![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / net / bind96
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.15.2.2 / (download) - annotate - [select for diffs], Tue May 22 11:57:58 2012 UTC (3 days, 7 hours ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.15.2.1: +3 -4
lines
Diff to previous 1.15.2.1 (colored) to branchpoint 1.15 (colored) next main 1.16 (colored)
Pullup ticket #3800 - requested by taca
net/bind96: security update
Revisions pulled up:
- net/bind96/Makefile 1.25
- net/bind96/distinfo 1.17
- net/bind96/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:34:32 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Removed Files:
pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c
Log Message:
Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7).
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
Revision 1.17 / (download) - annotate - [select for diffs], Tue May 22 03:34:32 2012 UTC (3 days, 15 hours ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.16: +4 -5
lines
Diff to previous 1.16 (colored)
Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7). New Features * None Feature Changes * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] Bug Fixes * The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi-threaded environment. (Note that this may not provide a measurable improvement over previous versions of BIND, but it corrects the performance impact of change 3309 / RT #27995) [RT #29239] * Addresses a race condition that can cause named to to crash when the masters list for a zone is updated via rndc reload/reconfig [RT #26732] * Fixes a race condition in zone.c that can cause named to crash during the processing of rndc delzone [RT #29028] * Prevents a named segfault from resolver.c due to procedure fctx_finddone() not being thread-safe. [RT #27995] * Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering an assertion when flushing cache data. [RT #28571] * Resolves inconsistencies in locating DNSSEC keys where zone names contain characters that require special mappings [RT #28600] * A new flag -R has been added to queryperf for running tests using non-recursive queries. It also now builds correctly on MacOS version 10.7 (darwin) [RT #28565] * Named no longer crashes if gssapi is enabled in named.conf but was not compiled into the binary [RT #28338] * SDB now handles unexpected errors from back-end database drivers gracefully instead of exiting on an assert. [RT #28534]
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Thu May 3 19:15:50 2012 UTC (3 weeks, 1 day ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored)
Pullup ticket #3765 - requested by taca net/bind96: security patch Revisions pulled up: - net/bind96/Makefile 1.24 - net/bind96/distinfo 1.16 - net/bind96/patches/patch-lib_dns_resolver.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue May 1 02:49:27 UTC 2012 Modified Files: pkgsrc/net/bind96: Makefile distinfo Added Files: pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c Log Message: Add fix to a race condition in the resolver code that can cause a recursive nameserver: <https://kb.isc.org/article/AA-00664>. Bump PKGREVISION.
Revision 1.16 / (download) - annotate - [select for diffs], Tue May 1 02:49:26 2012 UTC (3 weeks, 3 days ago) by taca
Branch: MAIN
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored)
Add fix to a race condition in the resolver code that can cause a recursive nameserver: <https://kb.isc.org/article/AA-00664>. Bump PKGREVISION.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 5 00:41:10 2012 UTC (7 weeks, 1 day ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base
Branch point for: pkgsrc-2012Q1
Changes since 1.14: +6 -6
lines
Diff to previous 1.14 (colored)
Update bind96 package to 9.6.3.1.ESV.6 (BIND 9.6-ESV-R6).
Security Fixes
+ BIND 9 nameservers performing recursive queries could cache an
invalid record and subsequent queries for that record could
crash the resolvers with an assertion failure. [RT #26590]
[CVE-2011-4313]
Feature Changes
+ Improves initial start-up and server reload time by increasing
the default size of the hash table the configuration parser
uses to keep track of loaded zones and allowing it to grow
dynamically to better handle systems with large numbers of
zones. [RT #26523]
+ --enable-developer, a new composite argument to the configure
script, enables a set of build options normally disabled but
frequently selected in test or development builds, specifically:
enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
Darwin, also enable_exportlib) [RT #27103]
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Thu Nov 17 01:26:17 2011 UTC (6 months, 1 week ago) by sbd
Branch: pkgsrc-2011Q3
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
Pullup ticket #3607 - requested by spz
net/bind96 security update
Revisions pulled up:
- net/bind96/Makefile 1.21
- net/bind96/distinfo 1.14
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Nov 16 22:26:07 UTC 2011
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
BIND 9.6-ESV-R5-P1 is a security patch for BIND 9.6-ESV-R5.
* BIND 9 nameservers performing recursive queries could cache an invalid
record and subsequent queries for that record could crash the resolvers
with an assertion failure. [RT #26590]
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 16 22:26:07 2011 UTC (6 months, 1 week ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
BIND 9.6-ESV-R5-P1 is a security patch for BIND 9.6-ESV-R5. * BIND 9 nameservers performing recursive queries could cache an invalid record and subsequent queries for that record could crash the resolvers with an assertion failure. [RT #26590]
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Mon Aug 22 21:39:00 2011 UTC (9 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
Pullup ticket #3508 - requested by taca
net/bind96: security update
Revisions pulled up:
- net/bind96/Makefile 1.20
- net/bind96/PLIST 1.8
- net/bind96/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 10 15:24:51 UTC 2011
Modified Files:
pkgsrc/net/bind96: Makefile PLIST distinfo
Log Message:
Update bind96 pacakge to 9.6.3.1.ESV.5 (9.6-ESV-R5).
For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html
New Features
9.6-ESV-R5
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
Security Fixes
9.6-ESV-R5
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.6-ESV-R5
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
Revision 1.13 / (download) - annotate - [select for diffs], Wed Aug 10 15:24:51 2011 UTC (9 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base
Branch point for: pkgsrc-2011Q3
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored)
Update bind96 pacakge to 9.6.3.1.ESV.5 (9.6-ESV-R5).
For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html
New Features
9.6-ESV-R5
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
Security Fixes
9.6-ESV-R5
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.6-ESV-R5
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Wed Jul 6 03:01:56 2011 UTC (10 months, 2 weeks ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
Pullup ticket #3463 - requested by taca security update for net/bind96 Revisions pulled up: - net/bind96/Makefile 1.19 - net/bind96/distinfo 1.12 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 5 14:28:06 UTC 2011 Modified Files: pkgsrc/net/bind96: Makefile distinfo Log Message: Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release. The package name was selected as: - Make sure to greater version from bind-9.6.3. - Include "ESV" (Extended Support Version) string. Since changes from BIND 9.6.3 are too may, please refer changes in detail: ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jul 5 14:28:06 2011 UTC (10 months, 3 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored)
Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release. The package name was selected as: - Make sure to greater version from bind-9.6.3. - Include "ESV" (Extended Support Version) string. Since changes from BIND 9.6.3 are too may, please refer changes in detail: ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Wed Feb 16 03:00:25 2011 UTC (15 months, 1 week ago) by sbd
Branch: pkgsrc-2010Q4
Changes since 1.10: +6 -6
lines
Diff to previous 1.10 (colored) next main 1.11 (colored)
Pullup ticket #3355 - requested by taca
Revisions pulled up:
- pkgsrc/net/bind96/Makefile 1.18
- pkgsrc/net/bind96/PLIST 1.7
- pkgsrc/net/bind96/distinfo 1.11
- pkgsrc/net/bind96/patches/patch-ad 1.5
- pkgsrc/net/bind96/patches/patch-am 1.3
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 9 16:24:14 UTC 2011
Modified Files:
pkgsrc/net/bind96: Makefile PLIST distinfo
pkgsrc/net/bind96/patches: patch-ad patch-am
Log Message:
Update bind96 package to 9.6.3.
9.6.3
* BIND now builds with threads disabled in versions of NetBSD earlier
than 5.0 and with pthreads enabled by default in NetBSD versions
5.0 and higher. Also removes support for unproven-pthreads,
mit-pthreads and ptl2. [RT #19203]
* HPUX now correctly defaults to using /dev/poll, which should
increase performance. [RT #21919]
* If named is running as a threaded application, after an "rndc stop"
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
* When performing a GSS-TSIG signed dynamic zone update, memory could
be leaked. This causes an unclean shutdown and may affect
long-running servers. [RT #22573]
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
* Corrected a defect where a combination of dynamic updates and zone
transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
* Don't run MX checks (check-mx) when the MX record points to ".".
[RT #22645]
* DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
* isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
attr. [RT #22766]
* The Kerberos realm was being truncated when being pulled from the
the host prinicipal, make krb5-self updates fail. [RT #22770]
* named failed to preserve the case of domain names in RDATA which is
not compressible when writing master files. [RT #22863]
* There was a bug in how the clients-per-query code worked with some
query patterns. This could result, in rare circumstances, in having
all the client query slots filled with queries for the same DNS
label, essentially ignoring the max-clients-per-query setting. [RT
#22972]
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 9 16:24:14 2011 UTC (15 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.10: +6 -6
lines
Diff to previous 1.10 (colored)
Update bind96 package to 9.6.3.
9.6.3
* BIND now builds with threads disabled in versions of NetBSD earlier
than 5.0 and with pthreads enabled by default in NetBSD versions
5.0 and higher. Also removes support for unproven-pthreads,
mit-pthreads and ptl2. [RT #19203]
* HPUX now correctly defaults to using /dev/poll, which should
increase performance. [RT #21919]
* If named is running as a threaded application, after an "rndc stop"
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
* When performing a GSS-TSIG signed dynamic zone update, memory could
be leaked. This causes an unclean shutdown and may affect
long-running servers. [RT #22573]
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
* Corrected a defect where a combination of dynamic updates and zone
transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
* Don't run MX checks (check-mx) when the MX record points to ".".
[RT #22645]
* DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
* isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
attr. [RT #22766]
* The Kerberos realm was being truncated when being pulled from the
the host prinicipal, make krb5-self updates fail. [RT #22770]
* named failed to preserve the case of domain names in RDATA which is
not compressible when writing master files. [RT #22863]
* There was a bug in how the clients-per-query code worked with some
query patterns. This could result, in rare circumstances, in having
all the client query slots filled with queries for the same DNS
label, essentially ignoring the max-clients-per-query setting. [RT
#22972]
Revision 1.9.4.1 / (download) - annotate - [select for diffs], Thu Dec 2 04:11:42 2010 UTC (17 months, 3 weeks ago) by sbd
Branch: pkgsrc-2010Q3
Changes since 1.9: +4 -4
lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
Pullup ticket #3291 - requested by taca net/bind96 security update Revisions pulled up: - pkgsrc/net/bind96/Makefile 1.17 - pkgsrc/net/bind96/distinfo 1.10 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Dec 2 00:32:34 UTC 2010 Modified Files: pkgsrc/net/bind96: Makefile distinfo Log Message: Update bind96 package to bind-9.6.2pl3 (9.6.2-P3). http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories CVE: CVE-2010-3613 CERT: VU#706148 BIND: cache incorrectly allows a ncache entry and a rrsig for the same type CVE: CVE-2010-3614 CERT: VU#837744 BIND: Key algorithm rollover bug in bind9 To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/net/bind96/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind96/distinfo
Revision 1.10 / (download) - annotate - [select for diffs], Thu Dec 2 00:32:34 2010 UTC (17 months, 3 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.9: +4 -4
lines
Diff to previous 1.9 (colored)
Update bind96 package to bind-9.6.2pl3 (9.6.2-P3). http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories CVE: CVE-2010-3613 CERT: VU#706148 BIND: cache incorrectly allows a ncache entry and a rrsig for the same type CVE: CVE-2010-3614 CERT: VU#837744 BIND: Key algorithm rollover bug in bind9
Revision 1.9 / (download) - annotate - [select for diffs], Wed May 26 15:57:37 2010 UTC (2 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2
Branch point for: pkgsrc-2010Q3
Changes since 1.8: +7 -7
lines
Diff to previous 1.8 (colored)
Update net/bind96 package to 9.6.2pl2 (9.6.2-P2). --- 9.6.2-P2 released --- 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] --- 9.6.2-P1 released --- 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
Revision 1.7.2.1 / (download) - annotate - [select for diffs], Thu Jan 21 12:49:23 2010 UTC (2 years, 4 months ago) by spz
Branch: pkgsrc-2009Q4
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Pullup ticket 2961 - requested by taca
security update
Revisions pulled up:
- pkgsrc/net/bind96/Makefile 1.14
- pkgsrc/net/bind96/PLIST 1.5
- pkgsrc/net/bind96/distinfo 1.8
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 20 01:01:15 UTC 2010
Modified Files:
pkgsrc/net/bind96: Makefile PLIST distinfo
Log Message:
Update net/bind96 to 9.6.1pl3 (9.6.1-P3).
--- 9.6.1-P3 released ---
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid.
[RT #20712]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/bind96/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind96/distinfo
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 20 01:01:15 2010 UTC (2 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored)
Update net/bind96 to 9.6.1pl3 (9.6.1-P3). --- 9.6.1-P3 released --- 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Thu Nov 26 23:06:22 2009 UTC (2 years, 5 months ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.5: +4 -4
lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Pullup ticket #2935 - requested by taca bind96: security update Revisions pulled up: - net/bind96/Makefile 1.11 - net/bind96/distinfo 1.6 --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 25 09:50:07 UTC 2009 Modified Files: pkgsrc/net/bind96: Makefile distinfo Log Message: Update BIND 9.6.1-P2. --- 9.6.1-P2 released --- 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438]
Revision 1.7 / (download) - annotate - [select for diffs], Wed Nov 25 22:15:25 2009 UTC (2 years, 5 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Use libtool --tag explicitly if calling gcc instead of cc in preparation for libtool 2.2.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Nov 25 09:50:06 2009 UTC (2 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.5: +4 -4
lines
Diff to previous 1.5 (colored)
Update BIND 9.6.1-P2. --- 9.6.1-P2 released --- 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438]
Revision 1.3.4.1 / (download) - annotate - [select for diffs], Wed Jul 29 07:59:53 2009 UTC (2 years, 9 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.3: +8 -9
lines
Diff to previous 1.3 (colored) next main 1.4 (colored)
Pullup ticket 2844 - requested by reed
security update
last part of pullups for PR 41796
Revisions pulled up:
- pkgsrc/net/bind96/Makefile 1.7
- pkgsrc/net/bind96/PLIST 1.3
- pkgsrc/net/bind96/distinfo 1.4
- pkgsrc/net/bind96/options.mk 1.2
- pkgsrc/net/bind96/patches/patch-ab 1.2
- pkgsrc/net/bind96/patches/patch-ac 1.3
- pkgsrc/net/bind96/patches/patch-ad 1.2
- pkgsrc/net/bind96/patches/patch-ag 1.2
- pkgsrc/net/bind96/patches/patch-aj 1.1
Module Name: pkgsrc
Committed By: obache
Date: Fri Jul 24 12:30:00 UTC 2009
Modified Files:
pkgsrc/net/bind9: Makefile
pkgsrc/net/bind95: Makefile
pkgsrc/net/bind96: Makefile
Log Message:
Update HOMEPAGE url.
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/bind9/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/Makefile
Module Name: pkgsrc
Committed By: obache
Date: Sun Jul 26 09:07:58 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile PLIST distinfo options.mk
pkgsrc/net/bind96/patches: patch-ab patch-ac patch-ad patch-ag
Removed Files:
pkgsrc/net/bind96/patches: patch-aj
Log Message:
Update bind96 to 9.6.1.
Based on PR 41772 by Robert Elz.
Pkgsrc changes:
o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
o remove patch-aj, libbind has been removed from the BIND 9 distribution
since 9.6.0.
o add bind-dig-sigchase option. requested by PR 41751.
Changes since 9.6.0:
--- 9.6.1 released ---
2607. [bug] named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717]
2605. [bug] Accept DS responses from delegation only zones.
[RT # 19296]
2603. [port] win32: handle .exe extension of named-checkzone and
named-comilezone argv[0] names under windows.
[RT #19767]
2602. [port] win32: fix debugging command line build of libisccfg.
[RT #19767]
--- 9.6.1rc1 released ---
2599. [bug] Address rapid memory growth when validation fails.
[RT #19654]
2597. [bug] Handle a validation failure with a insecure delegation
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
long, leading to inefficient memory usage or rejecting
newer cache entries in the worst case. [RT #19563]
2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2591. [bug] named could die when processing a update in
removed_orphaned_ds(). [RT #19507]
2588. [bug] SO_REUSEADDR could be set unconditionally after failure
of bind(2) call. This should be rare and mostly
harmless, but may cause interference with other
processes that happen to use the same port. [RT #19642]
2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
or SDB. [RT #19577]
2585. [bug] Uninitialized socket name could be referenced via a
statistics channel, triggering an assertion failure in
XML rendering. [RT #19427]
2584. [bug] alpha: gcc optimization could break atomic operations.
[RT #19227]
2583. [port] netbsd: provide a control to not add the compile
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existant journal. [RT #19516]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
2578. [bug] Changed default sig-signing-type to 65534, because
65535 turns out to be reserved. [RT #19477]
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
[RT #18837]
--- 9.6.1b1 released ---
2577. [doc] Clarified some statistics counters. [RT #19454]
2576. [bug] NSEC record were not being correctly signed when
a zone transitions from insecure to secure.
Handle such incorrectly signed zones. [RT #19114]
2574. [doc] Document nsupdate -g and -o. [RT #19351]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
dnssec-dsfromkey could miss write errors.
[RT #19360]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2562. [doc] ARM: miscellaneous improvements, reorganization,
and some new content.
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]
2537. [experimental] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2530. [bug] named failed to reject insecure to secure transitions
via UPDATE. [RT #19101]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/distinfo
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/options.mk
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/patches/patch-ab \
pkgsrc/net/bind96/patches/patch-ad pkgsrc/net/bind96/patches/patch-ag
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/patches/patch-ac
cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/net/bind96/patches/patch-aj
Module Name: pkgsrc
Committed By: reed
Date: Wed Jul 29 00:03:38 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update to 9.6.1-P1.
This is for PR pkg/41796: Security fix CVE-2009-0696
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind96/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/distinfo
Module Name: pkgsrc
Committed By: reed
Date: Wed Jul 29 00:16:33 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile
Log Message:
Fix PKGNAME that I broke.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind96/Makefile
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jul 29 00:03:38 2009 UTC (2 years, 9 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.4: +4 -4
lines
Diff to previous 1.4 (colored)
Update to 9.6.1-P1. This is for PR pkg/41796: Security fix CVE-2009-0696
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 26 09:07:58 2009 UTC (2 years, 10 months ago) by obache
Branch: MAIN
Changes since 1.3: +8 -9
lines
Diff to previous 1.3 (colored)
Update bind96 to 9.6.1.
Based on PR 41772 by Robert Elz.
Pkgsrc changes:
o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
o remove patch-aj, libbind has been removed from the BIND 9 distribution
since 9.6.0.
o add bind-dig-sigchase option. requested by PR 41751.
Changes since 9.6.0:
--- 9.6.1 released ---
2607. [bug] named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717]
2605. [bug] Accept DS responses from delegation only zones.
[RT # 19296]
2603. [port] win32: handle .exe extension of named-checkzone and
named-comilezone argv[0] names under windows.
[RT #19767]
2602. [port] win32: fix debugging command line build of libisccfg.
[RT #19767]
--- 9.6.1rc1 released ---
2599. [bug] Address rapid memory growth when validation fails.
[RT #19654]
2597. [bug] Handle a validation failure with a insecure delegation
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
long, leading to inefficient memory usage or rejecting
newer cache entries in the worst case. [RT #19563]
2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2591. [bug] named could die when processing a update in
removed_orphaned_ds(). [RT #19507]
2588. [bug] SO_REUSEADDR could be set unconditionally after failure
of bind(2) call. This should be rare and mostly
harmless, but may cause interference with other
processes that happen to use the same port. [RT #19642]
2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
or SDB. [RT #19577]
2585. [bug] Uninitialized socket name could be referenced via a
statistics channel, triggering an assertion failure in
XML rendering. [RT #19427]
2584. [bug] alpha: gcc optimization could break atomic operations.
[RT #19227]
2583. [port] netbsd: provide a control to not add the compile
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existant journal. [RT #19516]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
2578. [bug] Changed default sig-signing-type to 65534, because
65535 turns out to be reserved. [RT #19477]
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
[RT #18837]
--- 9.6.1b1 released ---
2577. [doc] Clarified some statistics counters. [RT #19454]
2576. [bug] NSEC record were not being correctly signed when
a zone transitions from insecure to secure.
Handle such incorrectly signed zones. [RT #19114]
2574. [doc] Document nsupdate -g and -o. [RT #19351]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
dnssec-dsfromkey could miss write errors.
[RT #19360]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2562. [doc] ARM: miscellaneous improvements, reorganization,
and some new content.
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]
2537. [experimental] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2530. [bug] named failed to reject insecure to secure transitions
via UPDATE. [RT #19101]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]
Revision 1.3 / (download) - annotate - [select for diffs], Sat Feb 21 14:51:43 2009 UTC (3 years, 3 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Branch point for: pkgsrc-2009Q2
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Fix build on OpenSolaris http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/bind/getaddrinfo.c.patch
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 8 09:03:15 2009 UTC (3 years, 4 months ago) by adrianp
Branch: MAIN
Changes since 1.1: +4 -4
lines
Diff to previous 1.1 (colored)
Changes since 9.6.0: 2522. [security] Handle -1 from DSA_do_verify() and EVP_verify().
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Jan 4 00:21:36 2009 UTC (3 years, 4 months ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
BIND 9.6.0 Full NSEC3 support Automatic zone re-signing Default PID file location New tool: dnssec-dsfromkey Randomize server selection on queries http://oldwww.isc.org/sw/bind/view/?release=9.6.0 https://www.isc.org/software/bind/new-features/9.6
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jan 4 00:21:36 2009 UTC (3 years, 4 months ago) by adrianp
Branch: MAIN
Initial revision