The NetBSD Project

CVS log for pkgsrc/net/bind96/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / bind96

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.48, Thu Feb 19 14:50:31 2015 UTC (7 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.47: +1 -1 lines
FILE REMOVED

Remove bind96 which was EOL Feb, 2014.

Revision 1.47 / (download) - annotate - [select for diffs], Thu May 29 23:37:02 2014 UTC (8 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)

Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.

Revision 1.46 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:18 2014 UTC (8 years, 11 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.45: +2 -1 lines
Diff to previous 1.45 (colored)

Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.45 / (download) - annotate - [select for diffs], Sun Feb 2 07:55:46 2014 UTC (9 years ago) by taca
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)

Update bind96 to 9.6.3.1.ESV.11 (BIND 9.6-ESV-R11).

Security fixes were already covered by 9.6.3.1.ESV.10pl2 and this is
the final release of 9.6.ESV.

Several bug fixes and clean up, please refer CHANGES file in detail.

Revision 1.43.2.1 / (download) - annotate - [select for diffs], Tue Jan 14 09:30:30 2014 UTC (9 years ago) by tron
Branch: pkgsrc-2013Q4
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored) next main 1.44 (colored)

Pullup ticket #4294 - requested by taca
net/bind96: security update

Revisions pulled up:
- net/bind96/Makefile                                           1.44
- net/bind96/distinfo                                           1.25
- net/bind96/patches/patch-ad                                   1.8

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 13 17:27:09 UTC 2014

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo
   	pkgsrc/net/bind96/patches: patch-ad

   Log Message:
   Update bind96 to bind-9.6.3.1.ESV.10pl2 (BIND 9.6-ESV-R10-P2), security
   fix for CVE-2014-0591.

   	--- 9.6-ESV-R10-P2 released ---

   3693.	[security]	memcpy was incorrectly called with overlapping
   			ranges resulting in malformed names being generated
   			on some platforms.  This could cause INSIST failures
   			when serving NSEC3 signed zones.  [RT #35120]

   3658.	[port]		linux: Address platform specific compilation issue
   			when libcap-devel is installed. [RT #34838]

Revision 1.44 / (download) - annotate - [select for diffs], Mon Jan 13 17:27:09 2014 UTC (9 years ago) by taca
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)

Update bind96 to bind-9.6.3.1.ESV.10pl2 (BIND 9.6-ESV-R10-P2), security
fix for CVE-2014-0591.

	--- 9.6-ESV-R10-P2 released ---

3693.	[security]	memcpy was incorrectly called with overlapping
			ranges resulting in malformed names being generated
			on some platforms.  This could cause INSIST failures
			when serving NSEC3 signed zones.  [RT #35120]

3658.	[port]		linux: Address platform specific compilation issue
			when libcap-devel is installed. [RT #34838]

Revision 1.43 / (download) - annotate - [select for diffs], Thu Nov 7 04:20:33 2013 UTC (9 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)

Update bind96 to 9.6.3.1.ESV.10pl1 (BIND 9.6-ESV-R10-P1).

Security Fixes

   Treat an all zero netmask as invalid when generating the localnets
   acl. A Winsock library call on some Windows systems can return
   an incorrect value for an interface's netmask, potentially causing
   unexpected matches to BIND's built-in "localnets" Access Control
   List. (CVE-2013-6230) [RT #34687]

Revision 1.42 / (download) - annotate - [select for diffs], Sat Sep 21 15:57:50 2013 UTC (9 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.41: +2 -3 lines
Diff to previous 1.41 (colored)

Update bind96 to bind-9.6.3.1.ESV.10 (BIND 9.6-ESV-R10).
(CVE-2013-3919 is already fixed in pkgsrc).

Security Fixes

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

Feature Changes

   rndc status now also shows the build-id. [RT #20422]

   Improved OPT pseudo-record processing to make it easier to support
   new EDNS options. [RT #34414]

   "configure" now finishes by printing a summary of optional BIND
   features and whether they are active or inactive. ("configure
   --enable-full-report" increases the verbosity of the summary.)
   [RT #31777]

   Addressed compatibility issues with newer versions of Microsoft
   Visual Studio. [RT #33916]

   Improved the 'rndc' man page. [RT #33506]

   'named -g' now no longer works with an invalid logging configuration.
   [RT #33473]

   The default (and minimum) value for tcp-listen-queue is now 10
   instead of 3.  This is a subtle control setting (not applicable
   to all OS environments).  When there is a high rate of inbound
   TCP connections, it controls how many connections can be queued
   before they are accepted by named.  Once this limit is exceeded,
   new TCP connections will be rejected.  Note however that a value
   of 10 does not imply a strict limit of 10 queued TCP connections
   - the impact of changing this configuration setting will be
   OS-dependent.  Larger values for tcp-listen queue will permit
   more pending tcp connections, which may be needed where there
   is a high rate of TCP-based traffic (for example in a dynamic
   environment where there are frequent zone updates and transfers).
   For most production servers the new default value of 10 should
   be adequate.  [RT #33029]

Bug Fixes

   Fixed the "allow-query-on" option to correctly check the destination
   address. [RT #34590]

   Fix forwarding for forward only "zones" beneath automatic empty
   zones. [RT #34583]

   Remove bogus warning log message about missing signatures when
   receiving a query for a SIG record. [RT #34600]

   Improved resistance to a theoretical authentication attack based
   on differential timing.  [RT #33939]

   The build of BIND now installs isc/stat.h so that it's available
   to /isc/file.h when building other applications that reference
   these header files - for example dnsperf (see Debian bug ticket
   #692467).  [RT #33056]

   Better handle failures building XML for stats channel responses.
   [RT #33706]

   Fixed a memory leak in GSS-API processing. [RT #33574]

   Fixed an acache-related race condition that could cause a crash.
   [RT #33602]

   rndc now properly fails when given an invalid '-c' argument. [RT
   #33571]

   Fixed an issue with the handling of zero TTL records that could
   cause improper SERVFAILs. [RT #33411]

   Fixed a crash-on-shutdown race condition with DNSSEC validation.
   [RT #33573]

Revision 1.41 / (download) - annotate - [select for diffs], Fri Jul 12 10:44:58 2013 UTC (9 years, 6 months ago) by jperkin
Branch: MAIN
Changes since 1.40: +2 -1 lines
Diff to previous 1.40 (colored)

Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.

Revision 1.40 / (download) - annotate - [select for diffs], Thu Jun 6 02:57:58 2013 UTC (9 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.39: +2 -3 lines
Diff to previous 1.39 (colored)

Update bind96 to 9.6.3.1.ESV.9pl1 (BIND 9.6-ESV-R9-P1).
Please refer CHANGES file for complete changes and here is quote from
release announce.

Introduction

   BIND 9.6-ESV-R9-P1 is the latest production release of BIND 9.6-ESV.


Security Fixes

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

   Prevents a named assert (crash) when validating caused by using
   "Bad cache" data before it has been initialized. [CVE-2012-3817]
   [RT #30025]

   A condition has been corrected where improper handling of
   zero-length RDATA could cause undesirable behavior, including
   termination of the named process. [CVE-2012-1667] [RT #29644]

New Features

   Adds a new configuration option, "check-spf"; valid values are
   "warn" (default) and "ignore".  When set to "warn", checks SPF
   and TXT records in spf format, warning if either resource record
   type occurs without a corresponding record of the other resource
   record type.  [RT #33355]

   Adds support for Uniform Resource Identifier (URI) resource
   records. [RT #23386]

   Adds support for Host Identity Protocol (HIP) resource records
   [RT #19384]

   Adds support for the EUI48 and EUI64 RR types. [RT #33082]

   Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
   and L64). [RT #31836]

   The contributed queryperf utility has been improved, now retaining
   better round trip time statistics. [RT #30128]

Revision 1.39 / (download) - annotate - [select for diffs], Fri May 31 12:41:31 2013 UTC (9 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)

Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.

Revision 1.38 / (download) - annotate - [select for diffs], Sat Apr 6 03:45:20 2013 UTC (9 years, 10 months ago) by rodent
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)

Fixes:

 COMMENT should not be longer than 70 characters.
 COMMENT should not begin with 'A'.
 COMMENT should not begin with 'An'.
 COMMENT should not begin with 'a'.
 COMMENT should not end with a period.
 COMMENT should start with a capital letter.

pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.

Revision 1.37 / (download) - annotate - [select for diffs], Sat Mar 2 20:33:29 2013 UTC (9 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)

Bump PKGREVISION for mysql default change to 55.

Revision 1.36 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:10 2013 UTC (10 years ago) by jperkin
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)

PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.35 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:27 2012 UTC (10 years, 1 month ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)

recursive bump from cyrus-sasl libsasl2 shlib major bump.

Revision 1.34 / (download) - annotate - [select for diffs], Tue Oct 23 17:18:11 2012 UTC (10 years, 3 months ago) by asau
Branch: MAIN
Changes since 1.33: +1 -3 lines
Diff to previous 1.33 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.33 / (download) - annotate - [select for diffs], Sun Oct 21 15:49:06 2012 UTC (10 years, 3 months ago) by cheusov
Branch: MAIN
Changes since 1.32: +3 -2 lines
Diff to previous 1.32 (colored)


Add CONFLICTS between net/bind and net/host.
net/bind9*: remove "bind<x.y.z" entries from CONFLICTS. It is useless
   because package's PKGBASE is "bind".

Revision 1.30.2.1 / (download) - annotate - [select for diffs], Wed Oct 10 12:33:06 2012 UTC (10 years, 4 months ago) by tron
Branch: pkgsrc-2012Q3
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored) next main 1.31 (colored)

Pullup ticket #3941 - requested by taca
net/bind96: security update

Revisions pulled up:
- net/bind96/Makefile                                           1.31-1.32
- net/bind96/distinfo                                           1.21

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct  3 21:59:10 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile

   Log Message:
   Bump all packages that use perl, or depend on a p5-* package, or
   are called p5-*.

   I hope that's all of them.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Oct 10 03:04:57 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update bind96 to 9.6.3.1.ESV.7pl4 (BIND 9.6-ESV-R7-P4).

   Here are change changes from release note.  Note security fixes except
   CVE-2012-5166 should be already fixed in previous version of bind96 package.

   Please refer https://kb.isc.org/article/AA-00795 for list of full bug fixes.

   Security Fixes

   * A deliberately constructed combination of records could cause named to hang
     while populating the additional section of a response. [CVE-2012-5166] [RT
     #31090]
   * Prevents a named assert (crash) when queried for a record whose RDATA
     exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
   * Prevents a named assert (crash) when validating caused by using "Bad cache"
     data before it has been initialized. [CVE-2012-3817] [RT #30025]
   * A condition has been corrected where improper handling of zero-length RDATA
     could cause undesirable behavior, including termination of the named
     process. [CVE-2012-1667] [RT #29644]

   New Features

     None

   Feature Changes

   * Improves OpenSSL error logging [RT #29932]
   * nslookup now returns a nonzero exit code when it is unable to get an answer.
     [RT #29492]

Revision 1.32 / (download) - annotate - [select for diffs], Wed Oct 10 03:04:57 2012 UTC (10 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.31: +2 -3 lines
Diff to previous 1.31 (colored)

Update bind96 to 9.6.3.1.ESV.7pl4 (BIND 9.6-ESV-R7-P4).

Here are change changes from release note.  Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind96 package.

Please refer https://kb.isc.org/article/AA-00795 for list of full bug fixes.


Security Fixes

* A deliberately constructed combination of records could cause named to hang
  while populating the additional section of a response. [CVE-2012-5166] [RT
  #31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
  exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
  data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
  could cause undesirable behavior, including termination of the named
  process. [CVE-2012-1667] [RT #29644]


New Features

  None


Feature Changes

* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
  [RT #29492]

Revision 1.31 / (download) - annotate - [select for diffs], Wed Oct 3 21:56:52 2012 UTC (10 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)

Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.

Revision 1.27.2.2 / (download) - annotate - [select for diffs], Thu Sep 13 07:48:01 2012 UTC (10 years, 4 months ago) by sbd
Branch: pkgsrc-2012Q2
Changes since 1.27.2.1: +4 -4 lines
Diff to previous 1.27.2.1 (colored) to branchpoint 1.27 (colored) next main 1.28 (colored)

Pullup ticket #3919 - requested by taca
net/bind?? CVE-2012-4244 security fix

Revisions pulled up:
- net/bind96/DESCR                                              1.2
- net/bind96/Makefile                                           1.29-1.30
- net/bind96/distinfo                                           1.20
- net/bind97/DESCR                                              1.2
- net/bind97/Makefile                                           1.18-1.19
- net/bind97/distinfo                                           1.16
- net/bind98/DESCR                                              1.2
- net/bind98/Makefile                                           1.15-1.16
- net/bind98/distinfo                                           1.14
- net/bind99/DESCR                                              1.2
- net/bind99/Makefile                                           1.10-1.11
- net/bind99/distinfo                                           1.8

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Aug 26 14:23:49 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: DESCR Makefile
   	pkgsrc/net/bind97: DESCR Makefile
   	pkgsrc/net/bind98: DESCR Makefile
   	pkgsrc/net/bind99: DESCR Makefile

   Log Message:
   Make it clearer which package contains exactly which bind version.
   Patch from Bug Hunting.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:32:55 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3).

   	--- 9.6-ESV-R7-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

   3358	[bug]		Fix declaration of fatal in bin/named/server.c
   			and bin/nsupdate/main.c. [RT #30522]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:33:40 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 to bind-9.7.6pl3.

   	--- 9.7.6-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:35:18 UTC 2012

   Modified Files:
   	pkgsrc/net/bind98: Makefile distinfo

   Log Message:
   Update bind98 to 9.8.3pl3 (BIND 9.8.3-P3).

   	--- 9.8.3-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:35:56 UTC 2012

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log Message:
   Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3).

   	--- 9.9.1-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

Revision 1.30 / (download) - annotate - [select for diffs], Thu Sep 13 01:32:54 2012 UTC (10 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base
Branch point for: pkgsrc-2012Q3
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)

Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3).


	--- 9.6-ESV-R7-P3 released ---

3364.	[security]	Named could die on specially crafted record.
			[RT #30416]

3358	[bug]		Fix declaration of fatal in bin/named/server.c
			and bin/nsupdate/main.c. [RT #30522]

Revision 1.29 / (download) - annotate - [select for diffs], Sun Aug 26 14:23:49 2012 UTC (10 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)

Make it clearer which package contains exactly which bind version.
Patch from Bug Hunting.

Revision 1.27.2.1 / (download) - annotate - [select for diffs], Wed Jul 25 10:30:38 2012 UTC (10 years, 6 months ago) by sbd
Branch: pkgsrc-2012Q2
Changes since 1.27: +2 -3 lines
Diff to previous 1.27 (colored)

Pullup ticket #3873 - requested by spz
net/bind96 security update

Revisions pulled up:
- net/bind96/Makefile                                           1.28
- net/bind96/distinfo                                           1.19

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Tue Jul 24 21:14:20 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   patch version fixing CVE-2012-3817:

              --- 9.6-ESV-R7-P2 released ---

      3346.   [security]      Bad-cache data could be used before it was
                              initialized, causing an assert. [RT #30025]

      3343.   [bug]           Relax isc_random_jitter() REQUIRE tests. [RT #29821]

      3342.   [bug]           Change #3314 broke saving of stub zones to disk
                              resulting in excessive cpu usage in some cases.
                              [RT #29952]

Revision 1.28 / (download) - annotate - [select for diffs], Tue Jul 24 21:14:19 2012 UTC (10 years, 6 months ago) by spz
Branch: MAIN
Changes since 1.27: +2 -3 lines
Diff to previous 1.27 (colored)

patch version fixing CVE-2012-3817:

           --- 9.6-ESV-R7-P2 released ---

   3346.   [security]      Bad-cache data could be used before it was
                           initialized, causing an assert. [RT #30025]

   3343.   [bug]           Relax isc_random_jitter() REQUIRE tests. [RT #29821]

   3342.   [bug]           Change #3314 broke saving of stub zones to disk
                           resulting in excessive cpu usage in some cases.
                           [RT #29952]

Revision 1.27 / (download) - annotate - [select for diffs], Thu Jun 14 07:45:34 2012 UTC (10 years, 7 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)

Recursive PKGREVISION bump for libxml2 buildlink addition.

Revision 1.23.2.3 / (download) - annotate - [select for diffs], Tue Jun 5 08:27:13 2012 UTC (10 years, 8 months ago) by sbd
Branch: pkgsrc-2012Q1
Changes since 1.23.2.2: +2 -2 lines
Diff to previous 1.23.2.2 (colored) to branchpoint 1.23 (colored) next main 1.24 (colored)

Pullup ticket #3820 - requested by taca
net/bind96 security update

Revisions pulled up:
- net/bind96/Makefile                                           1.26
- net/bind96/distinfo                                           1.18

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jun  4 13:29:19 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update bind96 to 9.6.3.1.ESV.7pl1 (BIND 9.6-ESV-R7-P1).
   Security release for CVE-2012-1667.

   	--- 9.6-ESV-R7-P1 released ---

   3331.	[security]	dns_rdataslab_fromrdataset could produce bad
   			rdataslabs. [RT #29644]

Revision 1.26 / (download) - annotate - [select for diffs], Mon Jun 4 13:29:19 2012 UTC (10 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

Update bind96 to 9.6.3.1.ESV.7pl1 (BIND 9.6-ESV-R7-P1).
Security release for CVE-2012-1667.

	--- 9.6-ESV-R7-P1 released ---

3331.	[security]	dns_rdataslab_fromrdataset could produce bad
			rdataslabs. [RT #29644]

Revision 1.23.2.2 / (download) - annotate - [select for diffs], Tue May 22 11:57:58 2012 UTC (10 years, 8 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.23.2.1: +1 -2 lines
Diff to previous 1.23.2.1 (colored) to branchpoint 1.23 (colored)

Pullup ticket #3800 - requested by taca
net/bind96: security update

Revisions pulled up:
- net/bind96/Makefile                                           1.25
- net/bind96/distinfo                                           1.17
- net/bind96/patches/patch-lib_dns_resolver.c                   deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May 22 03:34:32 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo
   Removed Files:
   	pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c

   Log Message:
   Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7).

   New Features

   *  None

   Feature Changes

   *  BIND now recognizes the TLSA resource record type, created to
      support IETF DANE (DNS-based Authentication of Named Entities)
      [RT #28989]

   Bug Fixes

   *  The locking strategy around the handling of iterative queries
      has been tuned to reduce unnecessary contention in a multi-threaded
      environment.  (Note that this may not provide a measurable
      improvement over previous versions of BIND, but it corrects the
      performance impact of change 3309 / RT #27995) [RT #29239]

   *  Addresses a race condition that can cause named to to crash when
      the masters list for a zone is updated via rndc reload/reconfig
      [RT #26732]

   *  Fixes a race condition in zone.c that can cause named to crash
      during the processing of rndc delzone [RT #29028]

   *  Prevents a named segfault from resolver.c due to procedure
      fctx_finddone() not being thread-safe.  [RT #27995]

   *  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
      an assertion when flushing cache data. [RT #28571]

   *  Resolves inconsistencies in locating DNSSEC keys where zone names
      contain characters that require special mappings [RT #28600]

   *  A new flag -R  has been added to queryperf for running tests
      using non-recursive queries.  It also now builds correctly on
      MacOS version 10.7 (darwin)  [RT #28565]

   *  Named no longer crashes if gssapi is enabled in named.conf but
      was not compiled into the binary [RT #28338]

   *  SDB now handles unexpected errors from back-end database drivers
      gracefully instead of exiting on an assert. [RT #28534]

Revision 1.25 / (download) - annotate - [select for diffs], Tue May 22 03:34:31 2012 UTC (10 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.24: +2 -3 lines
Diff to previous 1.24 (colored)

Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7).


New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

Bug Fixes

*  The locking strategy around the handling of iterative queries
   has been tuned to reduce unnecessary contention in a multi-threaded
   environment.  (Note that this may not provide a measurable
   improvement over previous versions of BIND, but it corrects the
   performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
   the masters list for a zone is updated via rndc reload/reconfig
   [RT #26732]

*  Fixes a race condition in zone.c that can cause named to crash
   during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
   fctx_finddone() not being thread-safe.  [RT #27995]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
   an assertion when flushing cache data. [RT #28571]

*  Resolves inconsistencies in locating DNSSEC keys where zone names
   contain characters that require special mappings [RT #28600]

*  A new flag -R  has been added to queryperf for running tests
   using non-recursive queries.  It also now builds correctly on
   MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
   was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
   gracefully instead of exiting on an assert. [RT #28534]

Revision 1.23.2.1 / (download) - annotate - [select for diffs], Thu May 3 19:15:50 2012 UTC (10 years, 9 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

Pullup ticket #3765 - requested by taca
net/bind96: security patch

Revisions pulled up:
- net/bind96/Makefile                                           1.24
- net/bind96/distinfo                                           1.16
- net/bind96/patches/patch-lib_dns_resolver.c                   1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May  1 02:49:27 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo
   Added Files:
   	pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c

   Log Message:
   Add fix to a race condition in the resolver code that can cause a recursive
   nameserver: <https://kb.isc.org/article/AA-00664>.

   Bump PKGREVISION.

Revision 1.24 / (download) - annotate - [select for diffs], Tue May 1 02:49:26 2012 UTC (10 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.

Revision 1.23 / (download) - annotate - [select for diffs], Thu Apr 5 00:41:10 2012 UTC (10 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base
Branch point for: pkgsrc-2012Q1
Changes since 1.22: +6 -6 lines
Diff to previous 1.22 (colored)

Update bind96 package to 9.6.3.1.ESV.6 (BIND 9.6-ESV-R6).


Security Fixes

  + BIND 9 nameservers performing recursive queries could cache an
    invalid record and subsequent queries for that record could
    crash the resolvers with an assertion failure. [RT #26590]
    [CVE-2011-4313]

Feature Changes

  + Improves initial start-up and server reload time by increasing
    the default size of the hash table the configuration parser
    uses to keep track of loaded zones and allowing it to grow
    dynamically to better handle systems with large numbers of
    zones.  [RT #26523]

  + --enable-developer, a new composite argument to the configure
    script, enables a set of build options normally disabled but
    frequently selected in test or development builds, specifically:
    enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
    enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
    Darwin, also enable_exportlib) [RT #27103]

Revision 1.22 / (download) - annotate - [select for diffs], Mon Mar 12 15:40:15 2012 UTC (10 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.21: +1 -2 lines
Diff to previous 1.21 (colored)

Don't install doc/arm HTML files twice.

Revision 1.20.2.1 / (download) - annotate - [select for diffs], Thu Nov 17 01:26:17 2011 UTC (11 years, 2 months ago) by sbd
Branch: pkgsrc-2011Q3
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored) next main 1.21 (colored)

Pullup ticket #3607 - requested by spz
net/bind96 security update

Revisions pulled up:
- net/bind96/Makefile                                           1.21
- net/bind96/distinfo                                           1.14

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Wed Nov 16 22:26:07 UTC 2011

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   BIND 9.6-ESV-R5-P1 is a security patch for BIND 9.6-ESV-R5.

   * BIND 9 nameservers performing recursive queries could cache an invalid
     record and subsequent queries for that record could crash the resolvers
     with an assertion failure. [RT #26590]

Revision 1.21 / (download) - annotate - [select for diffs], Wed Nov 16 22:26:07 2011 UTC (11 years, 2 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

BIND 9.6-ESV-R5-P1 is a security patch for BIND 9.6-ESV-R5.

* BIND 9 nameservers performing recursive queries could cache an invalid
  record and subsequent queries for that record could crash the resolvers
  with an assertion failure. [RT #26590]

Revision 1.19.2.1 / (download) - annotate - [select for diffs], Mon Aug 22 21:39:00 2011 UTC (11 years, 5 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)

Pullup ticket #3508 - requested by taca
net/bind96: security update

Revisions pulled up:
- net/bind96/Makefile                                           1.20
- net/bind96/PLIST                                              1.8
- net/bind96/distinfo                                           1.13

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Aug 10 15:24:51 UTC 2011

   Modified Files:
   	pkgsrc/net/bind96: Makefile PLIST distinfo

   Log Message:
   Update bind96 pacakge to 9.6.3.1.ESV.5 (9.6-ESV-R5).

   For full changes, please refer:
   ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html

   New Features

   9.6-ESV-R5

        * Added a tool able to generate malformed packets to allow testing of
          how named handles them. [RT #24096]

   Security Fixes

   9.6-ESV-R5

        * named, set up to be a caching resolver, is vulnerable to a user
          querying a domain with very large resource record sets (RRSets)
          when trying to negatively cache the response. Due to an off-by-one
          error, caching the response could cause named to crash. [RT #24650]
          [CVE-2011-1910]
        * Change #2912 populated the message section in replies to UPDATE
          requests, which some Windows clients wanted. This exposed a latent
          bug that allowed the response message to crash named. With this
          fix, change 2912 has been reduced to copy only the zone section to
          the reply. A more complete fix for the latent bug will be released
          later. [RT #24777]

   Feature Changes

   9.6-ESV-R5

        * Merged in the NetBSD ATF test framework (currently version 0.12)
          for development of future unit tests. Use configure --with-atf to
          build ATF internally or configure --with-atf=prefix to use an
          external copy. [RT #23209]
        * Added more verbose error reporting from DLZ LDAP. [RT #23402]
        * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Revision 1.20 / (download) - annotate - [select for diffs], Wed Aug 10 15:24:51 2011 UTC (11 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base
Branch point for: pkgsrc-2011Q3
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

Update bind96 pacakge to 9.6.3.1.ESV.5 (9.6-ESV-R5).

For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html


New Features

9.6-ESV-R5

     * Added a tool able to generate malformed packets to allow testing of
       how named handles them. [RT #24096]

Security Fixes

9.6-ESV-R5

     * named, set up to be a caching resolver, is vulnerable to a user
       querying a domain with very large resource record sets (RRSets)
       when trying to negatively cache the response. Due to an off-by-one
       error, caching the response could cause named to crash. [RT #24650]
       [CVE-2011-1910]
     * Change #2912 populated the message section in replies to UPDATE
       requests, which some Windows clients wanted. This exposed a latent
       bug that allowed the response message to crash named. With this
       fix, change 2912 has been reduced to copy only the zone section to
       the reply. A more complete fix for the latent bug will be released
       later. [RT #24777]

Feature Changes

9.6-ESV-R5

     * Merged in the NetBSD ATF test framework (currently version 0.12)
       for development of future unit tests. Use configure --with-atf to
       build ATF internally or configure --with-atf=prefix to use an
       external copy. [RT #23209]
     * Added more verbose error reporting from DLZ LDAP. [RT #23402]
     * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Revision 1.18.2.1 / (download) - annotate - [select for diffs], Wed Jul 6 03:01:56 2011 UTC (11 years, 7 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored) next main 1.19 (colored)

Pullup ticket #3463 - requested by taca
security update for net/bind96

Revisions pulled up:
- net/bind96/Makefile                                           1.19
- net/bind96/distinfo                                           1.12

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul  5 14:28:06 UTC 2011

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release.

   The package name was selected as:

   - Make sure to greater version from bind-9.6.3.
   - Include "ESV" (Extended Support Version) string.

   Since changes from BIND 9.6.3 are too may, please refer changes in detail:

   ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
   ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
   ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html

Revision 1.19 / (download) - annotate - [select for diffs], Tue Jul 5 14:28:06 2011 UTC (11 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)

Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release.

The package name was selected as:

- Make sure to greater version from bind-9.6.3.
- Include "ESV" (Extended Support Version) string.

Since changes from BIND 9.6.3 are too may, please refer changes in detail:

ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html

Revision 1.17.2.1 / (download) - annotate - [select for diffs], Wed Feb 16 03:00:25 2011 UTC (11 years, 11 months ago) by sbd
Branch: pkgsrc-2010Q4
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored) next main 1.18 (colored)

Pullup ticket #3355 - requested by taca

Revisions pulled up:
- pkgsrc/net/bind96/Makefile		1.18
- pkgsrc/net/bind96/PLIST		1.7
- pkgsrc/net/bind96/distinfo		1.11
- pkgsrc/net/bind96/patches/patch-ad	1.5
- pkgsrc/net/bind96/patches/patch-am	1.3

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  9 16:24:14 UTC 2011

   Modified Files:
   	pkgsrc/net/bind96: Makefile PLIST distinfo
   	pkgsrc/net/bind96/patches: patch-ad patch-am

   Log Message:
   Update bind96 package to 9.6.3.

   9.6.3

        * BIND now builds with threads disabled in versions of NetBSD earlier
          than 5.0 and with pthreads enabled by default in NetBSD versions
          5.0 and higher. Also removes support for unproven-pthreads,
          mit-pthreads and ptl2. [RT #19203]
        * HPUX now correctly defaults to using /dev/poll, which should
          increase performance. [RT #21919]
        * If named is running as a threaded application, after an "rndc stop"
          command has been issued, other inbound TCP requests can cause named
          to hang and never complete shutdown. [RT #22108]
        * When performing a GSS-TSIG signed dynamic zone update, memory could
          be leaked. This causes an unclean shutdown and may affect
          long-running servers. [RT #22573]
        * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
          allows for a TCP DoS attack. Until there is a kernel fix, ISC is
          disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
        * Corrected a defect where a combination of dynamic updates and zone
          transfers incorrectly locked the in-memory zone database, causing
          named to freeze. [RT #22614]
        * Don't run MX checks (check-mx) when the MX record points to ".".
          [RT #22645]
        * DST key reference counts can now be incremented via dst_key_attach.
          [RT #22672]
        * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
          attr. [RT #22766]
        * The Kerberos realm was being truncated when being pulled from the
          the host prinicipal, make krb5-self updates fail. [RT #22770]
        * named failed to preserve the case of domain names in RDATA which is
          not compressible when writing master files. [RT #22863]
        * There was a bug in how the clients-per-query code worked with some
          query patterns. This could result, in rare circumstances, in having
          all the client query slots filled with queries for the same DNS
          label, essentially ignoring the max-clients-per-query setting. [RT
          #22972]

Revision 1.18 / (download) - annotate - [select for diffs], Wed Feb 9 16:24:14 2011 UTC (12 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)

Update bind96 package to 9.6.3.

9.6.3

     * BIND now builds with threads disabled in versions of NetBSD earlier
       than 5.0 and with pthreads enabled by default in NetBSD versions
       5.0 and higher. Also removes support for unproven-pthreads,
       mit-pthreads and ptl2. [RT #19203]
     * HPUX now correctly defaults to using /dev/poll, which should
       increase performance. [RT #21919]
     * If named is running as a threaded application, after an "rndc stop"
       command has been issued, other inbound TCP requests can cause named
       to hang and never complete shutdown. [RT #22108]
     * When performing a GSS-TSIG signed dynamic zone update, memory could
       be leaked. This causes an unclean shutdown and may affect
       long-running servers. [RT #22573]
     * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
       allows for a TCP DoS attack. Until there is a kernel fix, ISC is
       disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
     * Corrected a defect where a combination of dynamic updates and zone
       transfers incorrectly locked the in-memory zone database, causing
       named to freeze. [RT #22614]
     * Don't run MX checks (check-mx) when the MX record points to ".".
       [RT #22645]
     * DST key reference counts can now be incremented via dst_key_attach.
       [RT #22672]
     * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
       attr. [RT #22766]
     * The Kerberos realm was being truncated when being pulled from the
       the host prinicipal, make krb5-self updates fail. [RT #22770]
     * named failed to preserve the case of domain names in RDATA which is
       not compressible when writing master files. [RT #22863]
     * There was a bug in how the clients-per-query code worked with some
       query patterns. This could result, in rare circumstances, in having
       all the client query slots filled with queries for the same DNS
       label, essentially ignoring the max-clients-per-query setting. [RT
       #22972]

Revision 1.16.4.1 / (download) - annotate - [select for diffs], Thu Dec 2 04:11:42 2010 UTC (12 years, 2 months ago) by sbd
Branch: pkgsrc-2010Q3
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)

Pullup ticket #3291 - requested by taca
net/bind96 security update

Revisions pulled up:
- pkgsrc/net/bind96/Makefile	1.17
- pkgsrc/net/bind96/distinfo	1.10

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Dec  2 00:32:34 UTC 2010

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update bind96 package to bind-9.6.2pl3 (9.6.2-P3).

   http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

   CVE: CVE-2010-3613
   CERT: VU#706148
   BIND: cache incorrectly allows a ncache entry and a rrsig for the same type

   CVE: CVE-2010-3614
   CERT: VU#837744
   BIND: Key algorithm rollover bug in bind9


   To generate a diff of this commit:
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/net/bind96/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind96/distinfo

Revision 1.17 / (download) - annotate - [select for diffs], Thu Dec 2 00:32:34 2010 UTC (12 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Update bind96 package to bind-9.6.2pl3 (9.6.2-P3).

http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

CVE: CVE-2010-3613
CERT: VU#706148
BIND: cache incorrectly allows a ncache entry and a rrsig for the same type

CVE: CVE-2010-3614
CERT: VU#837744
BIND: Key algorithm rollover bug in bind9

Revision 1.16 / (download) - annotate - [select for diffs], Wed May 26 15:57:37 2010 UTC (12 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Branch point for: pkgsrc-2010Q3
Changes since 1.15: +8 -3 lines
Diff to previous 1.15 (colored)

Update net/bind96 package to 9.6.2pl2 (9.6.2-P2).


	--- 9.6.2-P2 released ---

2876.	[bug]		Named could return SERVFAIL for negative responses
			from unsigned zones. [RT #21131]

	--- 9.6.2-P1 released ---

2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]

Revision 1.14.2.1 / (download) - annotate - [select for diffs], Fri Apr 23 09:09:58 2010 UTC (12 years, 9 months ago) by tron
Branch: pkgsrc-2010Q1
Changes since 1.14: +5 -1 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)

Pullup ticket #3091 - requested by gls
net/bind96: portability fix

Revisions pulled up:
- net/bind96/Makefile			1.15
---
Module Name:	pkgsrc
Committed By:	gls
Date:		Thu Apr 22 20:22:26 UTC 2010

Modified Files:
	pkgsrc/net/bind96: Makefile

Log Message:
Disable kqueue on Dragonfly to make bind96 work.
As reported by Justin Sherrill in PR pkg/43195.

Bump PKGREVISION.

Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 22 20:22:26 2010 UTC (12 years, 9 months ago) by gls
Branch: MAIN
Changes since 1.14: +5 -1 lines
Diff to previous 1.14 (colored)

Disable kqueue on Dragonfly to make bind96 work.
As reported by Justin Sherrill in PR pkg/43195.

Bump PKGREVISION.

Revision 1.12.2.1 / (download) - annotate - [select for diffs], Thu Jan 21 12:49:23 2010 UTC (13 years ago) by spz
Branch: pkgsrc-2009Q4
Changes since 1.12: +3 -4 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)

Pullup ticket 2961 - requested by taca
security update

Revisions pulled up:
- pkgsrc/net/bind96/Makefile		1.14
- pkgsrc/net/bind96/PLIST		1.5
- pkgsrc/net/bind96/distinfo		1.8

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Jan 20 01:01:15 UTC 2010

   Modified Files:
           pkgsrc/net/bind96: Makefile PLIST distinfo

   Log Message:
   Update net/bind96 to 9.6.1pl3 (9.6.1-P3).

           --- 9.6.1-P3 released ---

   2831.   [security]      Do not attempt to validate or cache
                           out-of-bailiwick data returned with a secure
                           answer; it must be re-fetched from its original
                           source and validated in that context. [RT #20819]

   2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                           without DNSSEC validation. [RT #20737]

   2827.   [security]      Bogus NXDOMAIN could be cached as if valid.
                           [RT #20712]


   To generate a diff of this commit:
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/bind96/Makefile
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/PLIST
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind96/distinfo

Revision 1.14 / (download) - annotate - [select for diffs], Wed Jan 20 01:01:15 2010 UTC (13 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base
Branch point for: pkgsrc-2010Q1
Changes since 1.13: +3 -4 lines
Diff to previous 1.13 (colored)

Update net/bind96 to 9.6.1pl3 (9.6.1-P3).

	--- 9.6.1-P3 released ---

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]

Revision 1.13 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:30 2010 UTC (13 years ago) by wiz
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

Recursive PKGREVISION bump for jpeg update to 8.

Revision 1.12 / (download) - annotate - [select for diffs], Fri Dec 11 16:22:31 2009 UTC (13 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Modify named9.sh to create /dev/random in chrooted environment
as base system's /etc/rc.d/named.

Bump PKGREVISION.

Revision 1.10.2.1 / (download) - annotate - [select for diffs], Thu Nov 26 23:06:22 2009 UTC (13 years, 2 months ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.10: +3 -4 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)

Pullup ticket #2935 - requested by taca
bind96: security update

Revisions pulled up:
- net/bind96/Makefile			1.11
- net/bind96/distinfo			1.6
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Wed Nov 25 09:50:07 UTC 2009

Modified Files:
	pkgsrc/net/bind96: Makefile distinfo

Log Message:
Update BIND 9.6.1-P2.

	--- 9.6.1-P2 released ---

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]

Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 25 09:50:06 2009 UTC (13 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.10: +3 -4 lines
Diff to previous 1.10 (colored)

Update BIND 9.6.1-P2.

	--- 9.6.1-P2 released ---

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]

Revision 1.10 / (download) - annotate - [select for diffs], Mon Sep 28 22:52:47 2009 UTC (13 years, 4 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.9: +5 -2 lines
Diff to previous 1.9 (colored)

BIND on NetBSD/macppc (and likely other PowerPC) lock up after some time
if threads are enabled, so we disable threads until this is fixed.

Revision 1.9 / (download) - annotate - [select for diffs], Tue Sep 8 08:42:45 2009 UTC (13 years, 5 months ago) by tnn
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)

turn on inet6 by default if the platform supports it. Bump revision.

Revision 1.8 / (download) - annotate - [select for diffs], Sat Aug 15 01:30:57 2009 UTC (13 years, 5 months ago) by jklos
Branch: MAIN
Changes since 1.7: +4 -1 lines
Diff to previous 1.7 (colored)

Assembly language atomic operations don't work on NetBSD  mipsel, so
  disable them with CONFIGURE_ARGS.

Revision 1.3.4.1 / (download) - annotate - [select for diffs], Wed Jul 29 07:59:53 2009 UTC (13 years, 6 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.3: +5 -3 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Pullup ticket 2844 - requested by reed
security update
last part of pullups for PR 41796

Revisions pulled up:
- pkgsrc/net/bind96/Makefile			1.7
- pkgsrc/net/bind96/PLIST			1.3
- pkgsrc/net/bind96/distinfo			1.4
- pkgsrc/net/bind96/options.mk			1.2
- pkgsrc/net/bind96/patches/patch-ab		1.2
- pkgsrc/net/bind96/patches/patch-ac		1.3
- pkgsrc/net/bind96/patches/patch-ad		1.2
- pkgsrc/net/bind96/patches/patch-ag		1.2
- pkgsrc/net/bind96/patches/patch-aj		1.1

   Module Name:    pkgsrc
   Committed By:   obache
   Date:           Fri Jul 24 12:30:00 UTC 2009

   Modified Files:
           pkgsrc/net/bind9: Makefile
           pkgsrc/net/bind95: Makefile
           pkgsrc/net/bind96: Makefile

   Log Message:
   Update HOMEPAGE url.


   To generate a diff of this commit:
   cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/bind9/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/Makefile
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/Makefile


   Module Name:    pkgsrc
   Committed By:   obache
   Date:           Sun Jul 26 09:07:58 UTC 2009

   Modified Files:
           pkgsrc/net/bind96: Makefile PLIST distinfo options.mk
           pkgsrc/net/bind96/patches: patch-ab patch-ac patch-ad patch-ag
   Removed Files:
           pkgsrc/net/bind96/patches: patch-aj

   Log Message:
   Update bind96 to 9.6.1.
   Based on PR 41772 by Robert Elz.

   Pkgsrc changes:
    o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
    o remove patch-aj, libbind has been removed from the BIND 9 distribution
      since 9.6.0.
    o add bind-dig-sigchase option. requested by PR 41751.

   Changes since 9.6.0:

           --- 9.6.1 released ---

   2607.   [bug]           named could incorrectly delete NSEC3 records for
                           empty nodes when processing a update request.
                           [RT #19749]

   2606.   [bug]           "delegation-only" was not being accepted in
                           delegation-only type zones. [RT #19717]

   2605.   [bug]           Accept DS responses from delegation only zones.
                           [RT # 19296]

   2603.   [port]          win32: handle .exe extension of named-checkzone and
                           named-comilezone argv[0] names under windows.
                           [RT #19767]

   2602.   [port]          win32: fix debugging command line build of libisccfg.
                           [RT #19767]

           --- 9.6.1rc1 released ---

   2599.   [bug]           Address rapid memory growth when validation fails.
                           [RT #19654]

   2597.   [bug]           Handle a validation failure with a insecure delegation
                           from a NSEC3 signed master/slave zone.  [RT #19464]

   2596.   [bug]           Stale tree nodes of cache/dynamic rbtdb could stay
                           long, leading to inefficient memory usage or rejecting
                           newer cache entries in the worst case. [RT #19563]

   2595.   [bug]           Fix unknown extended rcodes in dig. [RT #19625]

   2592.   [bug]           Treat "any" as a type in nsupdate. [RT #19455]

   2591.   [bug]           named could die when processing a update in
                           removed_orphaned_ds(). [RT #19507]

   2588.   [bug]           SO_REUSEADDR could be set unconditionally after failure
                           of bind(2) call.  This should be rare and mostly
                           harmless, but may cause interference with other
                           processes that happen to use the same port. [RT #19642]

   2586.   [bug]           Missing cleanup of SIG rdataset in searching a DLZ DB
                           or SDB. [RT #19577]

   2585.   [bug]           Uninitialized socket name could be referenced via a
                           statistics channel, triggering an assertion failure in
                           XML rendering. [RT #19427]

   2584.   [bug]           alpha: gcc optimization could break atomic operations.
                           [RT #19227]

   2583.   [port]          netbsd: provide a control to not add the compile
                           date to the version string, -DNO_VERSION_DATE.

   2582.   [bug]           Don't emit warning log message when we attempt to
                           remove non-existant journal. [RT #19516]

   2579.   [bug]           DNSSEC lookaside validation failed to handle unknown
                           algorithms. [RT #19479]

   2578.   [bug]           Changed default sig-signing-type to 65534, because
                           65535 turns out to be reserved.  [RT #19477]

   2499.   [port]          solaris: lib/lwres/getaddrinfo.c namespace clash.
                           [RT #18837]

           --- 9.6.1b1 released ---

   2577.   [doc]           Clarified some statistics counters. [RT #19454]

   2576.   [bug]           NSEC record were not being correctly signed when
                           a zone transitions from insecure to secure.
                           Handle such incorrectly signed zones. [RT #19114]

   2574.   [doc]           Document nsupdate -g and -o. [RT #19351]

   2573.   [bug]           Replacing a non-CNAME record with a CNAME record in a
                           single transaction in a signed zone failed. [RT #19397]

   2568.   [bug]           Report when the write to indicate a otherwise
                           successful start fails. [RT #19360]

   2567.   [bug]           dst__privstruct_writefile() could miss write errors.
                           write_public_key() could miss write errors.
                           dnssec-dsfromkey could miss write errors.
                           [RT #19360]

   2564.   [bug]           Only take EDNS fallback steps when processing timeouts.
                           [RT #19405]

   2563.   [bug]           Dig could leak a socket causing it to wait forever
                           to exit. [RT #19359]

   2562.   [doc]           ARM: miscellaneous improvements, reorganization,
                           and some new content.

   2561.   [doc]           Add isc-config.sh(1) man page. [RT #16378]

   2560.   [bug]           Add #include <config.h> to iptable.c. [RT #18258]

   2559.   [bug]           dnssec-dsfromkey could compute bad DS records when
                           reading from a K* files.  [RT #19357]

   2557.   [cleanup]       PCI compliance:
                           * new libisc log module file
                           * isc_dir_chroot() now also changes the working
                             directory to "/".
                           * additional INSISTs
                           * additional logging when files can't be removed.

   2556.   [port]          Solaris: mkdir(2) on tmpfs filesystems does not do the
                           error checks in the correct order resulting in the
                           wrong error code sometimes being returned. [RT #19249]

   2554.   [bug]           Validation of uppercase queries from NSEC3 zones could
                           fail. [RT #19297]

   2553.   [bug]           Reference leak on DNSSEC validation errors. [RT #19291]

   2552.   [bug]           zero-no-soa-ttl-cache was not being honoured.
                           [RT #19340]

   2551.   [bug]           Potential Reference leak on return. [RT #19341]

   2550.   [bug]           Check --with-openssl=<path> finds <openssl/opensslv.h>.
                           [RT #19343]

   2549.   [port]          linux: define NR_OPEN if not currently defined.
                           [RT #19344]

   2548.   [bug]           Install iterated_hash.h. [RT #19335]

   2547.   [bug]           openssl_link.c:mem_realloc() could reference an
                           out-of-range area of the source buffer.  New public
                           function isc_mem_reallocate() was introduced to address
                           this bug. [RT #19313]

   2545.   [doc]           ARM: Legal hostname checking (check-names) is
                           for SRV RDATA too. [RT #19304]

   2544.   [cleanup]       Removed unused structure members in adb.c. [RT #19225]

   2543.   [contrib]       Update contrib/zkt to version 0.98. [RT #19113]

   2542.   [doc]           Update the description of dig +adflag. [RT #19290]

   2541.   [bug]           Conditionally update dispatch manager statistics.
                           [RT #19247]

   2539.   [security]      Update the interaction between recursion, allow-query,
                           allow-query-cache and allow-recursion.  [RT #19198]

   2538.   [bug]           cache/ADB memory could grow over max-cache-size,
                           especially with threads and smaller max-cache-size
                           values. [RT #19240]

   2537.   [experimental]  Added more statistics counters including those on socket
                           I/O events and query RTT histograms. [RT #18802]

   2536.   [cleanup]       Silence some warnings when -Werror=format-security is
                           specified. [RT #19083]

   2535.   [bug]           dig +showsearh and +trace interacted badly. [RT #19091]

   2532.   [bug]           dig: check the question section of the response to
                           see if it matches the asked question. [RT #18495]

   2531.   [bug]           Change #2207 was incomplete. [RT #19098]

   2530.   [bug]           named failed to reject insecure to secure transitions
                           via UPDATE. [RT #19101]

   2529.   [cleanup]       Upgrade libtool to silence complaints from recent
                           version of autoconf. [RT #18657]

   2528.   [cleanup]       Silence spurious configure warning about
                           --datarootdir [RT #19096]

   2527.   [bug]           named could reuse cache on reload with
                           enabling/disabling validation. [RT #19119]

   2525.   [experimental]  New logging category "query-errors" to provide detailed
                           internal information about query failures, especially
                           about server failures. [RT #19027]

   2524.   [port]          sunos: dnssec-signzone needs strtoul(). [RT #19129]

   2523.   [bug]           Random type rdata freed by dns_nsec_typepresent().
                           [RT #19112]

   2522.   [security]      Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

   2521.   [bug]           Improve epoll cross compilation support. [RT #19047]

   2519.   [bug]           dig/host with -4 or -6 didn't work if more than two
                           nameserver addresses of the excluded address family
                           preceded in resolv.conf. [RT #19081]

   2517.   [bug]           dig +trace with -4 or -6 failed when it chose a
                           nameserver address of the excluded address.
                           [RT #18843]

   2516.   [bug]           glue sort for responses was performed even when not
                           needed. [RT #19039]

   2514.   [bug]           dig/host failed with -4 or -6 when resolv.conf contains
                           a nameserver of the excluded address family.
                           [RT #18848]

   2511.   [cleanup]       dns_rdata_tofmttext() add const to linebreak.
                           [RT #18885]

   2506.   [port]          solaris: Check at configure time if
                           hack_shutup_pthreadonceinit is needed. [RT #19037]

   2505.   [port]          Treat amd64 similarly to x86_64 when determining
                           atomic operation support. [RT #19031]

   2503.   [port]          linux: improve compatibility with Linux Standard
                           Base. [RT #18793]

   2502.   [cleanup]       isc_radix: Improve compliance with coding style,
                           document function in <isc/radix.h>. [RT #18534]


   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/Makefile
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/PLIST
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/distinfo
   cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/options.mk
   cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/patches/patch-ab \
       pkgsrc/net/bind96/patches/patch-ad pkgsrc/net/bind96/patches/patch-ag
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/patches/patch-ac
   cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/net/bind96/patches/patch-aj

   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Wed Jul 29 00:03:38 UTC 2009

   Modified Files:
           pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update to 9.6.1-P1.
   This is for PR pkg/41796: Security fix CVE-2009-0696


   To generate a diff of this commit:
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind96/Makefile
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/distinfo


   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Wed Jul 29 00:16:33 UTC 2009

   Modified Files:
           pkgsrc/net/bind96: Makefile

   Log Message:
   Fix PKGNAME that I broke.


   To generate a diff of this commit:
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind96/Makefile

Revision 1.7 / (download) - annotate - [select for diffs], Wed Jul 29 00:16:33 2009 UTC (13 years, 6 months ago) by reed
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)

Fix PKGNAME that I broke.

Revision 1.6 / (download) - annotate - [select for diffs], Wed Jul 29 00:03:38 2009 UTC (13 years, 6 months ago) by reed
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Update to 9.6.1-P1.
This is for PR pkg/41796: Security fix CVE-2009-0696

Revision 1.5 / (download) - annotate - [select for diffs], Sun Jul 26 09:07:58 2009 UTC (13 years, 6 months ago) by obache
Branch: MAIN
Changes since 1.4: +4 -3 lines
Diff to previous 1.4 (colored)

Update bind96 to 9.6.1.
Based on PR 41772 by Robert Elz.

Pkgsrc changes:
 o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
 o remove patch-aj, libbind has been removed from the BIND 9 distribution
   since 9.6.0.
 o add bind-dig-sigchase option. requested by PR 41751.

Changes since 9.6.0:

	--- 9.6.1 released ---

2607.	[bug]		named could incorrectly delete NSEC3 records for
			empty nodes when processing a update request.
			[RT #19749]

2606.	[bug]		"delegation-only" was not being accepted in
			delegation-only type zones. [RT #19717]

2605.	[bug]		Accept DS responses from delegation only zones.
			[RT # 19296]

2603.	[port]		win32: handle .exe extension of named-checkzone and
			named-comilezone argv[0] names under windows.
			[RT #19767]

2602.	[port]		win32: fix debugging command line build of libisccfg.
			[RT #19767]

	--- 9.6.1rc1 released ---

2599.	[bug]		Address rapid memory growth when validation fails.
			[RT #19654]

2597.	[bug]		Handle a validation failure with a insecure delegation
			from a NSEC3 signed master/slave zone.  [RT #19464]

2596.	[bug]		Stale tree nodes of cache/dynamic rbtdb could stay
			long, leading to inefficient memory usage or rejecting
			newer cache entries in the worst case. [RT #19563]

2595.	[bug]		Fix unknown extended rcodes in dig. [RT #19625]

2592.	[bug]		Treat "any" as a type in nsupdate. [RT #19455]

2591.	[bug]		named could die when processing a update in
			removed_orphaned_ds(). [RT #19507]

2588.	[bug]		SO_REUSEADDR could be set unconditionally after failure
			of bind(2) call.  This should be rare and mostly
			harmless, but may cause interference with other
			processes that happen to use the same port. [RT #19642]

2586.	[bug]		Missing cleanup of SIG rdataset in searching a DLZ DB
			or SDB. [RT #19577]

2585.	[bug]		Uninitialized socket name could be referenced via a
			statistics channel, triggering an assertion failure in
			XML rendering. [RT #19427]

2584.	[bug]		alpha: gcc optimization could break atomic operations.
			[RT #19227]

2583.	[port]		netbsd: provide a control to not add the compile
			date to the version string, -DNO_VERSION_DATE.

2582.	[bug]		Don't emit warning log message when we attempt to
			remove non-existant journal. [RT #19516]

2579.	[bug]		DNSSEC lookaside validation failed to handle unknown
			algorithms. [RT #19479]

2578.	[bug]		Changed default sig-signing-type to 65534, because
			65535 turns out to be reserved.  [RT #19477]

2499.	[port]		solaris: lib/lwres/getaddrinfo.c namespace clash.
			[RT #18837]

	--- 9.6.1b1 released ---

2577.	[doc]		Clarified some statistics counters. [RT #19454]

2576.	[bug]		NSEC record were not being correctly signed when
			a zone transitions from insecure to secure.
			Handle such incorrectly signed zones. [RT #19114]

2574.	[doc]		Document nsupdate -g and -o. [RT #19351]

2573.	[bug]		Replacing a non-CNAME record with a CNAME record in a
			single transaction in a signed zone failed. [RT #19397]

2568.	[bug]		Report when the write to indicate a otherwise
			successful start fails. [RT #19360]

2567.	[bug]		dst__privstruct_writefile() could miss write errors.
			write_public_key() could miss write errors.
			dnssec-dsfromkey could miss write errors.
			[RT #19360]

2564.	[bug]		Only take EDNS fallback steps when processing timeouts.
			[RT #19405]

2563.	[bug]		Dig could leak a socket causing it to wait forever
			to exit. [RT #19359]

2562.	[doc]		ARM: miscellaneous improvements, reorganization,
			and some new content.

2561.	[doc]		Add isc-config.sh(1) man page. [RT #16378]

2560.	[bug]		Add #include <config.h> to iptable.c. [RT #18258]

2559.	[bug]		dnssec-dsfromkey could compute bad DS records when
			reading from a K* files.  [RT #19357]

2557.	[cleanup]	PCI compliance:
			* new libisc log module file
			* isc_dir_chroot() now also changes the working
			  directory to "/".
			* additional INSISTs
			* additional logging when files can't be removed.

2556.	[port]		Solaris: mkdir(2) on tmpfs filesystems does not do the
			error checks in the correct order resulting in the
			wrong error code sometimes being returned. [RT #19249]

2554.	[bug]		Validation of uppercase queries from NSEC3 zones could
			fail. [RT #19297]

2553.	[bug]		Reference leak on DNSSEC validation errors. [RT #19291]

2552.	[bug]		zero-no-soa-ttl-cache was not being honoured.
			[RT #19340]

2551.	[bug]		Potential Reference leak on return. [RT #19341]

2550.	[bug]		Check --with-openssl=<path> finds <openssl/opensslv.h>.
			[RT #19343]

2549.	[port]		linux: define NR_OPEN if not currently defined.
			[RT #19344]

2548.	[bug]		Install iterated_hash.h. [RT #19335]

2547.	[bug]		openssl_link.c:mem_realloc() could reference an
			out-of-range area of the source buffer.  New public
			function isc_mem_reallocate() was introduced to address
			this bug. [RT #19313]

2545.	[doc]		ARM: Legal hostname checking (check-names) is
			for SRV RDATA too. [RT #19304]

2544.	[cleanup]	Removed unused structure members in adb.c. [RT #19225]

2543.	[contrib]	Update contrib/zkt to version 0.98. [RT #19113]

2542.	[doc]		Update the description of dig +adflag. [RT #19290]

2541.	[bug]		Conditionally update dispatch manager statistics.
			[RT #19247]

2539.	[security]	Update the interaction between recursion, allow-query,
			allow-query-cache and allow-recursion.  [RT #19198]

2538.	[bug]		cache/ADB memory could grow over max-cache-size,
			especially with threads and smaller max-cache-size
			values. [RT #19240]

2537.	[experimental]	Added more statistics counters including those on socket
			I/O events and query RTT histograms. [RT #18802]

2536.	[cleanup]	Silence some warnings when -Werror=format-security is
			specified. [RT #19083]

2535.	[bug]		dig +showsearh and +trace interacted badly. [RT #19091]

2532.	[bug]		dig: check the question section of the response to
			see if it matches the asked question. [RT #18495]

2531.	[bug]		Change #2207 was incomplete. [RT #19098]

2530.	[bug]		named failed to reject insecure to secure transitions
			via UPDATE. [RT #19101]

2529.	[cleanup]	Upgrade libtool to silence complaints from recent
			version of autoconf. [RT #18657]

2528.   [cleanup]       Silence spurious configure warning about
                        --datarootdir [RT #19096]

2527.	[bug]		named could reuse cache on reload with
			enabling/disabling validation. [RT #19119]

2525.	[experimental]	New logging category "query-errors" to provide detailed
			internal information about query failures, especially
			about server failures. [RT #19027]

2524.	[port]		sunos: dnssec-signzone needs strtoul(). [RT #19129]

2523.	[bug]		Random type rdata freed by dns_nsec_typepresent().
			[RT #19112]

2522.	[security]	Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

2521.	[bug]		Improve epoll cross compilation support. [RT #19047]

2519.	[bug]		dig/host with -4 or -6 didn't work if more than two
			nameserver addresses of the excluded address family
			preceded in resolv.conf. [RT #19081]

2517.	[bug]		dig +trace with -4 or -6 failed when it chose a
			nameserver address of the excluded address.
			[RT #18843]

2516.	[bug]		glue sort for responses was performed even when not
			needed. [RT #19039]

2514.	[bug]		dig/host failed with -4 or -6 when resolv.conf contains
			a nameserver of the excluded address family.
			[RT #18848]

2511.	[cleanup]	dns_rdata_tofmttext() add const to linebreak.
			[RT #18885]

2506.	[port]		solaris: Check at configure time if
			hack_shutup_pthreadonceinit is needed. [RT #19037]

2505.	[port]		Treat amd64 similarly to x86_64 when determining
			atomic operation support. [RT #19031]

2503.	[port]		linux: improve compatibility with Linux Standard
			Base. [RT #18793]

2502.	[cleanup]	isc_radix: Improve compliance with coding style,
			document function in <isc/radix.h>. [RT #18534]

Revision 1.4 / (download) - annotate - [select for diffs], Fri Jul 24 12:30:00 2009 UTC (13 years, 6 months ago) by obache
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

Update HOMEPAGE url.

Revision 1.3 / (download) - annotate - [select for diffs], Mon Mar 23 14:43:13 2009 UTC (13 years, 10 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Branch point for: pkgsrc-2009Q2
Changes since 1.2: +3 -2 lines
Diff to previous 1.2 (colored)

Add URL for mirror on "ftp.belnet.be" to master site list.

Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 8 09:03:15 2009 UTC (14 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)

Changes since 9.6.0:

2522.	[security]	Handle -1 from DSA_do_verify() and EVP_verify().

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Jan 4 00:21:36 2009 UTC (14 years, 1 month ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

BIND 9.6.0

Full NSEC3 support
Automatic zone re-signing
Default PID file location
New tool: dnssec-dsfromkey
Randomize server selection on queries

http://oldwww.isc.org/sw/bind/view/?release=9.6.0
https://www.isc.org/software/bind/new-features/9.6

Revision 1.1 / (download) - annotate - [select for diffs], Sun Jan 4 00:21:36 2009 UTC (14 years, 1 month ago) by adrianp
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>