bug] dnssec-keygen now makes the public key file non-world-readable for symmetric keys. [RT #403]
Revision 1.35 / (download) - annotate - [select for diffs], Sun May 6 00:19:06 2001 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.34: +3 -3
lines
Diff to previous 1.34 (colored)
upgrade to 9.1.2. --- 9.1.2 released --- --- 9.1.2rc1 released --- 820. [bug] Name server address lookups failed to follow A6 chains into the glue of local authoritative zones. 819. [bug] In certain cases, the resolver's attempts to restart an address lookup at the root could cause the fetch to deadlock (with itself) instead of restarting. [RT #1225] 818. [bug] Certain pathological responses to ANY queries could cause an assertion failure. [RT #1218] 816. [bug] Report potential problems with log file accessibility at configuration time, since such problems can't reliably be reported at the time they actually occur. 815. [bug] If a log file was specified with a path separator character (i.e. "/") in its name and the directory did not exist, the log file's name was treated as though it were the directory name. [RT #1189] 814. [bug] Socket objects left over from accept() failures were incorrectly destroyed, causing corruption of socket manager data structures. 813. [bug] File descriptors exceeding FD_SETSIZE were handled badly. [RT #1192] 812. [bug] dig sometimes printed incomplete IXFR responses due to an uninitialized variable. [RT #1188] 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194] 810. [bug] The signer name in SIG records was not properly downcased when signing/verifying records. [RT #1186] 807. [bug] When setting up TCP connections for incoming zone transfers, the transfer-source port was not ignored like it should be. 804. [bug] Attempting to obtain entropy could fail in some situations. This would be most common on systems with user-space threads. [RT #1131] 802. [bug] DNSSEC key tags were computed incorrectly in almost all cases. [RT #1146] 801. [bug] nsupdate should treat lines beginning with ';' as comments. [RT #1139] 800. [bug] dnssec-signzone produced incorrect statistics for large zones. [RT #1133] 799. [bug] The ADB didn't find AAAA glue in a zone unless A6 glue was also present.
Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 12 03:35:25 2001 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.33: +2 -4
lines
Diff to previous 1.33 (colored)
on bind9 mailing list isc/niminum people recommended against the use of /dev/urandom.
Revision 1.33 / (download) - annotate - [select for diffs], Thu Mar 29 03:40:42 2001 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.32: +3 -4
lines
Diff to previous 1.32 (colored)
upgrade to 9.1.1. functionality equal to 9.1.1rc7 (= 9.1.0.7)
Revision 1.32 / (download) - annotate - [select for diffs], Tue Mar 27 09:01:27 2001 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.31: +4 -4
lines
Diff to previous 1.31 (colored)
upgrade to 9.1.1rc7.
--- 9.1.1rc7 released ---
791. [bug] The control channel did not work over IPv6.
790. [bug] Wildcards created using dynamic update or IXFR
could fail to match. [RT #1111]
787. [bug] The DNSSEC tools failed to downcase domain
names when mapping them into file names.
786. [bug] When DNSSEC signing/verifying data, owner names were
not properly downcased.
--- 9.1.1rc6 released ---
785. [bug] A race condition in the resolver could cause
an assertion failure. [RT #673, #872, #1048]
784. [bug] nsupdate and other programs would not quit properly
if some signals were blocked by the caller. [RT #1081]
783. [bug] Following CNAMEs could cause an assertion failure
when either using an sdb database or under very
rare conditions.
780. [bug] Error handling code dealing with out of memory or
other rare errors could lead to assertion failures
by calling functions on unitialized names. [RT #1065]
Revision 1.31 / (download) - annotate - [select for diffs], Fri Mar 16 00:14:03 2001 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.30: +4 -4
lines
Diff to previous 1.30 (colored)
upgrade to 9.1.1rc5 (version # is 9.1.0.5 to prevent going backward) --- 9.1.1rc5 released --- 778. [bug] When starting cache cleaning, cleaning_timer_action() returned without first pausing the iterator, which could cause deadlock. [RT #998] 777. [bug] An empty forwarders list in a zone failed to override global forwarders. [RT #995] 775. [bug] Address match lists with invalid netmasks caused the configuration parser to abort with an assertion failure. [RT #996] 772. [bug] Owner names could be incorrectly omitted from cache dumps in the presence of negative caching entries. [RT #991] 686. [bug] dig and nslookup can now be properly aborted during blocking operations. [RT #568]
Revision 1.30 / (download) - annotate - [select for diffs], Wed Mar 7 00:39:17 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.29: +4 -4
lines
Diff to previous 1.29 (colored)
upgrade to 9.1.1rc4. --- 9.1.1rc4 released --- 767. [bug] The configuration parser handled invalid ports badly. [RT #961] 766. [bug] A few cases in query_find() could leak fname. This would trigger the mpctx->allocated == 0 assertion when the server exited. [RT #739, #776, #798, #812, #818, #821, #845, #892, #935, #966] 759. [bug] The resolver didn't turn off "avoid fetches" mode when restarting, possibly causing resolution to fail when it should not. This bug only affected platforms which support both IPv4 and IPv6. [RT #927] 758. [bug] The "avoid fetches" code did not treat negative cache entries correctly, causing fetches that would be useful to be avoided. This bug only affected platforms which support both IPv4 and IPv6. [RT #927] 756. [bug] dns_zone_load() could "return" success when no master file was configured. 755. [bug] Fix incorrectly formatted log messages in zone.c. 709. [bug] ANY or SIG queries for data with a TTL of 0 would return SERVFAIL. [RT #620]
Revision 1.29 / (download) - annotate - [select for diffs], Tue Feb 27 02:54:27 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.28: +6 -7
lines
Diff to previous 1.28 (colored)
upgrade to 9.1.1rc3 (package version # is 9.1.0.3 as rc3 is prior to 9.1.1). --- 9.1.1rc3 released --- 754. [bug] Certain failure conditions sending UDP packets could cause the server to retry the transmission indefinitely. [RT #902] 753. [bug] dig, host, and nslookup would fail to contact a remote server if getaddrinfo() returned an IPv6 address on a system that doesn't support IPv6. [RT #917] 750. [bug] A query should not match a DNAME whose trust level is pending. [RT #916] 749. [bug] When a query matched a DNAME in a secure zone, the server did not return the signature of the DNAME. [RT #915] 747. [bug] The code to determine whether an IXFR was possible did not properly check for a database that could not have a journal. [RT #865, #908] 746. [bug] The sdb didn't clone rdatasets properly, causing a crash when the server followed delegations. [RT #905] 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the result of an ANY or SIG query, the resolver failed to setup the return event's rdatasets, causing an assertion failure in the query code. [RT #881] 743. [bug] Receiving a large number of certain malformed answers could cause named to stop responding. [RT #861] 742. [bug] dig +domain did not work. [RT #850] 738. [bug] If a non-threadsafe sdb driver supported AXFR and received an AXFR request, it would deadlock or die with an assertion failure. [RT #852] 737. [port] stdtime.c failed to compile on certain platforms. 648. [port] Add support for pre-RFC2133 IPv6 implementations. --- 9.1.1rc2 released --- 733. [bug] Reference counts of dns_acl_t objects need to be locked but were not. [RT #801, #821] 708. [bug] When building with --with-openssl, the openssl headers included with BIND 9 should not be used. [RT #702]
Revision 1.28 / (download) - annotate - [select for diffs], Sun Feb 25 04:18:04 2001 UTC (21 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.27: +6 -6
lines
Diff to previous 1.27 (colored)
Cleanup MKDIR usage => INSTALL_*_DIR XXX need to teach pkglint to be more picky about this
Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 17 18:18:36 2001 UTC (21 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.26: +2 -1
lines
Diff to previous 1.26 (colored)
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
Revision 1.26 / (download) - annotate - [select for diffs], Tue Feb 13 04:56:14 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.25: +4 -3
lines
Diff to previous 1.25 (colored)
build it with internal openssl. 9.1.1rc1 has issues with include search path.
Revision 1.25 / (download) - annotate - [select for diffs], Thu Feb 8 10:31:43 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.24: +10 -2
lines
Diff to previous 1.24 (colored)
use 9.1.1rc1. we upgrade to release candidate for important fixes
(change id 727 is very important).
hack: package version number is set to 9.1.0.1, as 9.1.1rc1 is prior to 9.1.1.
729. [port] pthread_setconcurrency() needs to be called on Solaris.
727. [port] Work around OS bug where accept() succeeds but
fails to fill in the peer address of the accepted
connection, by treating it as an error rather than
an assertion failure. [RT #809]
723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
to return DNS_R_SERVFAIL. [RT #783]
720. [bug] Server could enter infinite loop in
dispatch.c:do_cancel(). [RT #743]
719. [bug] Rapid reloads could trigger an assertion failure.
[RT #743, #763]
717. [bug] Certain TKEY processing failure modes could
reference an uninitialized variable, causing the
server to crash. [RT #750]
716. [bug] The first line of a $INCLUDE master file was lost if
an origin was specified. [RT #744]
715. [bug] Resolving some A6 chains could cause an assertion
failure in adb.c. [RT #738]
711. [bug] The libisc and liblwres implementations of
inet_ntop contained an off by one error.
706. [bug] Zones with an explicit "allow-update { none; };"
were considered dynamic and therefore not reloaded
on SIGHUP or "rndc reload".
700. [bug] $GENERATE range check was wrong. [RT #688]
698. [bug] Aborting nsupdate with ^C would lead to several
race conditions.
699. [bug] The lexer mishandled empty quoted strings. [RT #694]
694. [bug] $GENERATE did not produce the last entry.
[RT #682, #683]
693. [bug] An empty lwres statement in named.conf caused
the server to crash while loading.
692. [bug] Deal with systems that have getaddrinfo() but not
gai_strerror(). [RT #679]
691. [bug] Configuring per-view forwarders caused an assertion
failure. [RT #675, #734]
Revision 1.24 / (download) - annotate - [select for diffs], Sun Feb 4 12:19:24 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.23: +5 -1
lines
Diff to previous 1.23 (colored)
add rc.d/lwresd
Revision 1.23 / (download) - annotate - [select for diffs], Wed Jan 31 04:07:36 2001 UTC (22 years ago) by hubertf
Branch: MAIN
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored)
make the rc.d script's name a bit more obvious
Revision 1.22 / (download) - annotate - [select for diffs], Sun Jan 28 13:19:28 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.21: +5 -2
lines
Diff to previous 1.21 (colored)
use OpenSSL shipped with netbsd 1.5, or in pkgsrc/security/openssl.
Revision 1.21 / (download) - annotate - [select for diffs], Sun Jan 28 06:51:01 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.20: +4 -2
lines
Diff to previous 1.20 (colored)
use urandom (should be good enough), otherwise dnssec-keygen will take forever
Revision 1.20 / (download) - annotate - [select for diffs], Fri Jan 26 21:12:02 2001 UTC (22 years ago) by hubertf
Branch: MAIN
Changes since 1.19: +3 -4
lines
Diff to previous 1.19 (colored)
After discussion with Michael Graff, disable threads until we get a in-tree threads implementation. Benefit of this is that the pkg now works on all platforms (Tested: 1.5/sparc).
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jan 26 04:25:36 2001 UTC (22 years ago) by hubertf
Branch: MAIN
Changes since 1.18: +7 -1
lines
Diff to previous 1.18 (colored)
Add a startup script
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 18 13:12:04 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.17: +3 -2
lines
Diff to previous 1.17 (colored)
upgrade to 9.1.0 from ISC. too many changes to be mentioned here.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Dec 30 13:57:45 2000 UTC (22 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.16: +1 -5
lines
Diff to previous 1.16 (colored)
Manually syncing ONLY_FOR_PLATFORM is not the way to go. Remove ONLY_FOR_PLATFORM, and let it fail while installing the DEPENDS.
Revision 1.16 / (download) - annotate - [select for diffs], Thu Dec 28 16:49:37 2000 UTC (22 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.15: +3 -2
lines
Diff to previous 1.15 (colored)
Sync ONLY_FOR_PLATFORM with devel/unproven-pthreads.
Revision 1.15 / (download) - annotate - [select for diffs], Mon Nov 13 16:12:49 2000 UTC (22 years, 2 months ago) by toshii
Branch: MAIN
Changes since 1.14: +2 -3
lines
Diff to previous 1.14 (colored)
Setting CC in CONFIGURE_ENV doesn't work as it will be overwritten by the configure. Instead, set LDFLAGS so that unproven-pthreads can be found before pth. Fixes pr #11418.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Nov 13 04:43:23 2000 UTC (22 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
upgrade to 9.0.1 from ISC. --- 9.0.1 released --- 547. [bug] dnssafe doesn't correctly handle RSA keys longer than 2000 bits. Disable support for long keys. --- 9.0.1rc2 released --- 527. [bug] When a hint zone was configured, the spurious warning messages "Hint zones do not have a forward field" and "Hint zones do not have a forwarders field" were printed. [RT #439] --- 9.0.1rc1 released --- 526. [bug] nsupdate incorrectly refused to add RRs with a TTL of 0. 523. [doc] The source to the Administrator Reference Manual is now an XML file using the DocBook DTD, and is included in the distribution. The plain text version of the ARM is temporarily unavailable while we figure out how to generate readable plain text from the XML. 520. [bug] Upgraded libtool to 1.3.5, which makes shared library builds almost work on AIX (and possibly others). 519. [bug] dns_name_split() would improperly split some bitstring labels, zeroing a few of the least signficant bits in the prefix part. When such an improperly created prefix was returned to the RBT database, the bogus label was dutifully stored, corrupting the tree. [RT #369] 518. [bug] The resolver did not realize that a DNAME which was "the answer" to the client's query was "the answer", and such queries would fail. [RT #399] 517. [bug] The resolver's DNAME code would trigger an assertion if there was more than one DNAME in the chain. [RT #399] 516. [bug] Cache lookups which had a NULL node pointer, e.g. those by dns_view_find(), and which would match a DNAME, would trigger an INSIST(!search.need_cleanup) assertion. [RT #399] 515. [bug] The ssu table was not being attached / detached by dns_zone_[sg]etssutable. [RT#397] 511. [bug] The message code could throw an assertion on an out of memory failure. [RT #392] 510. [bug] Remove spurious view notify warning. [RT #376] 505. [bug] nsupdate was printing "unknown result code". [RT #373] 502. [func] On a SERVFAIL reply, DiG will now try the next server in the list, unless the +fail option is specified. 501. [bug] Incorrect port numbers were being displayed by nslookup. [RT #352] 500. [func] Nearly useless +details option removed from DiG. 499. [func] In DiG, specifying a class with -c or type with -t changes command-line parsing so that classes and types are only recognized if following -c or -t. This allows hosts with the same name as a class or type to be looked up. 498. [doc] There is now a man page for "dig" in doc/man/bin/dig.1. 495. [bug] nsupdate was unable to handle large records. [RT #368] 491. [bug] nsupdate would segfault when sending certain prerequisites with empty RDATA. [RT #356] 488. [bug] Locks weren't properly destroyed in some cases. 486. [bug] nslookup: "set all" and "server" commands showed the incorrect port number if a port other than 53 was specified. [RT #352] 485. [func] When dig had more than one server to query, it would send all of the messages at the same time. Add rate limiting of the transmitted messages. 483. [bug] nslookup: "set all" showed a "search" option but it was not settable. 482. [bug] nslookup: a plain "server" or "lserver" should be treated as a lookup. 481. [bug] nslookup:get_next_command() stack size could exceed per thread limit. 480. [bug] strtok() is not thread safe. [RT #349] 476. [bug] A zone could expire while a zone transfer was in progress triggering a INSIST failure. [RT #329] 475. [bug] query_getzonedb() sometimes returned a non-null version on failure. This caused assertion failures when generating query responses where names subject to additional section processing pointed to a zone to which access had been denied by means of the allow-query option. [RT #336] 474. [bug] The mnemonic of the CHAOS class is CH according to RFC1035, but it was printed and read only as CHAOS. We now accept both forms as input, and print it as CH. [RT #305] 473. [bug] nsupdate overran the end of the list of name servers when no servers could be reached, typically causing it to print the error message "dns_request_create: not implemented". 472. [bug] Off-by-one error caused isc_time_add() to sometimes produce invalid time values. 471. [bug] nsupdate didn't compile on HP/UX 10.20 463. [bug] nsupdate sent malformed SOA queries to the second and subsequent name servers in resolv.conf if the query sent to the first one failed. 459. [bug] Nslookup processed the "set" command incorrectly. 458. [bug] Nslookup didn't properly check class and type values. [RT #305] 457. [bug] Dig/host/hslookup didn't properly handle connect timeouts in certain situations, causing an unnecessary warning message to be printed. 447. [bug] Dig didn't properly retry in TCP mode after a truncated reply. [RT #277] 403. [bug] "host" did not use the search list. 395. [bug] nslookup printed incorrect RR type mnemonics for RRs of type >= 21 [RT #237]. 388. [func] dig and host can now do reverse ipv6 lookups. 387. [func] Add dns_byaddr_createptrname(), which converts an address into the name used by a PTR query. 379. [func] New library function isc_sockaddr_anyofpf(). 347. [bug] Don't crash if an argument is left off options in dig. 346. [func] Add support for .digrc config file, in the user's current directory 345. [bug] Large-scale changes/cleanups to dig: * Significantly improve structure handling * Don't pre-load entire batch files * Add name/rr counting/limiting * Fix SIGINT handling * Shorten timeouts to match v8's behavior --- 9.0.0 released ---
Revision 1.13 / (download) - annotate - [select for diffs], Mon Sep 18 05:16:45 2000 UTC (22 years, 4 months ago) by rh
Branch: MAIN
CVS Tags: netbsd-1-5-RELEASE,
netbsd-1-4-PATCH003
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
Update bind9 to 9.0.0 (release version) as requested by hubertf to get this in before the 1.5 release. Changes are bugfixes only.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Aug 29 10:57:16 2000 UTC (22 years, 5 months ago) by rh
Branch: MAIN
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored)
Update bind9 to 9.0.0rc5. Changes are bugfixes only, including a fix that
makes patch-ab unnecessary:
* A typo in the HS A code caused an assertion failure.
* lwres_gethostbyname() and company set lwres_h_errno
to a random value on success.
* If named was shut down early in the startup
process, ns_omapi_shutdown() would attempt to lock
an unintialized mutex. [RT #262]
* stub zones could leak memory and reference counts if
all the masters were unreachable.
* isc_rwlock_lock() would needlessly block
readers when it reached the read quota even
if no writers were waiting.
* Log messages were occasionally lost or corrupted
due to a race condition in isc_log_doit().
* The request library didn't completely work with IPv6.
* Check for IPV6_RECVPKTINFO and use it instead of
IPV6_PKTINFO if found. [RT #229]
Revision 1.11 / (download) - annotate - [select for diffs], Wed Aug 23 06:50:45 2000 UTC (22 years, 5 months ago) by rh
Branch: MAIN
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Fix PLIST to include bin/nslookup -- thanks to hubert's new leftover list
for finding this.
Update bind to 9.0.0rc4. Changes and fixes are:
* "host" did not use the search list.
* Treat undefined acls as errors, rather than
warning and then later throwing an assertion.
* SIG(0) signing and verifying was done incorrectly.
* When reloading the server with a config file
containing a syntax error, it could catch an
assertion failure trying to perform zone
maintenance on, or sending notifies from,
tentatively created zones whose views were
never fully configured and lacked an address
database and request manager.
* "dig" sometimes caught an assertion failure when
using TSIG, depending on the key length.
* Many debugging messages were partially formatted
even when debugging was turned off, causing a
significant decrease in query performance.
* There is now a man page for "nsupdate"
* nslookup printed incorrect RR type mnemonics
for RRs of type >= 21
* Attempting to send a reqeust over IPv6 using
dns_request_create() on a system without IPv6
support caused an assertion failure [RT #235].
* Missing strdup() of ACL name caused random
ACL matching failures [RT #228].
* nsupdate was incorrectly limiting TTLs to 65535 instead
of 2147483647.
* When writing a master file, print the SOA and NS
records (and their SIGs) before other records.
* named -u failed on many Linux systems where the
libc provided kernel headers do not match
the current kernel.
* nsupdate didn't work with IPv6.
Revision 1.10 / (download) - annotate - [select for diffs], Thu Aug 10 12:51:48 2000 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.9: +5 -2
lines
Diff to previous 1.9 (colored)
upgrade to 9.0.0rc2. add patch to help 2292bis environment (= latest KAME, Solaris8). --- rc1 -> rc2 --- 9.0.0rc2 released --- 377. [bug] When additional data lookups were refused due to "allow-query", the databases were still being attached causing reference leaks. 376. [bug] The server should always use good entropy when performing cryptographic functions needing entropy. 375. [bug] Per-zone allow-query did not properly override the view/global one for CNAME targets and additional data [RT #220]. 374. [bug] SOA in authoritative negative responses had wrong TTL. 373. [func] nslookup is now installed by "make install". 372. [bug] Deal with Microsoft DNS servers appending two bytes of garbage to zone transfer requests. 371. [bug] At high debug levels, doing an outgoing zone transfer of a very large RRset could cause an assertion failure during logging. 370. [bug] The error messages for rollforward failures were overly terse. 367. [bug] Allow proper selection of server on nslookup command line. 365. [bug] nsupdate -k leaked memory. 362. [bug] rndc no longer aborts if the configuration file is missing an options statement. [RT #209] 359. [bug] dnssec-signzone occasionally signed glue records. 357. [bug] The zone file parser crashed if the argument to $INCLUDE was a quoted string. 354. [doc] Man pages for the dnssec tools are now included in the distribution, in doc/man/dnssec. 353. [bug] double increment in lwres/gethost.c:copytobuf(). (RT# 187) 352. [bug] Race condition in dns_client_t startup could cause an assertion failure. 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG signed query could crash the server. 350. [bug] Also-notify lists specified in the global options block were not correctly reference counted, causing a memory leak. 349. [bug] Processing a query with the CD bit set now works as expected. 344. [bug] When shutting down, lwresd sometimes tried to shut down its client tasks twice, triggering an assertion. 343. [bug] Although zone maintenance SOA queries and notify requests were signed with TSIG keys when configured for the server in case, the TSIG was not verified on the response. 342. [bug] The wrong name was being passed to dns_name_dup() when generating a TSIG key using TKEY. 340. [bug] The top-level COPYRIGHT file was missing from the distribution. 339. [bug] DNSSEC validation of the response to an ANY query at a name with a CNAME RR in a secure zone triggered an assertion failure. 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type on the command line. 336. [bug] "dig -f" used 64 k of memory for each line in the file. It now uses much less, though still proportionally to the file size. 335. [bug] named would occasionally attempt recursion when it was disallowed or undesired. 333. [bug] The resolver incorrectly accepted referrals to domains that were not parents of the query name, causing assertion failures. 331. [bug] Only log "recursion denied" if RD is set. (RT #178)
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jul 26 08:46:23 2000 UTC (22 years, 6 months ago) by rh
Branch: MAIN
Changes since 1.8: +7 -8
lines
Diff to previous 1.8 (colored)
Update bind9 to 9.0.0rc1. This is the first release candidate for bind9.
Changes are too numerous to list here in detail, but highlights are:
The communication between "rndc" and "named" is now
authenticated using digital signatures. Because of
this, rndc now requires a configuration file "rndc.conf"
containing a shared secret, with a corresponding
"controls" clause in named.conf.
When the server is chrooted using the -t option,
it no longer needs copies of the passwd and group
files in the chroot environment.
Various bug fixes and cleanups, especially
in the dig, host, nslookup, and nsupdate
programs.
There are a few known bugs:
The option "query-source * port 53;" will not work as
expected. Instead of the wildcard address "*", you need
to use an explicit source IP address.
On some systems, IPv6 and IPv4 sockets interact in
unexpected ways. For details, see doc/misc/ipv6.
To reduce the impact of these problems, the server
no longer listens for requests on IPv6 addresses
by default. If you need to accept DNS queries over
IPv6, you must specify "listen-on-v6 { any; };"
in the named.conf options statement.
There are known problems with thread signal handling
under Solaris 2.6.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Jun 19 13:54:08 2000 UTC (22 years, 7 months ago) by hubertf
Branch: MAIN
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored)
Updated bind to V9.0.0b4. Changes: This is still _not_ a release candidate for BIND 9.0.0; More configuration options can be specified separately for each view, including the "key" and "server" statements; Fixed: Numerous bugs have been fixed and the code has been cleaned up. Added: Stub zones have been implemented; Additional configuration options have been implemented, such as "max-cache-ttl" and "max-ncache-ttl".
Revision 1.7 / (download) - annotate - [select for diffs], Thu May 25 02:03:12 2000 UTC (22 years, 8 months ago) by hubertf
Branch: MAIN
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored)
Update to 9.0.0b3. Changes: The "dig" and "host" tools have been completely rewritten and are included in the base distribution. Fixed: Most bugs reported against beta 2. Added: The server now supports "views", a mechanism for answering DNS queries differently to different requestors. This will make split DNS setups much easier to build; NOTIFY (RFC1996) has been implemented; Basic support for validation of DNSSEC signatures has been implemented (for details, see "doc/misc/dnssec").
Revision 1.6 / (download) - annotate - [select for diffs], Fri Apr 28 06:43:00 2000 UTC (22 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.5: +5 -1
lines
Diff to previous 1.5 (colored)
BUILD_DEFS+=USE_INET6, just for ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/README-IPv6.html
Revision 1.5 / (download) - annotate - [select for diffs], Fri Mar 31 11:15:23 2000 UTC (22 years, 10 months ago) by hubertf
Branch: MAIN
Changes since 1.4: +7 -13
lines
Diff to previous 1.4 (colored)
Update to bind9.0.0 beta2. Changes: Many more config file options implemented (see doc/misc/options for a summary of the current implementation status), portability improvements, (works much better than beta 1 on FreeBSD 3.4), and bugfixes (almost all bugs reported against beta 1 have been fixed).
Revision 1.4 / (download) - annotate - [select for diffs], Tue Feb 29 01:28:44 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
lwresd is also a script... use INSTALL_SCRIPT
Revision 1.3 / (download) - annotate - [select for diffs], Mon Feb 28 01:05:47 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
CVS Tags: netbsd-1-4-PATCH002
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
the rndc we install is a script - use INSTALL_SCRIPT
Revision 1.2 / (download) - annotate - [select for diffs], Tue Feb 22 21:54:11 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.1: +4 -1
lines
Diff to previous 1.1 (colored)
Add ONLY_FOR_PLATFORM, pointed out by Bernd.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Feb 22 03:50:57 2000 UTC (22 years, 11 months ago) by hubertf
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
BIND 9.0.0b1 is the first public release of BIND 9 code. It will be most useful to advanced users working with IPv6 or DNSSEC. BIND 9.0.0b1 is not functionally complete, and is not a release candidate for BIND 9.0.0. The ISC anticipates a number of additional beta releases between now and May, when BIND 9.0.0 is scheduled to be released. The ISC does not recommend using BIND 9.0.0b1 for "production" services.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 22 03:50:57 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
Initial revision