The NetBSD Project

CVS log for pkgsrc/net/bind97/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / bind97

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.30, Thu Jun 6 03:02:14 2013 UTC (9 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, HEAD
Changes since 1.29: +1 -1 lines
FILE REMOVED

Remove bind97 package which was EOL on November 2012.
Please migrate to bind98 or bind99.

Revision 1.29 / (download) - annotate - [select for diffs], Fri May 31 12:41:32 2013 UTC (9 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.

Revision 1.28 / (download) - annotate - [select for diffs], Sat Apr 6 03:45:20 2013 UTC (9 years, 10 months ago) by rodent
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

Fixes:

 COMMENT should not be longer than 70 characters.
 COMMENT should not begin with 'A'.
 COMMENT should not begin with 'An'.
 COMMENT should not begin with 'a'.
 COMMENT should not end with a period.
 COMMENT should start with a capital letter.

pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.

Revision 1.24.2.1 / (download) - annotate - [select for diffs], Sat Mar 30 11:53:00 2013 UTC (9 years, 10 months ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.24: +5 -2 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)

Pullup ticket #4105 - requested by taca
net/bind97: security patch

Revisions pulled up:
- net/bind97/Makefile                                           1.25-1.27

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Wed Feb  6 23:24:19 UTC 2013

   Modified Files:
   	pkgsrc/net/bind97: Makefile

   Log Message:
   PKGREVISION bumps for the security/openssl 1.0.1d update.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Mar  2 20:33:35 UTC 2013

   Modified Files:
   	pkgsrc/net/bind97: Makefile

   Log Message:
   Bump PKGREVISION for mysql default change to 55.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Mar 27 00:34:32 UTC 2013

   Modified Files:
   	pkgsrc/net/bind97: Makefile

   Log Message:
   Disable use of regex.h for fixing CVE-2013-2266.

   Bump PKGREVISION.

Revision 1.27 / (download) - annotate - [select for diffs], Wed Mar 27 00:34:32 2013 UTC (9 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.26: +5 -2 lines
Diff to previous 1.26 (colored)

Disable use of regex.h for fixing CVE-2013-2266.

Bump PKGREVISION.

Revision 1.26 / (download) - annotate - [select for diffs], Sat Mar 2 20:33:30 2013 UTC (9 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

Bump PKGREVISION for mysql default change to 55.

Revision 1.25 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:10 2013 UTC (10 years ago) by jperkin
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.24 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:27 2012 UTC (10 years, 1 month ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)

recursive bump from cyrus-sasl libsasl2 shlib major bump.

Revision 1.23 / (download) - annotate - [select for diffs], Tue Oct 23 17:18:11 2012 UTC (10 years, 3 months ago) by asau
Branch: MAIN
Changes since 1.22: +1 -3 lines
Diff to previous 1.22 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.22 / (download) - annotate - [select for diffs], Sun Oct 21 15:49:06 2012 UTC (10 years, 3 months ago) by cheusov
Branch: MAIN
Changes since 1.21: +3 -2 lines
Diff to previous 1.21 (colored)


Add CONFLICTS between net/bind and net/host.
net/bind9*: remove "bind<x.y.z" entries from CONFLICTS. It is useless
   because package's PKGBASE is "bind".

Revision 1.19.2.1 / (download) - annotate - [select for diffs], Wed Oct 10 12:54:06 2012 UTC (10 years, 3 months ago) by tron
Branch: pkgsrc-2012Q3
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)

Pullup ticket #3942 - requested by taca
net/bind97: security update

Revisions pulled up:
- net/bind97/Makefile                                           1.20-1.21
- net/bind97/distinfo                                           1.17

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct  3 21:59:10 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile

   Log Message:
   Bump all packages that use perl, or depend on a p5-* package, or
   are called p5-*.

   I hope that's all of them.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Oct 10 03:05:52 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 to 9.7.7 (BIND 9.7.7).

   Here are change changes from release note.  Note security fixes except
   CVE-2012-5166 should be already fixed in previous version of bind97 package.

   Please refer https://kb.isc.org/article/AA-00796 for list of full bug fixes.

   Security Fixes

   * A deliberately constructed combination of records could cause named to hang
     while populating the additional section of a response. [CVE-2012-5166] [RT
     #31090]
   * Prevents a named assert (crash) when queried for a record whose RDATA
     exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
   * Prevents a named assert (crash) when validating caused by using "Bad cache"
     data before it has been initialized. [CVE-2012-3817] [RT #30025]
   * A condition has been corrected where improper handling of zero-length RDATA
     could cause undesirable behavior, including termination of the named
     process. [CVE-2012-1667] [RT #29644]

   New Features

     None

   Feature Changes

   * Improves OpenSSL error logging [RT #29932]
   * nslookup now returns a nonzero exit code when it is unable to get an answer.
     [RT #29492]

Revision 1.21 / (download) - annotate - [select for diffs], Wed Oct 10 03:05:52 2012 UTC (10 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.20: +2 -3 lines
Diff to previous 1.20 (colored)

Update bind97 to 9.7.7 (BIND 9.7.7).

Here are change changes from release note.  Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind97 package.

Please refer https://kb.isc.org/article/AA-00796 for list of full bug fixes.


Security Fixes

* A deliberately constructed combination of records could cause named to hang
  while populating the additional section of a response. [CVE-2012-5166] [RT
  #31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
  exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
  data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
  could cause undesirable behavior, including termination of the named
  process. [CVE-2012-1667] [RT #29644]


New Features

  None

Feature Changes

* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
  [RT #29492]

Revision 1.20 / (download) - annotate - [select for diffs], Wed Oct 3 21:56:52 2012 UTC (10 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)

Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.

Revision 1.16.2.2 / (download) - annotate - [select for diffs], Thu Sep 13 07:48:01 2012 UTC (10 years, 4 months ago) by sbd
Branch: pkgsrc-2012Q2
Changes since 1.16.2.1: +4 -4 lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)

Pullup ticket #3919 - requested by taca
net/bind?? CVE-2012-4244 security fix

Revisions pulled up:
- net/bind96/DESCR                                              1.2
- net/bind96/Makefile                                           1.29-1.30
- net/bind96/distinfo                                           1.20
- net/bind97/DESCR                                              1.2
- net/bind97/Makefile                                           1.18-1.19
- net/bind97/distinfo                                           1.16
- net/bind98/DESCR                                              1.2
- net/bind98/Makefile                                           1.15-1.16
- net/bind98/distinfo                                           1.14
- net/bind99/DESCR                                              1.2
- net/bind99/Makefile                                           1.10-1.11
- net/bind99/distinfo                                           1.8

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Aug 26 14:23:49 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: DESCR Makefile
   	pkgsrc/net/bind97: DESCR Makefile
   	pkgsrc/net/bind98: DESCR Makefile
   	pkgsrc/net/bind99: DESCR Makefile

   Log Message:
   Make it clearer which package contains exactly which bind version.
   Patch from Bug Hunting.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:32:55 UTC 2012

   Modified Files:
   	pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3).

   	--- 9.6-ESV-R7-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

   3358	[bug]		Fix declaration of fatal in bin/named/server.c
   			and bin/nsupdate/main.c. [RT #30522]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:33:40 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 to bind-9.7.6pl3.

   	--- 9.7.6-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:35:18 UTC 2012

   Modified Files:
   	pkgsrc/net/bind98: Makefile distinfo

   Log Message:
   Update bind98 to 9.8.3pl3 (BIND 9.8.3-P3).

   	--- 9.8.3-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 01:35:56 UTC 2012

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log Message:
   Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3).

   	--- 9.9.1-P3 released ---

   3364.	[security]	Named could die on specially crafted record.
   			[RT #30416]

Revision 1.19 / (download) - annotate - [select for diffs], Thu Sep 13 01:33:40 2012 UTC (10 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base
Branch point for: pkgsrc-2012Q3
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Update bind97 to bind-9.7.6pl3.

	--- 9.7.6-P3 released ---

3364.	[security]	Named could die on specially crafted record.
			[RT #30416]

Revision 1.18 / (download) - annotate - [select for diffs], Sun Aug 26 14:23:49 2012 UTC (10 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)

Make it clearer which package contains exactly which bind version.
Patch from Bug Hunting.

Revision 1.16.2.1 / (download) - annotate - [select for diffs], Wed Jul 25 10:30:31 2012 UTC (10 years, 6 months ago) by sbd
Branch: pkgsrc-2012Q2
Changes since 1.16: +2 -3 lines
Diff to previous 1.16 (colored)

Pullup ticket #3872 - requested by spz
net/bind97 security update

Revisions pulled up:
- net/bind97/Makefile                                           1.17
- net/bind97/distinfo                                           1.15

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Tue Jul 24 21:01:11 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   patch release with fix for CVE-2012-3817:

              --- 9.7.6-P2 released ---

      3346.   [security]      Bad-cache data could be used before it was
                              initialized, causing an assert. [RT #30025]

      3342.   [bug]           Change #3314 broke saving of stub zones to disk
                              resulting in excessive cpu usage in some cases.
                              [RT #29952]

Revision 1.17 / (download) - annotate - [select for diffs], Tue Jul 24 21:01:11 2012 UTC (10 years, 6 months ago) by spz
Branch: MAIN
Changes since 1.16: +2 -3 lines
Diff to previous 1.16 (colored)

patch release with fix for CVE-2012-3817:

           --- 9.7.6-P2 released ---

   3346.   [security]      Bad-cache data could be used before it was
                           initialized, causing an assert. [RT #30025]

   3342.   [bug]           Change #3314 broke saving of stub zones to disk
                           resulting in excessive cpu usage in some cases.
                           [RT #29952]

Revision 1.16 / (download) - annotate - [select for diffs], Thu Jun 14 07:45:39 2012 UTC (10 years, 7 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)

Recursive PKGREVISION bump for libxml2 buildlink addition.

Revision 1.12.2.3 / (download) - annotate - [select for diffs], Tue Jun 5 08:27:06 2012 UTC (10 years, 8 months ago) by sbd
Branch: pkgsrc-2012Q1
Changes since 1.12.2.2: +2 -2 lines
Diff to previous 1.12.2.2 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)

Pullup ticket #3819 - requested by taca
net/bind97 security update

Revisions pulled up:
- net/bind97/Makefile                                           1.15
- net/bind97/distinfo                                           1.14

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jun  4 13:27:32 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 to 9.7.6pl1 (BIND 9.7.6-P1).
   Security release for CVE-2012-1667.

   	--- 9.7.6-P1 released ---

   3331.	[security]	dns_rdataslab_fromrdataset could produce bad
   			rdataslabs. [RT #29644]

Revision 1.15 / (download) - annotate - [select for diffs], Mon Jun 4 13:27:32 2012 UTC (10 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Update bind97 to 9.7.6pl1 (BIND 9.7.6-P1).
Security release for CVE-2012-1667.

	--- 9.7.6-P1 released ---

3331.	[security]	dns_rdataslab_fromrdataset could produce bad
			rdataslabs. [RT #29644]

Revision 1.12.2.2 / (download) - annotate - [select for diffs], Tue May 22 09:40:37 2012 UTC (10 years, 8 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.12.2.1: +1 -2 lines
Diff to previous 1.12.2.1 (colored) to branchpoint 1.12 (colored)

Pullup ticket #3799 - requested by taca
net/bind97: security update

Revisions pulled up:
- net/bind97/Makefile                                           1.14
- net/bind97/distinfo                                           1.13
- net/bind97/patches/patch-lib_dns_resolver.c                   deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May 22 03:33:28 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo
   Removed Files:
   	pkgsrc/net/bind97/patches: patch-lib_dns_resolver.c

   Log Message:
   Update bind97 package to 9.7.6.

   New Features

   *  None

   Feature Changes

   *  BIND now recognizes the TLSA resource record type, created to
      support IETF DANE (DNS-based Authentication of Named Entities)
      [RT #28989]

   Bug Fixes

   *  The locking strategy around the handling of iterative queries
      has been tuned to reduce unnecessary contention in a multi-threaded
      environment.  (Note that this may not provide a measurable
      improvement over previous versions of BIND, but it corrects the
      performance impact of change 3309 / RT #27995) [RT #29239]

   *  Addresses a race condition that can cause named to to crash when
      the masters list for a zone is updated via rndc reload/reconfig
      [RT #26732]

   *  Fixes a race condition in zone.c that can cause named to crash
      during the processing of rndc delzone [RT #29028]

   *  Prevents a named segfault from resolver.c due to procedure
      fctx_finddone() not being thread-safe.  [RT #27995]

   *  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
      an assertion when flushing cache data. [RT #28571]

   *  A new flag -R  has been added to queryperf for running tests
      using non-recursive queries.  It also now builds correctly on
      MacOS version 10.7 (darwin)  [RT #28565]

   *  Named no longer crashes if gssapi is enabled in named.conf but
      was not compiled into the binary [RT #28338]

   *  SDB now handles unexpected errors from back-end database drivers
      gracefully instead of exiting on an assert. [RT #28534]

Revision 1.14 / (download) - annotate - [select for diffs], Tue May 22 03:33:28 2012 UTC (10 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.13: +2 -3 lines
Diff to previous 1.13 (colored)

Update bind97 package to 9.7.6.

New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

Bug Fixes

*  The locking strategy around the handling of iterative queries
   has been tuned to reduce unnecessary contention in a multi-threaded
   environment.  (Note that this may not provide a measurable
   improvement over previous versions of BIND, but it corrects the
   performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
   the masters list for a zone is updated via rndc reload/reconfig
   [RT #26732]

*  Fixes a race condition in zone.c that can cause named to crash
   during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
   fctx_finddone() not being thread-safe.  [RT #27995]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
   an assertion when flushing cache data. [RT #28571]

*  A new flag -R  has been added to queryperf for running tests
   using non-recursive queries.  It also now builds correctly on
   MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
   was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
   gracefully instead of exiting on an assert. [RT #28534]

Revision 1.12.2.1 / (download) - annotate - [select for diffs], Thu May 3 18:32:02 2012 UTC (10 years, 9 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)

Pullup ticket #3764 - requested by taca
net/bind97: security patch

Revisions pulled up:
- net/bind97/Makefile                                           1.13
- net/bind97/distinfo                                           1.12
- net/bind97/patches/patch-lib_dns_resolver.c                   1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May  1 02:48:58 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo
   Added Files:
   	pkgsrc/net/bind97/patches: patch-lib_dns_resolver.c

   Log Message:
   Add fix to a race condition in the resolver code that can cause a recursive
   nameserver: <https://kb.isc.org/article/AA-00664>.

   Bump PKGREVISION.

Revision 1.13 / (download) - annotate - [select for diffs], Tue May 1 02:48:58 2012 UTC (10 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)

Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.

Revision 1.12 / (download) - annotate - [select for diffs], Thu Apr 5 00:40:09 2012 UTC (10 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base
Branch point for: pkgsrc-2012Q1
Changes since 1.11: +6 -6 lines
Diff to previous 1.11 (colored)

Update bind97 package to 9.7.5.


Security Fixes

  + BIND 9 nameservers performing recursive queries could cache an
    invalid record and subsequent queries for that record could
    crash the resolvers with an assertion failure. [RT #26590]
    [CVE-2011-4313]

Feature Changes

  + It is now possible to explicitly disable DLV in named.conf by
    specifying "dnssec-lookaside no;". This is the default, but the
    ability to configure it makes it clearly visible to administrators.
    [RT #24858]

  + --enable-developer, a new composite argument to the configure
    script, enables a set of build options normally disabled but
    frequently selected in test or development builds, specifically:
    enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
    enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
    Darwin, also enable_exportlib) [RT #27103]

Revision 1.11 / (download) - annotate - [select for diffs], Mon Mar 12 15:40:15 2012 UTC (10 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.10: +1 -2 lines
Diff to previous 1.10 (colored)

Don't install doc/arm HTML files twice.

Revision 1.9.2.1 / (download) - annotate - [select for diffs], Thu Nov 17 01:26:10 2011 UTC (11 years, 2 months ago) by sbd
Branch: pkgsrc-2011Q3
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)

Pullup ticket #3606 - requested by spz
net/bind97 security update

Revisions pulled up:
- net/bind97/Makefile                                           1.10
- net/bind97/distinfo                                           1.10

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Wed Nov 16 21:49:57 UTC 2011

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   BIND 9.7.4-P1 is a security patch for BIND 9.7.4.

   * BIND 9 nameservers performing recursive queries could cache an invalid
     record and subsequent queries for that record could crash the resolvers
     with an assertion failure. [RT #26590]

Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 16 21:49:56 2011 UTC (11 years, 2 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

BIND 9.7.4-P1 is a security patch for BIND 9.7.4.

* BIND 9 nameservers performing recursive queries could cache an invalid
  record and subsequent queries for that record could crash the resolvers
  with an assertion failure. [RT #26590]

Revision 1.8.2.1 / (download) - annotate - [select for diffs], Mon Aug 22 21:21:34 2011 UTC (11 years, 5 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)

Pullup ticket #3509 - requested by taca
net/bind97: security update

Revisions pulled up:
- net/bind97/Makefile                                           1.9
- net/bind97/PLIST                                              1.5
- net/bind97/distinfo                                           1.9

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Aug 10 15:26:11 UTC 2011

   Modified Files:
   	pkgsrc/net/bind97: Makefile PLIST distinfo

   Log Message:
   Update bind97 package to 9.7.4.

   For full changes, please refer:
   ftp://ftp.isc.org/isc/bind9/9.7.4/RELEASE-NOTES-BIND-9.7.4.html

   New Features

   9.7.4

        * A new test has been added to check the apex NSEC3 records after
          DNSKEY records have been added via dynamic update. [RT #23229]
        * Added a tool able to generate malformed packets to allow testing of
          how named handles them. [RT #24096]

   Security Fixes

   9.7.4

        * named, set up to be a caching resolver, is vulnerable to a user
          querying a domain with very large resource record sets (RRSets)
          when trying to negatively cache the response. Due to an off-by-one
          error, caching the response could cause named to crash. [RT #24650]
          [CVE-2011-1910]
        * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
          processing code that could allow certain UPDATE requests to crash
          named. [RT #24777] [CVE-2011-2464]

   Feature Changes

   9.7.4

        * Merged in the NetBSD ATF test framework (currently version 0.12)
          for development of future unit tests. Use configure --with-atf to
          build ATF internally or configure --with-atf=prefix to use an
          external copy. [RT #23209]
        * Added more verbose error reporting from DLZ LDAP. [RT #23402]
        * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Revision 1.9 / (download) - annotate - [select for diffs], Wed Aug 10 15:26:10 2011 UTC (11 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base
Branch point for: pkgsrc-2011Q3
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)

Update bind97 package to 9.7.4.

For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.7.4/RELEASE-NOTES-BIND-9.7.4.html


New Features

9.7.4

     * A new test has been added to check the apex NSEC3 records after
       DNSKEY records have been added via dynamic update. [RT #23229]
     * Added a tool able to generate malformed packets to allow testing of
       how named handles them. [RT #24096]

Security Fixes

9.7.4

     * named, set up to be a caching resolver, is vulnerable to a user
       querying a domain with very large resource record sets (RRSets)
       when trying to negatively cache the response. Due to an off-by-one
       error, caching the response could cause named to crash. [RT #24650]
       [CVE-2011-1910]
     * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
       processing code that could allow certain UPDATE requests to crash
       named. [RT #24777] [CVE-2011-2464]

Feature Changes

9.7.4

     * Merged in the NetBSD ATF test framework (currently version 0.12)
       for development of future unit tests. Use configure --with-atf to
       build ATF internally or configure --with-atf=prefix to use an
       external copy. [RT #23209]
     * Added more verbose error reporting from DLZ LDAP. [RT #23402]
     * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Revision 1.6.2.2 / (download) - annotate - [select for diffs], Wed Jul 6 03:00:47 2011 UTC (11 years, 7 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.6.2.1: +2 -2 lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)

Pullup ticket #3462 - requested by taca
security update for net/bind97

Revisions pulled up:
- net/bind97/Makefile                                           1.8
- net/bind97/distinfo                                           1.8

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul  5 13:56:35 UTC 2011

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 package to bind-9.7.3pl3 (9.7.3-P3), security release.

   	--- 9.7.3-P3 released ---

   3124.	[bug]		Use an rdataset attribute flag to indicate
   			negative-cache records rather than using rrtype 0;
   			this will prevent problems when that rrtype is
   			used in actual DNS packets.  [RT #24777]

   	--- 9.7.3-P2 released (withdrawn) ---

   3123.	[security]	Change #2912 exposed a latent flaw in
   			dns_rdataset_totext() that could cause named to
   			crash with an assertion failure. [RT #24777]

Revision 1.8 / (download) - annotate - [select for diffs], Tue Jul 5 13:56:35 2011 UTC (11 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Update bind97 package to bind-9.7.3pl3 (9.7.3-P3), security release.


	--- 9.7.3-P3 released ---

3124.	[bug]		Use an rdataset attribute flag to indicate
			negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets.  [RT #24777]

	--- 9.7.3-P2 released (withdrawn) ---

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]

Revision 1.6.2.1 / (download) - annotate - [select for diffs], Fri May 27 11:06:49 2011 UTC (11 years, 8 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

Pullup ticket #3440 - requested by taca
net/bind97 security update

Revisions pulled up:
- net/bind97/Makefile                                           1.7
- net/bind97/distinfo                                           1.7

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri May 27 06:46:26 UTC 2011

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 package to 9.7.3pl1 (9.7.3-P1).

   	--- 9.7.3-P1 released ---

   3121.   [security]      An authoritative name server sending a negative
                           response containing a very large RRset could
                           trigger an off-by-one error in the ncache code
                           and crash named. [RT #24650]

   3120.	[bug]		Named could fail to validate zones listed in a DLV
   			that validated insecure without using DLV and had
   			DS records in the parent zone. [RT #24631]

Revision 1.7 / (download) - annotate - [select for diffs], Fri May 27 06:46:25 2011 UTC (11 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

Update bind97 package to 9.7.3pl1 (9.7.3-P1).


	--- 9.7.3-P1 released ---

3121.   [security]      An authoritative name server sending a negative
                        response containing a very large RRset could
                        trigger an off-by-one error in the ncache code
                        and crash named. [RT #24650]

3120.	[bug]		Named could fail to validate zones listed in a DLV
			that validated insecure without using DLV and had
			DS records in the parent zone. [RT #24631]

Revision 1.5.2.1 / (download) - annotate - [select for diffs], Wed Feb 23 19:23:21 2011 UTC (11 years, 11 months ago) by tron
Branch: pkgsrc-2010Q4
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)

Pullup ticket #3363 - requested by taca
net/bind97: security update

Revisions pulled up:
- net/bind97/Makefile				1.6
- net/bind97/PLIST				1.4
- net/bind97/distinfo				1.6
- net/bind97/files/named9.sh			1.2
- net/bind97/patches/patch-ac			1.3
- net/bind97/patches/patch-ae			1.2
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Wed Feb 16 17:43:22 UTC 2011

Modified Files:
	pkgsrc/net/bind97: Makefile PLIST distinfo
	pkgsrc/net/bind97/files: named9.sh
	pkgsrc/net/bind97/patches: patch-ac patch-ae

Log Message:
Update bind97 package to 9.7.3.

* also sync rc scrpt with base system.

Bug Fixes

9.7.3

     * BIND now builds with threads disabled in versions of NetBSD earlier
       than 5.0 and with pthreads enabled by default in NetBSD versions
       5.0 and higher. Also removes support for unproven-pthreads,
       mit-pthreads and ptl2. [RT #19203]
     * Added a regression test for fix 2896/RT #21045 ("rndc sign" failed
       to properly update the zone when adding a DNSKEY for publication
       only). [RT #21324]
     * "nsupdate -l" now gives error message if "session.key" file is not
       found. [RT #21670]
     * HPUX now correctly defaults to using /dev/poll, which should
       increase performance. [RT #21919]
     * If named is running as a threaded application, after an "rndc stop"
       command has been issued, other inbound TCP requests can cause named
       to hang and never complete shutdown. [RT #22108]
     * After an "rndc reconfig", the refresh timer for managed-keys is
       ignored, resulting in managed-keys not being refreshed until named
       is restarted. [RT #22296]
     * An NSEC3PARAM record placed inside a zone which is not properly
       signed with NSEC3 could cause named to crash, if changed via
       dynamic update. [RT #22363]
     * "rndc -h" now includes "loadkeys" option. [RT #22493]
     * When performing a GSS-TSIG signed dynamic zone update, memory could
       be leaked. This causes an unclean shutdown and may affect
       long-running servers. [RT #22573]
     * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
       allows for a TCP DoS attack. Until there is a kernel fix, ISC is
       disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
     * When signing records, named didn't filter out any TTL changes to
       DNSKEY records. This resulted in an incomplete key set. TTL changes
       are now dealt with before signing. [RT #22590]
     * Corrected a defect where a combination of dynamic updates and zone
       transfers incorrectly locked the in-memory zone database, causing
       named to freeze. [RT #22614]
     * Don't run MX checks (check-mx) when the MX record points to ".".
       [RT #22645]
     * DST key reference counts can now be incremented via dst_key_attach.
       [RT #22672]
     * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32
       were updated/corrected per current Windows OS. [RT #22724]
     * "dnssec-settime -S" no longer tests prepublication interval
       validity when the interval is set to 0. [RT #22761]
     * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
       attr. [RT #22766]
     * The Kerberos realm was being truncated when being pulled from the
       the host prinicipal, make krb5-self updates fail. [RT #22770]
     * named failed to preserve the case of domain names in RDATA which is
       not compressible when writing master files. [RT #22863]
     * The man page for dnssec-keyfromlabel incorrectly had "-U" rather
       than the correct option "-I". [RT #22887]
     * The "rndc" command usage statement was missing the "-b" option. [RT
       #22937]
     * There was a bug in how the clients-per-query code worked with some
       query patterns. This could result, in rare circumstances, in having
       all the client query slots filled with queries for the same DNS
       label, essentially ignoring the max-clients-per-query setting. [RT
       #22972]
     * The secure zone update feature in named is based on the zone being
       signed and configured for dynamic updates. A bug in the ACL
       processing for "allow-update { none; };" resulted in a zone that is
       supposed to be static being treated as a dynamic zone. Thus, name
       would try to sign/re-sign that zone erroneously. [RT #23120]

Revision 1.6 / (download) - annotate - [select for diffs], Wed Feb 16 17:43:22 2011 UTC (11 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Update bind97 package to 9.7.3.

* also sync rc scrpt with base system.

Bug Fixes

9.7.3

     * BIND now builds with threads disabled in versions of NetBSD earlier
       than 5.0 and with pthreads enabled by default in NetBSD versions
       5.0 and higher. Also removes support for unproven-pthreads,
       mit-pthreads and ptl2. [RT #19203]
     * Added a regression test for fix 2896/RT #21045 ("rndc sign" failed
       to properly update the zone when adding a DNSKEY for publication
       only). [RT #21324]
     * "nsupdate -l" now gives error message if "session.key" file is not
       found. [RT #21670]
     * HPUX now correctly defaults to using /dev/poll, which should
       increase performance. [RT #21919]
     * If named is running as a threaded application, after an "rndc stop"
       command has been issued, other inbound TCP requests can cause named
       to hang and never complete shutdown. [RT #22108]
     * After an "rndc reconfig", the refresh timer for managed-keys is
       ignored, resulting in managed-keys not being refreshed until named
       is restarted. [RT #22296]
     * An NSEC3PARAM record placed inside a zone which is not properly
       signed with NSEC3 could cause named to crash, if changed via
       dynamic update. [RT #22363]
     * "rndc -h" now includes "loadkeys" option. [RT #22493]
     * When performing a GSS-TSIG signed dynamic zone update, memory could
       be leaked. This causes an unclean shutdown and may affect
       long-running servers. [RT #22573]
     * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
       allows for a TCP DoS attack. Until there is a kernel fix, ISC is
       disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
     * When signing records, named didn't filter out any TTL changes to
       DNSKEY records. This resulted in an incomplete key set. TTL changes
       are now dealt with before signing. [RT #22590]
     * Corrected a defect where a combination of dynamic updates and zone
       transfers incorrectly locked the in-memory zone database, causing
       named to freeze. [RT #22614]
     * Don't run MX checks (check-mx) when the MX record points to ".".
       [RT #22645]
     * DST key reference counts can now be incremented via dst_key_attach.
       [RT #22672]
     * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32
       were updated/corrected per current Windows OS. [RT #22724]
     * "dnssec-settime -S" no longer tests prepublication interval
       validity when the interval is set to 0. [RT #22761]
     * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
       attr. [RT #22766]
     * The Kerberos realm was being truncated when being pulled from the
       the host prinicipal, make krb5-self updates fail. [RT #22770]
     * named failed to preserve the case of domain names in RDATA which is
       not compressible when writing master files. [RT #22863]
     * The man page for dnssec-keyfromlabel incorrectly had "-U" rather
       than the correct option "-I". [RT #22887]
     * The "rndc" command usage statement was missing the "-b" option. [RT
       #22937]
     * There was a bug in how the clients-per-query code worked with some
       query patterns. This could result, in rare circumstances, in having
       all the client query slots filled with queries for the same DNS
       label, essentially ignoring the max-clients-per-query setting. [RT
       #22972]
     * The secure zone update feature in named is based on the zone being
       signed and configured for dynamic updates. A bug in the ACL
       processing for "allow-update { none; };" resulted in a zone that is
       supposed to be static being treated as a dynamic zone. Thus, name
       would try to sign/re-sign that zone erroneously. [RT #23120]

Revision 1.4.2.1 / (download) - annotate - [select for diffs], Thu Dec 2 04:16:16 2010 UTC (12 years, 2 months ago) by sbd
Branch: pkgsrc-2010Q3
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Pullup ticket #3290 - requested by taca
net/bind97 security update

Revisions pulled up:
pkgsrc/net/bind97/Makefile	1.5
pkgsrc/net/bind97/distinfo	1.5

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Dec  2 00:31:34 UTC 2010

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   Update bind97 package to bind-9.7.2pl3 (9.7.2-P3).

   http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

   CVE: CVE-2010-3613
   CERT: VU#706148
   BIND: cache incorrectly allows a ncache entry and a rrsig for the same type

   CVE: CVE-2010-3614
   CERT: VU#837744
   BIND: Key algorithm rollover bug in bind9

   CVE: CVE-2010-3615
   CERT: VU#510208
   BIND: allow-query processed incorrectly


   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind97/Makefile \
       pkgsrc/net/bind97/distinfo

Revision 1.5 / (download) - annotate - [select for diffs], Thu Dec 2 00:31:33 2010 UTC (12 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Update bind97 package to bind-9.7.2pl3 (9.7.2-P3).

http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

CVE: CVE-2010-3613
CERT: VU#706148
BIND: cache incorrectly allows a ncache entry and a rrsig for the same type

CVE: CVE-2010-3614
CERT: VU#837744
BIND: Key algorithm rollover bug in bind9

CVE: CVE-2010-3615
CERT: VU#510208
BIND: allow-query processed incorrectly

Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 15:08:47 2010 UTC (12 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base
Branch point for: pkgsrc-2010Q3
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

Update bind97 package to 9.7.2pl2. (leaf package)


New Features

     * Zones may be dynamically added and removed with the "rndc addzone"
       and "rndc delzone" commands. These dynamically added zones are
       written to a per-view configuration file. Do not rely on the
       configuration file name nor contents as this will change in a
       future release. This is an experimental feature at this time.
     * Added new "filter-aaaa-on-v4" access control list to select which
       IPv4 clients have AAAA record filtering applied.
     * A new command "rndc secroots" was added to dump a combined summary
       of the currently managed keys combined with statically configured
       trust anchors.
     * Added support to load new keys into managed zones without signing
       immediately with "rndc loadkeys". Added support to link keys with
       "dnssec-keygen -S" and "dnssec-settime -S".

Changes

     * Documentation improvements
     * ORCHID prefixes were removed from the automatic empty zone list.
     * Improved handling of GSSAPI security contexts. Specifically, better
       memory management of cached contexts, limited lifetime of a context
       to 1 hour, and added a "realm" command to nsupdate to allow
       selection of a non-default realm name.
     * The contributed tool "ztk" was updated to version 1.0.

Security Fixes

     * If BIND, acting as a DNSSEC validating server, has two or more
       trust anchors configured in named.conf for the same zone (such as
       example.com) and the response for a record in that zone from the
       authoritative server includes a bad signature, the validating
       server will crash while trying to validate that query.
     * A flaw where the wrong ACL was applied was fixed. This flaw allowed
       access to a cache via recursion even though the ACL disallowed it.

Bug Fixes

     * Removed a warning message when running BIND 9 under Windows for
       when a TCP connection was aborted. This is a common occurrence and
       the warning was extraneous.
     * Worked around a race condition in the cache database memory
       handling. Without this fix a DNS cache DB or ADB could incorrectly
       stay in an over memory state, effectively refusing further caching,
       which subsequently made a BIND 9 caching server unworkable.
     * Partially disabled change 2864 because it would cause infinite
       attempts of RRSIG queries.
     * BIND did not properly handle non-cacheable negative responses from
       insecure zones. This caused several non-protocol-compliant zones to
       become unresolvable. BIND is now more accepting of responses it
       receives from less strict servers.
     * A bug, introduced in BIND 9.7.2, caused named to fail to start if a
       master zone file was unreadable or missing. This has been corrected
       in 9.7.2-P1.
     * BIND previously accepted answers from authoritative servers that
       did not provide a "proper" response, such as not setting AA bit.
       BIND was changed to be more strict in what it accepted but this
       caused operational issues. This new strictness has been backed out
       in 9.7.2-P1.

Revision 1.3 / (download) - annotate - [select for diffs], Fri Jul 16 00:35:20 2010 UTC (12 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update bind97 package to 9.7.1pl2 (BIND 9.7.1-P2).

	--- 9.7.1-P2 released ---

2931.	[security]	Temporarily and partially disable change 2864
			because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]

	--- 9.7.1-P1 released ---

2926.	[rollback]	Temporarially rollback change 2748. [RT #21594]

2925.	[bug]		Named failed to accept uncachable negative responses
			from insecure zones. [RT# 21555]

Revision 1.2 / (download) - annotate - [select for diffs], Mon Jul 5 03:17:45 2010 UTC (12 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

Update bindi97 package to 9.7.1.

	--- 9.7.1 released ---

	--- 9.7.1rc1 released ---

2909.	[bug]		named-checkconf -p could die if "update-policy local;"
			was specified in named.conf. [RT #21416]

2908.	[bug]		It was possible for re-signing to stop after removing
			a DNSKEY. [RT #21384]

2907.	[bug]		The export version of libdns had undefined references.
			[RT #21444]

2906.	[bug]		Address RFC 5011 implementation issues. [RT #20903]

2905.	[port]		aix: set use_atomic=yes with native compiler.
			[RT #21402]

2904.   [bug]           When using DLV, sub-zones of the zones in the DLV,
			could be incorrectly marked as insecure instead of
			secure leading to negative proofs failing.  This was
			a unintended outcome from change 2890. [RT# 21392]

2903.	[bug]		managed-keys-directory missing from namedconf.c.
			[RT #21370]

	--- 9.7.1b1 released ---

2902.	[func]		Add regression test for change 2897. [RT #21040]

2901.	[port]		Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900.	[bug]		The placeholder negative caching element was not
			properly constructed triggering a INSIST in
			dns_ncache_towire(). [RT #21346]

2899.	[port]		win32: Support linking against OpenSSL 1.0.0.

2898.	[bug]		nslookup leaked memory when -domain=value was
			specified. [RT #21301]

2897.	[bug]		NSEC3 chains could be left behind when transitioning
			to insecure. [RT #21040]

2896.	[bug]		"rndc sign" failed to properly update the zone
			when adding a DNSKEY for publication only. [RT #21045]

2895.	[func]		genrandom: add support for the generation of multiple
			files.  [RT #20917]

2894.	[contrib]	DLZ LDAP support now use '$' not '%'. [RT #21294]

2893.	[bug]		Improve managed keys support.  New named.conf option
			managed-keys-directory. [RT #20924]

2892.	[bug]		Handle REVOKED keys better. [RT #20961]

2891.	[maint]		Update empty-zones list to match
			draft-ietf-dnsop-default-local-zones-13. [RT# 21099]

2890.	[bug]		Handle the introduction of new trusted-keys and
			DS, DLV RRsets better. [RT #21097]

2889.	[bug]		Elements of the grammar where not properly reported.
			[RT #21046]

2888.	[bug]		Only the first EDNS option was displayed. [RT #21273]

2887.	[bug]		Report the keytag times in UTC in the .key file,
			local time is presented as a comment within the
			comment.  [RT #21223]

2886.	[bug]		ctime() is not thread safe. [RT #21223]

2885.	[bug]		Improve -fno-strict-aliasing support probing in
			configure. [RT #21080]

2884.	[bug]		Insufficient valadation in dns_name_getlabelsequence().
			[RT #21283]

2883.	[bug]		'dig +short' failed to handle really large datasets.
			[RT #21113]

2882.	[bug]		Remove memory context from list of active contexts
			before clearing 'magic'. [RT #21274]

2881.	[bug]		Reduce the amount of time the rbtdb write lock
			is held when closing a version. [RT #21198]

2880.	[cleanup]	Make the output of dnssec-keygen and dnssec-revoke
			consistent. [RT #21078]

2879.	[contrib]	DLZ bdbhpt driver fails to close correct cursor.
			[RT #21106]

2878.	[func]		Incrementally write the master file after performing
			a AXFR.  [RT #21010]

2877.	[bug]		The validator failed to skip obviously mismatching
			RRSIGs. [RT #21138]

2876.	[bug]		Named could return SERVFAIL for negative responses
			from unsigned zones. [RT #21131]

2875.	[bug]		dns_time64_fromtext() could accept non digits.
			[RT #21033]

2874.	[bug]		Cache lack of EDNS support only after the server
			successfully responds to the query using plain DNS.
			[RT #20930]

2873.	[bug]		Canceling a dynamic update via the dns/client module
			could trigger an assertion failure. [RT #21133]

2872.	[bug]		Modify dns/client.c:dns_client_createx() to only
			require one of IPv4 or IPv6 rather than both.
			[RT #21122]

2871.	[bug]		Type mismatch in mem_api.c between the definition and
			the header file, causing build failure with
			--enable-exportlib. [RT #21138]

2870.	[maint]		Add AAAA address for L.ROOT-SERVERS.NET.

2869.	[bug]		Fix arguments to dns_keytable_findnextkeynode() call.
			[RT #20877]

2868.	[cleanup]	Run "make clean" at the end of configure to ensure
			any changes made by configure are integrated.
			Use --with-make-clean=no to disable.  [RT #20994]

2867.	[bug]		Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
			don't like it.  [RT #20986]

2866.	[bug]		Windows does not like the TSIG name being compressed.
			[RT #20986]

2865.	[bug]		memset to zero event.data.  [RT #20986]

2864.	[bug]		Direct SIG/RRSIG queries were not handled correctly.
			[RT #21050]

2863.	[port]		linux: disable IPv6 PMTUD and use network minimum MTU.
			[RT #21056]

2862.	[bug]		nsupdate didn't default to the parent zone when
			updating DS records. [RT #20896]

2861.	[doc]		dnssec-settime man pages didn't correctly document the
			inactivation time. [RT #21039]

2860.	[bug]		named-checkconf's usage was out of date. [RT #21039]

2859.	[bug]		When cancelling validation it was possible to leak
			memory. [RT #20800]

2858.	[bug]		RTT estimates were not being adjusted on ICMP errors.
			[RT #20772]

2857.	[bug]		named-checkconf did not fail on a bad trusted key.
			[RT #20705]

2856.	[bug]		The size of a memory allocation was not always properly
			recorded. [RT #20927]

2853.	[bug]		add_sigs() could run out of scratch space. [RT #21015]

2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]

2851.	[doc]		nslookup.1, removed <informalexample> from the docbook
			source as it produced bad nroff.  [RT #21007]

2850.	[bug]		If isc_heap_insert() failed due to memory shortage
			the heap would have corrupted entries. [RT #20951]

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed May 26 16:11:47 2010 UTC (12 years, 8 months ago) by taca
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Importing net/bind97 package 9.7.0pl2 package.
(This is simply based on net/bind96).


BIND 9.7.0pl2 (9.7.0-P2)

New Features in BIND 9.7 - 'DNSSEC for Humans'

BIND 9.7 introduces several improvements, especially for simplifying
DNSSEC configuration and DNSSEC maintenance. This article lists some
of the new features and significant changes in BIND 9.7.


For more information please refer these webpage.

http://www.isc.org/software/bind/new-features/9.7
http://www.isc.org/files/release-notes/9.7.0-P2%20rel%20notes.txt


Revision 1.1 / (download) - annotate - [select for diffs], Wed May 26 16:11:47 2010 UTC (12 years, 8 months ago) by taca
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>