![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / bind99
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.79, Sun Sep 23 14:31:10 2018 UTC (5 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.78: +1 -1
lines
FILE REMOVED
net/bind99: remove bind99 Remove bind99 from pkgsrc since BIND 9.9 became EOL on 30 June 2018.
Revision 1.78 / (download) - annotate - [select for diffs], Thu Sep 13 02:57:43 2018 UTC (5 years, 7 months ago) by jklos
Branch: MAIN
Changes since 1.77: +4 -2
lines
Diff to previous 1.77 (colored) to selected 1.72 (colored)
Disable atomic operations on VAX and m68k in addition to mipsel so BIND compiles on these architectures.
Revision 1.77 / (download) - annotate - [select for diffs], Wed Aug 22 09:45:51 2018 UTC (5 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored) to selected 1.72 (colored)
Recursive bump for perl5-5.28.0
Revision 1.73.4.2 / (download) - annotate - [select for diffs], Sat Aug 18 13:18:08 2018 UTC (5 years, 8 months ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.73.4.1: +3 -2
lines
Diff to previous 1.73.4.1 (colored) to branchpoint 1.73 (colored) next main 1.74 (colored) to selected 1.72 (colored)
Pullup ticket #5810 - requested by maya
net/bind99: security fix, NetBSD build fix
net/bind910: security fix, NetBSD build fix
Revisions pulled up:
- net/bind910/Makefile 1.42-1.43
- net/bind910/distinfo 1.35-1.36
- net/bind910/patches/patch-lib_isc_unix_socket.c 1.1
- net/bind99/Makefile 1.75-1.76
- net/bind99/distinfo 1.53-1.54
- net/bind99/patches/patch-lib_isc_unix_socket.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 9 14:51:25 UTC 2018
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
net/bind99: update to 9.9.13pl1
Update bind99 to 9.9.13pl1 (9.9.13-P1).
--- 9.9.13-P1 released ---
4997. [security] named could crash during recursive processing
of DNAME records when "deny-answer-aliases" was
in use. (CVE-2018-5740) [GL #387]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 9 14:49:09 UTC 2018
Modified Files:
pkgsrc/net/bind910: Makefile distinfo
Log Message:
net/bind910: update to 9.10.8pl1
Update bind910 to 9.10.8pl1 (9.10.8-P1).
--- 9.10.8-P1 released ---
4997. [security] named could crash during recursive processing
of DNAME records when "deny-answer-aliases" was
in use. (CVE-2018-5740) [GL #387]
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 13 13:36:25 UTC 2018
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Added Files:
pkgsrc/net/bind99/patches: patch-lib_isc_unix_socket.c
Log Message:
bind99: Make ENOBUFS a soft error. Needed for netbsd>=8.
See https://gitlab.isc.org/isc-projects/bind9/issues/462
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 13 13:37:14 UTC 2018
Modified Files:
pkgsrc/net/bind910: Makefile
Added Files:
pkgsrc/net/bind910/patches: patch-lib_isc_unix_socket.c
Log Message:
bind910: Make ENOBUFS a soft error. Needed for netbsd>=8.
See https://gitlab.isc.org/isc-projects/bind9/issues/462
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 13 13:41:49 UTC 2018
Modified Files:
pkgsrc/net/bind910: distinfo
Log Message:
bind910: also add patch to distinfo.
Revision 1.76 / (download) - annotate - [select for diffs], Mon Aug 13 13:36:25 2018 UTC (5 years, 8 months ago) by maya
Branch: MAIN
Changes since 1.75: +2 -1
lines
Diff to previous 1.75 (colored) to selected 1.72 (colored)
bind99: Make ENOBUFS a soft error. Needed for netbsd>=8. See https://gitlab.isc.org/isc-projects/bind9/issues/462 bump PKGREVISION
Revision 1.75 / (download) - annotate - [select for diffs], Thu Aug 9 14:51:24 2018 UTC (5 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.74: +2 -2
lines
Diff to previous 1.74 (colored) to selected 1.72 (colored)
net/bind99: update to 9.9.13pl1 Update bind99 to 9.9.13pl1 (9.9.13-P1). --- 9.9.13-P1 released --- 4997. [security] named could crash during recursive processing of DNAME records when "deny-answer-aliases" was in use. (CVE-2018-5740) [GL #387]
Revision 1.73.4.1 / (download) - annotate - [select for diffs], Sat Jul 14 20:26:46 2018 UTC (5 years, 9 months ago) by spz
Branch: pkgsrc-2018Q2
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored) to selected 1.72 (colored)
Pullup ticket #5789 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.74
- net/bind99/distinfo 1.52
- net/bind99/patches/patch-bin_tests_system_metadata_tests.sh 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 14 03:56:28 UTC 2018
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_metadata_tests.sh
Log Message:
net/bind99: update to 9.9.13
This release contains security fix for CVE-2018-5738 and several bug fixes.
For more detail, please refer CHANGES file.
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.51 -r1.52 pkgsrc/net/bind99/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/bind99/patches/patch-bin_tests_system_metadata_tests.sh
Revision 1.74 / (download) - annotate - [select for diffs], Sat Jul 14 03:56:27 2018 UTC (5 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored) to selected 1.72 (colored)
net/bind99: update to 9.9.13 This release contains security fix for CVE-2018-5738 and several bug fixes. For more detail, please refer CHANGES file.
Revision 1.73 / (download) - annotate - [select for diffs], Sat Mar 24 15:03:54 2018 UTC (6 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Branch point for: pkgsrc-2018Q2
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored)
net/bind99: update to 9.9.12 New maintenance releases in the 9.9, 9.10, 9.11, and 9.12 branches of BIND are now available. Release notes can be found with the releases or in the ISC Knowledge Base: 9.9.12: https://kb.isc.org/article/AA-01596/0/9.9.12-Notes.html 9.10.7: https://kb.isc.org/article/AA-01595/0/9.10.7-Notes.html 9.11.3: https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html 9.12.1: https://kb.isc.org/article/AA-01598/0/9.12.1-Notes.html Users who are migrating an existing BIND configuration to these new versions should take special note of two changes in the behavior of the "update-policy" statement which slightly change the behavior of two update-policy options. The first such change is discussed in greater length in the BIND Operational Notification issued today: https://kb.isc.org/article/AA-01599/update-policy-local-was-named-misleadingly The second change to update-policy behavior concerns this change: "update-policy rules that otherwise ignore the name field now require that it be set to "." to ensure that any type list present is properly interpreted. Previously, if the name field was omitted from the rule declaration but a type list was present, it wouldn't be interpreted as expected." which is a correction to an ambiguous case that was previously allowed, but which was capable of causing unexpected results when accidentally applied. The new requirement eliminates is intended to eliminate the confusion, which previously caused some operators to misapply security policies. However, due to the new requirement, named configuration files that relied on the previous behavior will no longer be accepted. These changes should not affect most operators, even those using "update-policy" to define Dynamic DNS permissions, but we would like to draw your attention to them so that operators are informed about the new behaviors.
Revision 1.71.6.1 / (download) - annotate - [select for diffs], Fri Jan 19 21:47:36 2018 UTC (6 years, 3 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.71: +3 -2
lines
Diff to previous 1.71 (colored) next main 1.72 (colored)
Pullup ticket #5685 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.72
- net/bind99/distinfo 1.50
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 17 00:33:15 UTC 2018
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
net/bind99: update to 9.9.11pl1 (BIND 9.9.11-P1)
Release Notes for BIND Version 9.9.11-P1
Introduction
This document summarizes changes since BIND 9.9.11.
BIND 9.9.11-P1 addresses the security issue described in CVE-2017-3145.
Download
The latest versions of BIND 9 software can always be found at
http://www.isc.org/downloads/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
New DNSSEC Root Key
ICANN is in the process of introducing a new Key Signing Key (KSK) for
the global root zone. BIND has multiple methods for managing DNSSEC
trust anchors, with somewhat different behaviors. If the root key is
configured using the managed-keys statement, or if the pre-configured
root key is enabled by using dnssec-validation auto, then BIND can keep
keys up to date automatically. Servers configured in this way should
have begun the process of rolling to the new key when it was published
in the root zone in July 2017. However, keys configured using the
trusted-keys statement are not automatically maintained. If your server
is performing DNSSEC validation and is configured using trusted-keys,
you are advised to change your configuration before the root zone
begins signing with the new KSK. This is currently scheduled for
October 11, 2017.
This release includes an updated version of the bind.keys file
containing the new root key. This file can also be downloaded from
https://www.isc.org/bind-keys .
Windows XP No Longer Supported
As of BIND 9.9.11, Windows XP is no longer a supported platform for
BIND, and Windows XP binaries are no longer available for download from
ISC.
Security Fixes
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. (The delay will be addressed in an
upcoming maintenance release.) This bug is disclosed in
CVE-2017-3145. [RT #46839]
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143. [RT #45383]
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141. [RT #45229]
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140. [RT #45181]
Feature Changes
* Threads in named are now set to human-readable names to assist
debugging on operating systems that support that. Threads will have
names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so
on. This will affect the reporting of subsidiary thread names in ps
and top, but not the main thread. [RT #43234]
* DiG now warns about .local queries which are reserved for Multicast
DNS. [RT #44783]
Bug Fixes
* Fixed a bug that was introduced in an earlier development release
which caused multi-packet AXFR and IXFR messages to fail validation
if not all packets contained TSIG records; this caused
interoperability problems with some other DNS implementations. [RT
#45509]
* Semicolons are no longer escaped when printing CAA and URI records.
This may break applications that depend on the presence of the
backslash before the semicolon. [RT #45216]
* AD could be set on truncated answer with no records present in the
answer and authority sections. [RT #45140]
End of Life
BIND 9.9 (Extended Support Version) will be supported until at least
June, 2018. https://www.isc.org/downloads/software-support-policy/
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/bind99/distinfo
Revision 1.72 / (download) - annotate - [selected], Wed Jan 17 00:33:15 2018 UTC (6 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.71: +3 -2
lines
Diff to previous 1.71 (colored)
net/bind99: update to 9.9.11pl1 (BIND 9.9.11-P1)
Release Notes for BIND Version 9.9.11-P1
Introduction
This document summarizes changes since BIND 9.9.11.
BIND 9.9.11-P1 addresses the security issue described in CVE-2017-3145.
Download
The latest versions of BIND 9 software can always be found at
http://www.isc.org/downloads/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
New DNSSEC Root Key
ICANN is in the process of introducing a new Key Signing Key (KSK) for
the global root zone. BIND has multiple methods for managing DNSSEC
trust anchors, with somewhat different behaviors. If the root key is
configured using the managed-keys statement, or if the pre-configured
root key is enabled by using dnssec-validation auto, then BIND can keep
keys up to date automatically. Servers configured in this way should
have begun the process of rolling to the new key when it was published
in the root zone in July 2017. However, keys configured using the
trusted-keys statement are not automatically maintained. If your server
is performing DNSSEC validation and is configured using trusted-keys,
you are advised to change your configuration before the root zone
begins signing with the new KSK. This is currently scheduled for
October 11, 2017.
This release includes an updated version of the bind.keys file
containing the new root key. This file can also be downloaded from
https://www.isc.org/bind-keys .
Windows XP No Longer Supported
As of BIND 9.9.11, Windows XP is no longer a supported platform for
BIND, and Windows XP binaries are no longer available for download from
ISC.
Security Fixes
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. (The delay will be addressed in an
upcoming maintenance release.) This bug is disclosed in
CVE-2017-3145. [RT #46839]
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143. [RT #45383]
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141. [RT #45229]
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140. [RT #45181]
Feature Changes
* Threads in named are now set to human-readable names to assist
debugging on operating systems that support that. Threads will have
names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so
on. This will affect the reporting of subsidiary thread names in ps
and top, but not the main thread. [RT #43234]
* DiG now warns about .local queries which are reserved for Multicast
DNS. [RT #44783]
Bug Fixes
* Fixed a bug that was introduced in an earlier development release
which caused multi-packet AXFR and IXFR messages to fail validation
if not all packets contained TSIG records; this caused
interoperability problems with some other DNS implementations. [RT
#45509]
* Semicolons are no longer escaped when printing CAA and URI records.
This may break applications that depend on the presence of the
backslash before the semicolon. [RT #45216]
* AD could be set on truncated answer with no records present in the
answer and authority sections. [RT #45140]
End of Life
BIND 9.9 (Extended Support Version) will be supported until at least
June, 2018. https://www.isc.org/downloads/software-support-policy/
Revision 1.71 / (download) - annotate - [select for diffs], Mon Jul 31 13:42:06 2017 UTC (6 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Branch point for: pkgsrc-2017Q4
Changes since 1.70: +3 -3
lines
Diff to previous 1.70 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.11.
Here is release note except security (already fixed by bind-9.9.10pl3, BIND
9.9.10-P3).
Release Notes for BIND Version 9.9.11
Introduction
This document summarizes significant changes since the last production
release of BIND on the corresponding major release branch. Please see
the CHANGES file for a further list of bug fixes and other changes.
Download
The latest versions of BIND 9 software can always be found at
http://www.isc.org/downloads/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
New DNSSEC Root Key
ICANN is in the process of introducing a new Key Signing Key (KSK) for
the global root zone. BIND has multiple methods for managing DNSSEC
trust anchors, with somewhat different behaviors. If the root key is
configured using the managed-keys statement, or if the pre-configured
root key is enabled by using dnssec-validation auto, then BIND can keep
keys up to date automatically. Servers configured in this way should
have begun the process of rolling to the new key when it was published
in the root zone in July 2017. However, keys configured using the
trusted-keys statement are not automatically maintained. If your server
is performing DNSSEC validation and is configured using trusted-keys,
you are advised to change your configuration before the root zone
begins signing with the new KSK. This is currently scheduled for
October 11, 2017.
This release includes an updated version of the bind.keys file
containing the new root key. This file can also be downloaded from
https://www.isc.org/bind-keys .
Windows XP No Longer Supported
As of BIND 9.9.11, Windows XP is no longer a supported platform for
BIND, and Windows XP binaries are no longer available for download from
ISC.
Feature Changes
* Threads in named are now set to human-readable names to assist
debugging on operating systems that support that. Threads will have
names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so
on. This will affect the reporting of subsidiary thread names in ps
and top, but not the main thread. [RT #43234]
* DiG now warns about .local queries which are reserved for Multicast
DNS. [RT #44783]
Bug Fixes
* Fixed a bug that was introduced in an earlier development release
which caused multi-packet AXFR and IXFR messages to fail validation
if not all packets contained TSIG records; this caused
interoperability problems with some other DNS implementations. [RT
#45509]
* Semicolons are no longer escaped when printing CAA and URI records.
This may break applications that depend on the presence of the
backslash before the semicolon. [RT #45216]
* AD could be set on truncated answer with no records present in the
answer and authority sections. [RT #45140]
End of Life
BIND 9.9 (Extended Support Version) will be supported until at least
June, 2018. https://www.isc.org/downloads/software-support-policy/
Revision 1.69.2.1 / (download) - annotate - [select for diffs], Sun Jul 16 08:09:56 2017 UTC (6 years, 9 months ago) by bsiegert
Branch: pkgsrc-2017Q2
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored) next main 1.70 (colored) to selected 1.72 (colored)
Pullup ticket #5512 - requested by taca net/bind99: security fix Revisions pulled up: - net/bind99/Makefile 1.70 - net/bind99/distinfo 1.48 --- Module Name: pkgsrc Committed By: taca Date: Sat Jul 8 04:30:33 UTC 2017 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.10pl3 (BIND 9.9.10-P3). --- 9.9.10-P3 released --- 4647. [bug] Change 4643 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. These may be used in AXFR and IXFR responses. [RT #45509]
Revision 1.70 / (download) - annotate - [select for diffs], Sat Jul 8 04:30:33 2017 UTC (6 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.10pl3 (BIND 9.9.10-P3). --- 9.9.10-P3 released --- 4647. [bug] Change 4643 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. These may be used in AXFR and IXFR responses. [RT #45509]
Revision 1.69 / (download) - annotate - [select for diffs], Sat Jul 1 17:43:18 2017 UTC (6 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base
Branch point for: pkgsrc-2017Q2
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.10pl2 (BIND 9.9.10-P2). --- 9.9.10-P2 released --- 4643. [security] An error in TSIG handling could permit unauthorized zone transfers or zone updates. (CVE-2017-3142) (CVE-2017-3143) [RT #45383] 4633. [maint] Updated AAAA (2001:500:200::b) for B.ROOT-SERVERS.NET.
Revision 1.68 / (download) - annotate - [select for diffs], Thu Jun 15 01:59:25 2017 UTC (6 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.67: +2 -2
lines
Diff to previous 1.67 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.10pl1 (BIND 9.9.10-P1). --- 9.9.10-P1 released --- 4632. [security] The BIND installer on Windows used an unquoted service path, which can enable privilege escalation. (CVE-2017-3141) [RT #45229] 4631. [security] Some RPZ configurations could go into an infinite query loop when encountering responses with TTL=0. (CVE-2017-3140) [RT #45181]
Revision 1.67 / (download) - annotate - [select for diffs], Sat Apr 22 16:07:43 2017 UTC (6 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.10 (BIND 9.9.10). This is maintenance release and please refer release announce in detail: https://kb.isc.org/article/AA-01489.
Revision 1.65.2.1 / (download) - annotate - [select for diffs], Thu Apr 13 11:54:13 2017 UTC (7 years ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.65: +2 -3
lines
Diff to previous 1.65 (colored) next main 1.66 (colored) to selected 1.72 (colored)
Pullup ticket #5273 - requested by taca
net/bind99: security fix
Revisions pulled up:
- net/bind99/Makefile 1.66
- net/bind99/distinfo 1.44
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 13 01:53:35 UTC 2017
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8).
Quote from release announce:
BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
for the root zone.
Quote from CHANGELOG:
--- 9.9.9-P8 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.9.9-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
Revision 1.66 / (download) - annotate - [select for diffs], Thu Apr 13 01:53:35 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.65: +2 -3
lines
Diff to previous 1.65 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8). Quote from release announce: BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys for the root zone. Quote from CHANGELOG: --- 9.9.9-P8 released --- 4582. [security] 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138) [RT #44924] 4580. [bug] 4578 introduced a regression when handling CNAME to referral below the current domain. [RT #44850] --- 9.9.9-P7 released --- 4578. [security] Some chaining (CNAME or DNAME) responses to upstream queries could trigger assertion failures. (CVE-2017-3137) [RT #44734] 4575. [security] DNS64 with "break-dnssec yes;" can result in an assertion failure. (CVE-2017-3136) [RT #44653] 4564. [maint] Update the built in managed keys to include the upcoming root KSK. [RT #44579]
Revision 1.65 / (download) - annotate - [select for diffs], Fri Feb 24 15:46:14 2017 UTC (7 years, 1 month ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.64: +10 -5
lines
Diff to previous 1.64 (colored) to selected 1.72 (colored)
Fix bind.keys PLIST handling, thanks joerg@ for the notice.
Revision 1.64 / (download) - annotate - [select for diffs], Mon Feb 20 15:19:54 2017 UTC (7 years, 1 month ago) by fhajny
Branch: MAIN
Changes since 1.63: +3 -2
lines
Diff to previous 1.63 (colored) to selected 1.72 (colored)
Change bind99 and bind910 package to use the standard PKG_SYSCONFDIR for config files instead of the hardcoded /etc path. Sync SMF support across the two packages. Bump PKGREVISION.
Revision 1.61.2.2 / (download) - annotate - [select for diffs], Sun Feb 12 21:59:29 2017 UTC (7 years, 2 months ago) by spz
Branch: pkgsrc-2016Q4
Changes since 1.61.2.1: +1 -1
lines
Diff to previous 1.61.2.1 (colored) to branchpoint 1.61 (colored) next main 1.62 (colored) to selected 1.72 (colored)
Pullup ticket #5211 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.63
- net/bind99/distinfo 1.43
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 9 00:50:15 UTC 2017
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).
Security Fixes
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non- absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
Feature Changes
* None.
Porting Changes
* None.
Bug Fixes
* A synthesized CNAME record appearing in a response before the
associated DNAME could be cached, when it should not have been.
This was a regression introduced while addressing CVE-2016-8864.
[RT #44318]
* Windows installs were failing due to triggering UAC without the
installation binary being signed.
* A race condition in rbt/rbtdb was leading to INSISTs being
triggered.
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/bind99/distinfo
Revision 1.63 / (download) - annotate - [select for diffs], Thu Feb 9 00:50:15 2017 UTC (7 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.62: +2 -2
lines
Diff to previous 1.62 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).
Security Fixes
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non- absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
Feature Changes
* None.
Porting Changes
* None.
Bug Fixes
* A synthesized CNAME record appearing in a response before the
associated DNAME could be cached, when it should not have been.
This was a regression introduced while addressing CVE-2016-8864.
[RT #44318]
* Windows installs were failing due to triggering UAC without the
installation binary being signed.
* A race condition in rbt/rbtdb was leading to INSISTs being
triggered.
Revision 1.61.2.1 / (download) - annotate - [select for diffs], Fri Jan 13 20:21:02 2017 UTC (7 years, 3 months ago) by bsiegert
Branch: pkgsrc-2016Q4
Changes since 1.61: +2 -2
lines
Diff to previous 1.61 (colored) to selected 1.72 (colored)
Pullup ticket #5190 - requested by taca net/bind99: security fix Revisions pulled up: - net/bind99/Makefile 1.62 - net/bind99/distinfo 1.42 --- Module Name: pkgsrc Committed By: taca Date: Thu Jan 12 00:05:46 UTC 2017 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.9pl5 (BIND 9.9.9-P5), including security fixes. --- 9.9.9-P5 released --- 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME in responses resulting in SERVFAIL being returned. [RT #43779] 4528. [bug] Only set the flag bits for the i/o we are waiting for on EPOLLERR or EPOLLHUP. [RT #43617] 4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534] 4517. [security] Named could mishandle authority sections that were missing RRSIGs triggering an assertion failure. (CVE-2016-9444) [RT # 43632] 4510. [security] Named mishandled some responses where covering RRSIG records are returned without the requested data resulting in a assertion failure. (CVE-2016-9147) [RT #43548] 4508. [security] Named incorrectly tried to cache TKEY records which could trigger a assertion failure when there was a class mismatch. (CVE-2016-9131) [RT #43522]
Revision 1.62 / (download) - annotate - [select for diffs], Thu Jan 12 00:05:46 2017 UTC (7 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.61: +2 -2
lines
Diff to previous 1.61 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9pl5 (BIND 9.9.9-P5), including security fixes. --- 9.9.9-P5 released --- 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME in responses resulting in SERVFAIL being returned. [RT #43779] 4528. [bug] Only set the flag bits for the i/o we are waiting for on EPOLLERR or EPOLLHUP. [RT #43617] 4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534] 4517. [security] Named could mishandle authority sections that were missing RRSIGs triggering an assertion failure. (CVE-2016-9444) [RT # 43632] 4510. [security] Named mishandled some responses where covering RRSIG records are returned without the requested data resulting in a assertion failure. (CVE-2016-9147) [RT #43548] 4508. [security] Named incorrectly tried to cache TKEY records which could trigger a assertion failure when there was a class mismatch. (CVE-2016-9131) [RT #43522]
Revision 1.61 / (download) - annotate - [select for diffs], Sun Nov 6 11:07:00 2016 UTC (7 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base
Branch point for: pkgsrc-2016Q4
Changes since 1.60: +2 -3
lines
Diff to previous 1.60 (colored) to selected 1.72 (colored)
belnet mirror of isc reports 404, remove it.
Revision 1.58.2.1 / (download) - annotate - [select for diffs], Thu Nov 3 20:01:39 2016 UTC (7 years, 5 months ago) by bsiegert
Branch: pkgsrc-2016Q3
Changes since 1.58: +2 -2
lines
Diff to previous 1.58 (colored) next main 1.59 (colored) to selected 1.72 (colored)
Pullup ticket #5150 - requested by taca net/bind99: security fix Revisions pulled up: - net/bind99/Makefile 1.59-1.60 - net/bind99/distinfo 1.41 --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 2 00:06:09 UTC 2016 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.9pl4 (BIND 9.9.9-P4). --- 9.9.9-P4 released --- 4489. [security] It was possible to trigger assertions when processing a response. (CVE-2016-8864) [RT #43465]
Revision 1.60 / (download) - annotate - [select for diffs], Wed Nov 2 00:06:08 2016 UTC (7 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.59: +2 -3
lines
Diff to previous 1.59 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9pl4 (BIND 9.9.9-P4). --- 9.9.9-P4 released --- 4489. [security] It was possible to trigger assertions when processing a response. (CVE-2016-8864) [RT #43465]
Revision 1.59 / (download) - annotate - [select for diffs], Sun Oct 9 21:42:01 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.58: +2 -1
lines
Diff to previous 1.58 (colored) to selected 1.72 (colored)
Recursive bump for all users of pgsql now that the default is 95.
Revision 1.58 / (download) - annotate - [select for diffs], Tue Sep 27 17:13:42 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base
Branch point for: pkgsrc-2016Q3
Changes since 1.57: +2 -2
lines
Diff to previous 1.57 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9pl3 (BIND 9.9.9-P3), fixing CVE-2016-2776. --- 9.9.9-P3 released --- 4467. [security] It was possible to trigger a assertion when rendering a message. (CVE-2016-2776) [RT #43139]
Revision 1.55.2.1 / (download) - annotate - [select for diffs], Wed Jul 20 02:55:27 2016 UTC (7 years, 9 months ago) by spz
Branch: pkgsrc-2016Q2
Changes since 1.55: +2 -2
lines
Diff to previous 1.55 (colored) next main 1.56 (colored) to selected 1.72 (colored)
Pullup ticket #5065 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.57 - net/bind99/distinfo 1.39 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Tue Jul 19 01:05:20 UTC 2016 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.9pl2 (BIND 9.9.9-P2). --- 9.9.9-P2 released --- 4406. [bug] getrrsetbyname with a non absolute name could trigger an infinite recursion bug in lwresd and named with lwres configured if when combined with a search list entry the resulting name is too long. (CVE-2016-2775) [RT #42694] 4405. [bug] Change 4342 introduced a regression where you could not remove a delegation in a NSEC3 signed zone using OPTOUT via nsupdate. [RT #42702] 4387. [bug] Change 4336 was not complete leading to SERVFAIL being return as NS records expired. [RT #42683] --- 9.9.9-P1 released --- 4366. [bug] Address race condition when updating rbtnode bit fields. [RT #42379] 4363. [port] win32: Disable explicit triggering UAC when running BINDInstall. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 pkgsrc/net/bind99/Makefile cvs rdiff -u -r1.38 -r1.39 pkgsrc/net/bind99/distinfo
Revision 1.57 / (download) - annotate - [select for diffs], Tue Jul 19 01:05:20 2016 UTC (7 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.56: +2 -3
lines
Diff to previous 1.56 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9pl2 (BIND 9.9.9-P2). --- 9.9.9-P2 released --- 4406. [bug] getrrsetbyname with a non absolute name could trigger an infinite recursion bug in lwresd and named with lwres configured if when combined with a search list entry the resulting name is too long. (CVE-2016-2775) [RT #42694] 4405. [bug] Change 4342 introduced a regression where you could not remove a delegation in a NSEC3 signed zone using OPTOUT via nsupdate. [RT #42702] 4387. [bug] Change 4336 was not complete leading to SERVFAIL being return as NS records expired. [RT #42683] --- 9.9.9-P1 released --- 4366. [bug] Address race condition when updating rbtnode bit fields. [RT #42379] 4363. [port] win32: Disable explicit triggering UAC when running BINDInstall.
Revision 1.56 / (download) - annotate - [select for diffs], Sat Jul 9 06:38:40 2016 UTC (7 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.55: +2 -1
lines
Diff to previous 1.55 (colored) to selected 1.72 (colored)
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Revision 1.55 / (download) - annotate - [select for diffs], Mon May 2 13:22:06 2016 UTC (7 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base
Branch point for: pkgsrc-2016Q2
Changes since 1.54: +2 -2
lines
Diff to previous 1.54 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.9 (BIND 9.9.9).
All Security Fixes should be fixed by 9.9.8-P4.
Security Fixes
* The resolver could abort with an assertion failure due to improper
DNAME handling when parsing fetch reply messages. This flaw is
disclosed in CVE-2016-1286. [RT #41753]
* Malformed control messages can trigger assertions in named and
rndc. This flaw is disclosed in CVE-2016-1285. [RT #41666]
* Specific APL data could trigger an INSIST. This flaw is disclosed
in CVE-2015-8704. [RT #41396]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
New Features
* The following resource record types have been implemented: AVC,
CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK.
* Added a warning for a common misconfiguration involving forwarded
RFC 1918 and IPv6 ULA (Universal Local Address) zones.
* Contributed software from Nominum is included in the source at
contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring the
performance of authoritative DNS servers, resperf for testing the
resolution performance of a caching DNS server, resperf-report for
generating a resperf report in HTML with gnuplot graphs, and
queryparse to extract DNS queries from pcap capture files. This
software is not installed by default with BIND.
* When loading a signed zone, named will now check whether an RRSIG's
inception time is in the future, and if so, it will regenerate the
RRSIG immediately. This helps when a system's clock needs to be
reset backwards.
Feature Changes
* Updated the compiled-in addresses for H.ROOT-SERVERS.NET and
L.ROOT-SERVERS.NET.
* The default preferred glue is now the address type of the transport
the query was received over.
* On machines with 2 or more processors (CPU), the default value for
the number of UDP listeners has been changed to the number of
detected processors minus one.
* Zone transfers now use smaller message sizes to improve message
compression. This results in reduced network usage.
* named -V output now also includes operating system details.
Porting Changes
* The Microsoft Windows install tool BINDInstall.exe which requires a
non-free version of Visual Studio to be built, now uses two files
(lists of flags and files) created by the Configure perl script
with all the needed information which were previously compiled in
the binary. Read win32utils/build.txt for more details. [RT #38915]
Bug Fixes
* rndc flushtree now works even if there wasn't a cached node at the
specified name. [RT #41846]
* Don't emit records with zero TTL unless the records were received
with a zero TTL. After being returned to waiting clients, the
answer will be discarded from the cache. [RT #41687]
* When deleting records from a zone database, interior nodes could be
left empty but not deleted, damaging search performance afterward.
[RT #40997] [RT #41941]
* The server could crash due to a use-after-free if a zone transfer
timed out. [RT #41297]
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
Revision 1.50.2.2 / (download) - annotate - [select for diffs], Fri Mar 11 09:51:11 2016 UTC (8 years, 1 month ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.50.2.1: +2 -2
lines
Diff to previous 1.50.2.1 (colored) to branchpoint 1.50 (colored) next main 1.51 (colored) to selected 1.72 (colored)
Pullup ticket #4950 - requested by taca net/bind99: security fix Revisions pulled up: - net/bind99/Makefile 1.54 - net/bind99/distinfo 1.37 --- Module Name: pkgsrc Committed By: taca Date: Thu Mar 10 00:50:35 UTC 2016 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 package to 9.9.8pl4 (BIND 9.9.8-P4). --- 9.9.8-P4 released --- 4319. [security] Fix resolver assertion failure due to improper DNAME handling when parsing fetch reply messages. (CVE-2016-1286) [RT #41753] 4318. [security] Malformed control messages can trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
Revision 1.54 / (download) - annotate - [select for diffs], Thu Mar 10 00:50:34 2016 UTC (8 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.53: +2 -3
lines
Diff to previous 1.53 (colored) to selected 1.72 (colored)
Update bind99 package to 9.9.8pl4 (BIND 9.9.8-P4). --- 9.9.8-P4 released --- 4319. [security] Fix resolver assertion failure due to improper DNAME handling when parsing fetch reply messages. (CVE-2016-1286) [RT #41753] 4318. [security] Malformed control messages can trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
Revision 1.53 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:02 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.52: +2 -1
lines
Diff to previous 1.52 (colored) to selected 1.72 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.52 / (download) - annotate - [select for diffs], Thu Feb 25 16:20:50 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.51: +2 -4
lines
Diff to previous 1.51 (colored) to selected 1.72 (colored)
Use OPSYSVARS.
Revision 1.50.2.1 / (download) - annotate - [select for diffs], Wed Jan 20 19:33:53 2016 UTC (8 years, 3 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.50: +2 -2
lines
Diff to previous 1.50 (colored) to selected 1.72 (colored)
Pullup ticket #4902 - requested by taca
net/bind99: security fix
Revisions pulled up:
- net/bind99/Makefile 1.51
- net/bind99/distinfo 1.36
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 20 02:17:12 UTC 2016
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.8pl3 (BIND 9.9.8-P3).
Security Fixes
* Specific APL data could trigger an INSIST. This flaw was discovered
by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]
* Named is potentially vulnerable to the OpenSSL vulnerabilty
described in CVE-2015-3193.
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
New Features
* None
Feature Changes
* Updated the compiled in addresses for H.ROOT-SERVERS.NET.
Bug Fixes
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
Revision 1.51 / (download) - annotate - [select for diffs], Wed Jan 20 02:17:12 2016 UTC (8 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.50: +2 -2
lines
Diff to previous 1.50 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.8pl3 (BIND 9.9.8-P3).
Security Fixes
* Specific APL data could trigger an INSIST. This flaw was discovered
by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]
* Named is potentially vulnerable to the OpenSSL vulnerabilty
described in CVE-2015-3193.
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
New Features
* None
Feature Changes
* Updated the compiled in addresses for H.ROOT-SERVERS.NET.
Bug Fixes
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
Revision 1.48.2.1 / (download) - annotate - [select for diffs], Thu Dec 17 20:31:35 2015 UTC (8 years, 4 months ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored) next main 1.49 (colored) to selected 1.72 (colored)
Pullup ticket #4871 - requested by taca
net/bind99: security fix
Revisions pulled up:
- net/bind99/Makefile 1.49-1.50
- net/bind99/distinfo 1.34-1.35
- net/bind99/patches/patch-bin_dig_dighost.c 1.5
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.6
- net/bind99/patches/patch-configure 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 13 17:37:00 UTC 2015
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
pkgsrc/net/bind99/patches: patch-bin_dig_dighost.c
patch-bin_tests_system_Makefile.in patch-configure
Log Message:
Update bind99 to 9.9.8.
Security Fixes
* An incorrect boundary check in the OPENPGPKEY rdatatype could
trigger an assertion failure. This flaw is disclosed in
CVE-2015-5986. [RT #40286]
* A buffer accounting error could trigger an assertion failure when
parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Böck of the Fuzzing Project, and
is disclosed in CVE-2015-5722. [RT #40212]
* A specially crafted query could trigger an assertion failure in
message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in
CVE-2015-5477. [RT #40046]
* On servers configured to perform DNSSEC validation, an assertion
failure could be triggered on answers from a specially configured
server.
This flaw was discovered by Breno Silveira Soares, and is disclosed
in CVE-2015-4620. [RT #39795]
New Features
* New quotas have been added to limit the queries that are sent by
recursive resolvers to authoritative servers experiencing
denial-of-service attacks. When configured, these options can both
reduce the harm done to authoritative servers and also avoid the
resource exhaustion that can be experienced by recursives when they
are being used as a vehicle for such an attack.
NOTE: These options are not available by default; use configure
--enable-fetchlimit to include them in the build.
+ fetches-per-server limits the number of simultaneous queries
that can be sent to any single authoritative server. The
configured value is a starting point; it is automatically
adjusted downward if the server is partially or completely
non-responsive. The algorithm used to adjust the quota can be
configured via the fetch-quota-params option.
+ fetches-per-zone limits the number of simultaneous queries
that can be sent for names within a single domain. (Note:
Unlike "fetches-per-server", this value is not self-tuning.)
Statistics counters have also been added to track the number of
queries affected by these quotas.
* An --enable-querytrace configure switch is now available to enable
very verbose query tracelogging. This option can only be set at
compile time. This option has a negative performance impact and
should be used only for debugging.
* EDNS COOKIE options content is now displayed as "COOKIE:
<hexvalue>".
Feature Changes
* Large inline-signing changes should be less disruptive. Signature
generation is now done incrementally; the number of signatures to
be generated in each quantum is controlled by
"sig-signing-signatures number;". [RT #37927]
* Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
* Active Directory names of the form gc._msdcs.<forest> are now
accepted as valid hostnames when using the check-names option.
<forest> is still restricted to letters, digits and hyphens.
* Names containing rich text are now accepted as valid hostnames in
PTR records in DNS-SD reverse lookup zones, as specified in RFC
6763. [RT #37889]
Bug Fixes
* Asynchronous zone loads were not handled correctly when the zone
load was already in progress; this could trigger a crash in zt.c.
[RT #37573]
* A race during shutdown or reconfiguration could cause an assertion
failure in mem.c. [RT #38979]
* Some answer formatting options didn't work correctly with dig
+short. [RT #39291]
* Malformed records of some types, including NSAP and UNSPEC, could
trigger assertion failures when loading text zone files. [RT
#40274] [RT #40285]
* Fixed a possible crash in ratelimiter.c caused by NOTIFY messages
being removed from the wrong rate limiter queue. [RT #40350]
* The default rrset-order of random was inconsistently applied. [RT
#40456]
* BADVERS responses from broken authoritative name servers were not
handled correctly. [RT #40427]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 16 00:32:06 UTC 2015
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 package to 9.9.8pl2 (BIND 9.9.8-P2), security release.
--- 9.9.8-P2 released ---
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
[RT #40556]
4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
4253. [security] Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]
--- 9.9.8-P1 (withdrawn) ---
Revision 1.50 / (download) - annotate - [select for diffs], Wed Dec 16 00:32:06 2015 UTC (8 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored) to selected 1.72 (colored)
Update bind99 package to 9.9.8pl2 (BIND 9.9.8-P2), security release. --- 9.9.8-P2 released --- 4270. [security] Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193. 4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556] 4260. [security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987] 4253. [security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945] --- 9.9.8-P1 (withdrawn) ---
Revision 1.49 / (download) - annotate - [select for diffs], Sun Dec 13 17:37:00 2015 UTC (8 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.8.
Security Fixes
* An incorrect boundary check in the OPENPGPKEY rdatatype could
trigger an assertion failure. This flaw is disclosed in
CVE-2015-5986. [RT #40286]
* A buffer accounting error could trigger an assertion failure when
parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Böck of the Fuzzing Project, and
is disclosed in CVE-2015-5722. [RT #40212]
* A specially crafted query could trigger an assertion failure in
message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in
CVE-2015-5477. [RT #40046]
* On servers configured to perform DNSSEC validation, an assertion
failure could be triggered on answers from a specially configured
server.
This flaw was discovered by Breno Silveira Soares, and is disclosed
in CVE-2015-4620. [RT #39795]
New Features
* New quotas have been added to limit the queries that are sent by
recursive resolvers to authoritative servers experiencing
denial-of-service attacks. When configured, these options can both
reduce the harm done to authoritative servers and also avoid the
resource exhaustion that can be experienced by recursives when they
are being used as a vehicle for such an attack.
NOTE: These options are not available by default; use configure
--enable-fetchlimit to include them in the build.
+ fetches-per-server limits the number of simultaneous queries
that can be sent to any single authoritative server. The
configured value is a starting point; it is automatically
adjusted downward if the server is partially or completely
non-responsive. The algorithm used to adjust the quota can be
configured via the fetch-quota-params option.
+ fetches-per-zone limits the number of simultaneous queries
that can be sent for names within a single domain. (Note:
Unlike "fetches-per-server", this value is not self-tuning.)
Statistics counters have also been added to track the number of
queries affected by these quotas.
* An --enable-querytrace configure switch is now available to enable
very verbose query tracelogging. This option can only be set at
compile time. This option has a negative performance impact and
should be used only for debugging.
* EDNS COOKIE options content is now displayed as "COOKIE:
<hexvalue>".
Feature Changes
* Large inline-signing changes should be less disruptive. Signature
generation is now done incrementally; the number of signatures to
be generated in each quantum is controlled by
"sig-signing-signatures number;". [RT #37927]
* Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
* Active Directory names of the form gc._msdcs.<forest> are now
accepted as valid hostnames when using the check-names option.
<forest> is still restricted to letters, digits and hyphens.
* Names containing rich text are now accepted as valid hostnames in
PTR records in DNS-SD reverse lookup zones, as specified in RFC
6763. [RT #37889]
Bug Fixes
* Asynchronous zone loads were not handled correctly when the zone
load was already in progress; this could trigger a crash in zt.c.
[RT #37573]
* A race during shutdown or reconfiguration could cause an assertion
failure in mem.c. [RT #38979]
* Some answer formatting options didn't work correctly with dig
+short. [RT #39291]
* Malformed records of some types, including NSAP and UNSPEC, could
trigger assertion failures when loading text zone files. [RT
#40274] [RT #40285]
* Fixed a possible crash in ratelimiter.c caused by NOTIFY messages
being removed from the wrong rate limiter queue. [RT #40350]
* The default rrset-order of random was inconsistently applied. [RT
#40456]
* BADVERS responses from broken authoritative name servers were not
handled correctly. [RT #40427]
Revision 1.44.2.3 / (download) - annotate - [select for diffs], Thu Sep 3 20:03:06 2015 UTC (8 years, 7 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.44.2.2: +1 -1
lines
Diff to previous 1.44.2.2 (colored) to branchpoint 1.44 (colored) next main 1.45 (colored) to selected 1.72 (colored)
Pullup ticket #4810 - requested by sevan & taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.47-1.48 - net/bind99/distinfo 1.31-1.32 - net/bind99/patches/patch-lib_dns_hmac_link.c deleted - net/bind99/patches/patch-lib_dns_include_dst_dst.h deleted - net/bind99/patches/patch-lib_dns_ncache.c deleted - net/bind99/patches/patch-lib_dns_openssldh_link.c deleted - net/bind99/patches/patch-lib_dns_openssldsa_link.c deleted - net/bind99/patches/patch-lib_dns_opensslecdsa_link.c deleted - net/bind99/patches/patch-lib_dns_opensslsslrsa_link.c deleted - net/bind99/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c deleted - net/bind99/patches/patch-lib_dns_resolver.c deleted --- Module Name: pkgsrc Committed By: sevan Date: Wed Sep 2 19:44:28 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Added Files: pkgsrc/net/bind99/patches: patch-lib_dns_hmac_link.c patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslsslrsa_link.c patch-lib_dns_rdata_generic_openpgpkey_61.c patch-lib_dns_resolver.c Log Message: Patch CVE-2015-5722 & CVE-2015-5986 Bump rev CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c https://kb.isc.org/article/AA-01287/0 CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c https://kb.isc.org/article/AA-01291/0 Reviewed by wiz@ --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 3 00:35:03 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Removed Files: pkgsrc/net/bind99/patches: patch-lib_dns_hmac_link.c patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslsslrsa_link.c patch-lib_dns_rdata_generic_openpgpkey_61.c patch-lib_dns_resolver.c Log Message: Update bind99 to 9.9.7pl3 (BIND 9.9.7-P3). (These security fixes are already done by bind-9.9.7pl2nb1.) --- 9.9.7-P3 released --- 4170. [security] An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. (CVE-2015-5986) [RT #40286] 4168. [security] A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. (CVE-2015-5722) [RT #40212]
Revision 1.48 / (download) - annotate - [select for diffs], Thu Sep 3 00:35:03 2015 UTC (8 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base
Branch point for: pkgsrc-2015Q3
Changes since 1.47: +2 -3
lines
Diff to previous 1.47 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.7pl3 (BIND 9.9.7-P3). (These security fixes are already done by bind-9.9.7pl2nb1.) --- 9.9.7-P3 released --- 4170. [security] An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. (CVE-2015-5986) [RT #40286] 4168. [security] A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. (CVE-2015-5722) [RT #40212]
Revision 1.47 / (download) - annotate - [select for diffs], Wed Sep 2 19:44:28 2015 UTC (8 years, 7 months ago) by sevan
Branch: MAIN
Changes since 1.46: +2 -1
lines
Diff to previous 1.46 (colored) to selected 1.72 (colored)
Patch CVE-2015-5722 & CVE-2015-5986 Bump rev CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c https://kb.isc.org/article/AA-01287/0 CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c https://kb.isc.org/article/AA-01291/0 Reviewed by wiz@
Revision 1.44.2.2 / (download) - annotate - [select for diffs], Sat Aug 1 08:50:30 2015 UTC (8 years, 8 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.44.2.1: +1 -1
lines
Diff to previous 1.44.2.1 (colored) to branchpoint 1.44 (colored) to selected 1.72 (colored)
Pullup ticket #4784 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.46 - net/bind99/distinfo 1.30 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 28 22:35:36 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.7pl2 (BIND 9.9.7-P2). --- 9.9.7-P2 released --- 4165. [security] A failure to reset a value to NULL in tkey.c could result in an assertion failure. (CVE-2015-5477) [RT #40046]
Revision 1.46 / (download) - annotate - [select for diffs], Tue Jul 28 22:35:36 2015 UTC (8 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.45: +2 -2
lines
Diff to previous 1.45 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.7pl2 (BIND 9.9.7-P2). --- 9.9.7-P2 released --- 4165. [security] A failure to reset a value to NULL in tkey.c could result in an assertion failure. (CVE-2015-5477) [RT #40046]
Revision 1.44.2.1 / (download) - annotate - [select for diffs], Sun Jul 12 09:09:24 2015 UTC (8 years, 9 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.44: +2 -3
lines
Diff to previous 1.44 (colored) to selected 1.72 (colored)
Pullup ticket #4768 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.45 - net/bind99/distinfo 1.29 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 7 22:25:35 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.7pl1 (BIND 9.9.7-P1). --- 9.9.7-P1 released --- 4138. [bug] An uninitialized value in validator.c could result in an assertion failure. (CVE-2015-4620) [RT #39795]
Revision 1.45 / (download) - annotate - [select for diffs], Tue Jul 7 22:25:35 2015 UTC (8 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.44: +2 -3
lines
Diff to previous 1.44 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.7pl1 (BIND 9.9.7-P1). --- 9.9.7-P1 released --- 4138. [bug] An uninitialized value in validator.c could result in an assertion failure. (CVE-2015-4620) [RT #39795]
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jun 12 10:50:40 2015 UTC (8 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.43: +2 -1
lines
Diff to previous 1.43 (colored) to selected 1.72 (colored)
Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0.
Revision 1.43 / (download) - annotate - [select for diffs], Thu Feb 26 10:14:10 2015 UTC (9 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.7.
Security Fixes
* On servers configured to perform DNSSEC validation using managed
trust anchors (i.e., keys configured explicitly via managed-keys,
or implicitly via dnssec-validation auto; or dnssec-lookaside
auto;), revoking a trust anchor and sending a new untrusted
replacement could cause named to crash with an assertion failure.
This could occur in the event of a botched key rollover, or
potentially as a result of a deliberate attack if the attacker was
in position to monitor the victim's DNS traffic.
This flaw was discovered by Jan-Piet Mens, and is disclosed in
CVE-2015-1349. [RT #38344]
* A flaw in delegation handling could be exploited to put named into
an infinite loop, in which each lookup of a name server triggered
additional lookups of more name servers. This has been addressed by
placing limits on the number of levels of recursion named will
allow (default 7), and on the number of queries that it will send
before terminating a recursive query (default 50).
The recursion depth limit is configured via the max-recursion-depth
option, and the query limit via the max-recursion-queries option.
The flaw was discovered by Florian Maury of ANSSI, and is disclosed
in CVE-2014-8500. [RT #37580]
New Features
* None
Feature Changes
* NXDOMAIN responses to queries of type DS are now cached separately
from those for other types. This helps when using "grafted" zones
of type forward, for which the parent zone does not contain a
delegation, such as local top-level domains. Previously a query of
type DS for such a zone could cause the zone apex to be cached as
NXDOMAIN, blocking all subsequent queries. (Note: This change is
only helpful when DNSSEC validation is not enabled. "Grafted" zones
without a delegation in the parent are not a recommended
configuration.)
* NOTIFY messages that are sent because a zone has been updated are
now given priority above NOTIFY messages that were scheduled when
the server started up. This should mitigate delays in zone
propagation when servers are restarted frequently.
* Errors reported when running rndc addzone (e.g., when a zone file
cannot be loaded) have been clarified to make it easier to diagnose
problems.
* Added support for OPENPGPKEY type.
* When encountering an authoritative name server whose name is an
alias pointing to another name, the resolver treats this as an
error and skips to the next server. Previously this happened
silently; now the error will be logged to the newly-created "cname"
log category.
* If named is not configured to validate the answer then allow
fallback to plain DNS on timeout even when we know the server
supports EDNS. This will allow the server to potentially resolve
signed queries when TCP is being blocked.
Bug Fixes
* dig, host and nslookup aborted when encountering a name which,
after appending search list elements, exceeded 255 bytes. Such
names are now skipped, but processing of other names will continue.
[RT #36892]
* The error message generated when named-checkzone or named-checkconf
-z encounters a $TTL directive without a value has been clarified.
[RT #37138]
* Semicolon characters (;) included in TXT records were incorrectly
escaped with a backslash when the record was displayed as text.
This is actually only necessary when there are no quotation marks.
[RT #37159]
* When files opened for writing by named, such as zone journal files,
were referenced more than once in named.conf, it could lead to file
corruption as multiple threads wrote to the same file. This is now
detected when loading named.conf and reported as an error. [RT
#37172]
* dnssec-keygen -S failed to generate successor keys for some
algorithm types (including ECDSA and GOST) due to a difference in
the content of private key files. This has been corrected. [RT
#37183]
* UPDATE messages that arrived too soon after an rndc thaw could be
lost. [RT #37233]
* Forwarding of UPDATE messages did not work when they were signed
with SIG(0); they resulted in a BADSIG response code. [RT #37216]
* When checking for updates to trust anchors listed in managed-keys,
named now revalidates keys based on the current set of active trust
anchors, without relying on any cached record of previous
validation. [RT #37506]
* When NXDOMAIN redirection is in use, queries for a name that is
present in the redirection zone but a type that is not present will
now return NOERROR instead of NXDOMAIN.
* When a zone contained a delegation to an IPv6 name server but not
an IPv4 name server, it was possible for a memory reference to be
left un-freed. This caused an assertion failure on server shutdown,
but was otherwise harmless. [RT #37796]
* Due to an inadvertent removal of code in the previous release, when
named encountered an authoritative name server which dropped all
EDNS queries, it did not always try plain DNS. This has been
corrected. [RT #37965]
* A regression caused nsupdate to use the default recursive servers
rather than the SOA MNAME server when sending the UPDATE.
* Adjusted max-recursion-queries to better accommodate empty caches.
* Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310]
* A mutex leak was fixed that could cause named processes to grow to
very large sizes. [RT #38454]
* Fixed some bugs in RFC 5011 trust anchor management, including a
memory leak and a possible loss of state information.[RT #38458]
Revision 1.41.2.1 / (download) - annotate - [select for diffs], Thu Feb 19 19:45:02 2015 UTC (9 years, 2 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored) next main 1.42 (colored) to selected 1.72 (colored)
Pullup ticket #4621 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.42 - net/bind99/distinfo 1.27 --- Module Name: pkgsrc Committed By: taca Date: Thu Feb 19 00:36:27 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.6pl2 (BIND 9.9.6-P2). --- 9.9.6-P2 released --- 4053. [security] Revoking a managed trust anchor and supplying an untrusted replacement could cause named to crash with an assertion failure. (CVE-2015-1349) [RT #38344] 4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
Revision 1.42 / (download) - annotate - [select for diffs], Thu Feb 19 00:36:27 2015 UTC (9 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.6pl2 (BIND 9.9.6-P2). --- 9.9.6-P2 released --- 4053. [security] Revoking a managed trust anchor and supplying an untrusted replacement could cause named to crash with an assertion failure. (CVE-2015-1349) [RT #38344] 4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
Revision 1.41 / (download) - annotate - [select for diffs], Fri Dec 12 07:39:32 2014 UTC (9 years, 4 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Changes since 1.40: +3 -2
lines
Diff to previous 1.40 (colored) to selected 1.72 (colored)
Use SSLBASE for location of engines. PR pkg/48658.
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Wed Dec 10 09:24:28 2014 UTC (9 years, 4 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.38: +2 -3
lines
Diff to previous 1.38 (colored) next main 1.39 (colored) to selected 1.72 (colored)
Pullup ticket #4569 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.39-1.40
- net/bind99/PLIST 1.8-1.9
- net/bind99/distinfo 1.25-1.26
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.5
- net/bind99/patches/patch-configure 1.9
- net/bind99/patches/patch-lib_bind9_Makefile.in deleted
- net/bind99/patches/patch-lib_dns_Makefile.in deleted
- net/bind99/patches/patch-lib_isc_Makefile.in deleted
- net/bind99/patches/patch-lib_isccc_Makefile.in deleted
- net/bind99/patches/patch-lib_isccfg_Makefile.in deleted
- net/bind99/patches/patch-lib_lwres_Makefile.in deleted
- net/bind99/patches/patch-lib_lwres_getaddrinfo.c 1.2
- net/bind99/patches/patch-lib_lwres_getnameinfo.c 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Oct 14 16:21:02 UTC 2014
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
patch-configure patch-lib_lwres_getaddrinfo.c
patch-lib_lwres_getnameinfo.c
Removed Files:
pkgsrc/net/bind99/patches: patch-lib_bind9_Makefile.in
patch-lib_dns_Makefile.in patch-lib_isc_Makefile.in
patch-lib_isccc_Makefile.in patch-lib_isccfg_Makefile.in
patch-lib_lwres_Makefile.in
Log Message:
Update bind99 to 9.9.6.
New Features
Support for CAA record types, as described in RFC 6844 "DNS
Certification Authority Authorization (CAA) Resource Record",
was added. [RT#36625] [RT #36737]
Disallow "request-ixfr" from being specified in zone statements
where it is not valid (it is only valid for slave and redirect
zones) [RT #36608]
Support for CDS and CDNSKEY resource record types was added. For
details see the proposed Informational Internet-Draft "Automating
DNSSEC Delegation Trust Maintenance" at
http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
[RT #36333]
Added version printing options to various BIND utilities. [RT #26057]
[RT #10686]
On Windows, enable the Python tools "dnssec-coverage" and
"dnssec-checkds". [RT #34355]
Added a "no-case-compress" ACL, which causes named to use
case-insensitive compression (disabling change #3645) for specified
clients. (This is useful when dealing with broken client
implementations that use case-sensitive name comparisons, rejecting
responses that fail to match the capitalization of the query
that was sent.) [RT #35300]
Feature Changes
Adds RPZ SOA to the additional section of responses to clearly
indicate the use of RPZ in a manner that is intended to avoid
causing issues for downstream resolvers and forwarders [RT #36507]
rndc now gives distinct error messages when an unqualified zone
name matches multiple views vs. matching no views [RT #36691]
Improves the accuracy of dig's reported round trip times. [RT #36611]
The Windows installer now places files in the Program Files area
rather than system services. [RT #35361]
When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse
condition is no longer issued. See the check-spf option in the
documentation for details. [RT #36210]
"named" will now log explicitly when using rndc.key to configure
command channel. [RT #35316]
The default setting for the -U option (setting the number of UDP
listeners per interface) has been adjusted to improve performance.
[RT #35417]
Aging of smoothed round-trip time measurements is now limited
to no more than once per second, to improve accuracy in selecting
the best name server. [RT #32909]
DNSSEC keys that have been marked active but have no publication
date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
The Makefile in bin/python was changed to work around a bmake
bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid
if signed, and valid wildcard expansions in NSEC3 opt-out ranges
had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
When resigning, dnssec-signzone was removing all signatures from
delegation nodes. It now retains DS and (if applicable) NSEC
signatures. [RT #36946]
The AD flag was being set inappopriately on RPZ responses. [RT #36833]
Updates the URI record type to current draft standard,
draft-faltstrom-uri-08, and allows the value field to be zero
length [RT #36642] [RT #36737]
RRSIG sets that were not loaded in a single transaction at start
up were not being correctly added to re-signing heaps. [RT #36302]
Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
A race condition could cause a crash in isc_event_free during
shutdown. [RT #36720]
Addresses a race condition issue in dispatch. [RT #36731]
acl elements could be miscounted, causing a crash while loading
a config [RT #36675]
Corrects a deadlock between view.c and adb.c. [RT #36341]
liblwres wasn't properly handling link-local addresses in
nameserver clauses in resolv.conf. [RT #36039]
Buffers in isc_print_vsnprintf were not properly initialized
leading to potential overflows when printing out quad values.
[RT #36505]
Don't call qsort() with a null pointer, and disable the GCC 4.9
"delete null pointer check" optimizer option. This fixes problems
when using GNU GCC 4.9.0 where its compiler code optimizations
may cause crashes in BIND. For more information, see the operational
advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
Fixed a bug that could cause repeated resigning of records in
dynamically signed zones. [RT #35273]
Fixed a bug that could cause an assertion failure after forwarding
was disabled. [RT #35979]
Fixed a bug that caused SERVFAILs when using RPZ on a system
configured as a forwarder. [RT #36060]
Worked around a limitation in Solaris's /dev/poll implementation
that could cause named to fail to start when configured to use
more sockets than the system could accomodate. [RT #35878]
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Dec 8 21:58:18 UTC 2014
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
Log Message:
Update bind99 to 9.9.6p1 (BIND 9.9.6-P1).
--- 9.9.6-P1 released ---
4006. [security] A flaw in delegation handling could be exploited
to put named into an infinite loop. This has
been addressed by placing limits on the number
of levels of recursion named will allow (default 7),
and the number of iterative queries that it will
send (default 50) before terminating a recursive
query (CVE-2014-8500).
The recursion depth limit is configured via the
"max-recursion-depth" option, and the query limit
via the "max-recursion-queries" option. [RT #37580]
Revision 1.40 / (download) - annotate - [select for diffs], Mon Dec 8 21:58:18 2014 UTC (9 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.39: +2 -2
lines
Diff to previous 1.39 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.6p1 (BIND 9.9.6-P1). --- 9.9.6-P1 released --- 4006. [security] A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500). The recursion depth limit is configured via the "max-recursion-depth" option, and the query limit via the "max-recursion-queries" option. [RT #37580]
Revision 1.39 / (download) - annotate - [select for diffs], Tue Oct 14 16:21:02 2014 UTC (9 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.38: +2 -3
lines
Diff to previous 1.38 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.6. New Features Support for CAA record types, as described in RFC 6844 "DNS Certification Authority Authorization (CAA) Resource Record", was added. [RT#36625] [RT #36737] Disallow "request-ixfr" from being specified in zone statements where it is not valid (it is only valid for slave and redirect zones) [RT #36608] Support for CDS and CDNSKEY resource record types was added. For details see the proposed Informational Internet-Draft "Automating DNSSEC Delegation Trust Maintenance" at http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14. [RT #36333] Added version printing options to various BIND utilities. [RT #26057] [RT #10686] On Windows, enable the Python tools "dnssec-coverage" and "dnssec-checkds". [RT #34355] Added a "no-case-compress" ACL, which causes named to use case-insensitive compression (disabling change #3645) for specified clients. (This is useful when dealing with broken client implementations that use case-sensitive name comparisons, rejecting responses that fail to match the capitalization of the query that was sent.) [RT #35300] Feature Changes Adds RPZ SOA to the additional section of responses to clearly indicate the use of RPZ in a manner that is intended to avoid causing issues for downstream resolvers and forwarders [RT #36507] rndc now gives distinct error messages when an unqualified zone name matches multiple views vs. matching no views [RT #36691] Improves the accuracy of dig's reported round trip times. [RT #36611] The Windows installer now places files in the Program Files area rather than system services. [RT #35361] When an SPF record exists in a zone but no equivalent TXT record does, a warning will be issued. The warning for the reverse condition is no longer issued. See the check-spf option in the documentation for details. [RT #36210] "named" will now log explicitly when using rndc.key to configure command channel. [RT #35316] The default setting for the -U option (setting the number of UDP listeners per interface) has been adjusted to improve performance. [RT #35417] Aging of smoothed round-trip time measurements is now limited to no more than once per second, to improve accuracy in selecting the best name server. [RT #32909] DNSSEC keys that have been marked active but have no publication date are no longer presumed to be publishable. [RT #35063] Bug Fixes The Makefile in bin/python was changed to work around a bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**) Corrected bugs in the handling of wildcard records by the DNSSEC validator: invalid wildcard expansions could be treated as valid if signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD bit set incorrectly in responses. [RT #37093] [RT #37072] When resigning, dnssec-signzone was removing all signatures from delegation nodes. It now retains DS and (if applicable) NSEC signatures. [RT #36946] The AD flag was being set inappopriately on RPZ responses. [RT #36833] Updates the URI record type to current draft standard, draft-faltstrom-uri-08, and allows the value field to be zero length [RT #36642] [RT #36737] RRSIG sets that were not loaded in a single transaction at start up were not being correctly added to re-signing heaps. [RT #36302] Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452] A race condition could cause a crash in isc_event_free during shutdown. [RT #36720] Addresses a race condition issue in dispatch. [RT #36731] acl elements could be miscounted, causing a crash while loading a config [RT #36675] Corrects a deadlock between view.c and adb.c. [RT #36341] liblwres wasn't properly handling link-local addresses in nameserver clauses in resolv.conf. [RT #36039] Buffers in isc_print_vsnprintf were not properly initialized leading to potential overflows when printing out quad values. [RT #36505] Don't call qsort() with a null pointer, and disable the GCC 4.9 "delete null pointer check" optimizer option. This fixes problems when using GNU GCC 4.9.0 where its compiler code optimizations may cause crashes in BIND. For more information, see the operational advisory at https://kb.isc.org/article/AA-01167/. [RT #35968] Fixed a bug that could cause repeated resigning of records in dynamically signed zones. [RT #35273] Fixed a bug that could cause an assertion failure after forwarding was disabled. [RT #35979] Fixed a bug that caused SERVFAILs when using RPZ on a system configured as a forwarder. [RT #36060] Worked around a limitation in Solaris's /dev/poll implementation that could cause named to fail to start when configured to use more sockets than the system could accomodate. [RT #35878]
Revision 1.38 / (download) - annotate - [select for diffs], Sat Jul 19 05:10:38 2014 UTC (9 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.37: +4 -1
lines
Diff to previous 1.37 (colored) to selected 1.72 (colored)
Explicitly specify KRB5BASE with --with-gssapi option and incudes mk/krb5.buildlink3.mk. It prevent link libcrypt twice with PREFER_PKGSRC=openssl. Fix was provided Chuck Silvers via private e-mail about two weeks ago and I've confirmed the problem. Bump PKGREVISION.
Revision 1.37 / (download) - annotate - [select for diffs], Sat Jun 14 16:15:04 2014 UTC (9 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.36: +2 -3
lines
Diff to previous 1.36 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.5pl1 (BIND 9.9.5-P1). 3859. [bug] Don't call qsort with a null pointer. [RT #35968] 3858. [bug] Disable GCC 4.9 "delete null pointer check". [RT #35968] 3742. [port] linux: libcap support: declare curval at start of block. [RT #35387] --- 9.9.5-W1 released --- 3724. [bug] win32: Fixed a bug that prevented dig and host from exiting properly after completing a UDP query. [RT #35288]
Revision 1.36 / (download) - annotate - [select for diffs], Sat Jun 14 10:14:43 2014 UTC (9 years, 10 months ago) by wiedi
Branch: MAIN
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored) to selected 1.72 (colored)
fix SMF Manifest installation by not overwriting INSTALLATION_DIRS
Revision 1.35 / (download) - annotate - [select for diffs], Thu May 29 23:37:02 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.34: +2 -2
lines
Diff to previous 1.34 (colored) to selected 1.72 (colored)
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
Revision 1.34 / (download) - annotate - [select for diffs], Tue Mar 11 14:34:38 2014 UTC (10 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.33: +2 -1
lines
Diff to previous 1.33 (colored) to selected 1.72 (colored)
Import initial SMF support for individual packages.
Revision 1.33 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:19 2014 UTC (10 years, 2 months ago) by tron
Branch: MAIN
Changes since 1.32: +2 -1
lines
Diff to previous 1.32 (colored) to selected 1.72 (colored)
Recursive PKGREVISION bump for OpenSSL API version bump.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Feb 2 07:58:20 2014 UTC (10 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.31: +2 -2
lines
Diff to previous 1.31 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.5 (BIND 9.9.5). Security fixes were already covered by 9.9.4pl2. Some bug fixes and clean up, please refer CHANGES file in detail.
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Tue Jan 14 10:02:07 2014 UTC (10 years, 3 months ago) by tron
Branch: pkgsrc-2013Q4
Changes since 1.30: +2 -2
lines
Diff to previous 1.30 (colored) next main 1.31 (colored) to selected 1.72 (colored)
Pullup ticket #4296 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.31 - net/bind99/distinfo 1.22 - net/bind99/patches/patch-configure 1.7 - net/bind99/patches/patch-configure.in deleted --- Module Name: pkgsrc Committed By: taca Date: Mon Jan 13 17:31:00 UTC 2014 Modified Files: pkgsrc/net/bind99: Makefile distinfo pkgsrc/net/bind99/patches: patch-configure Removed Files: pkgsrc/net/bind99/patches: patch-configure.in Log Message: Update bind99 to 9.9.4pl2 (BIND 9.9.4-P2), securify fix for CVE-2014-0591. pkgsrc change: remove patches/patch-configure.in. --- 9.9.4-P2 released --- 3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures when serving NSEC3 signed zones. [RT #35120] 3658. [port] linux: Address platform specific compilation issue when libcap-devel is installed. [RT #34838]
Revision 1.31 / (download) - annotate - [select for diffs], Mon Jan 13 17:31:00 2014 UTC (10 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.30: +2 -2
lines
Diff to previous 1.30 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.4pl2 (BIND 9.9.4-P2), securify fix for CVE-2014-0591. pkgsrc change: remove patches/patch-configure.in. --- 9.9.4-P2 released --- 3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures when serving NSEC3 signed zones. [RT #35120] 3658. [port] linux: Address platform specific compilation issue when libcap-devel is installed. [RT #34838]
Revision 1.30 / (download) - annotate - [select for diffs], Thu Nov 7 04:23:58 2013 UTC (10 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.4pl1 (BIND 9.9.4-P1). Security Fixes Treat an all zero netmask as invalid when generating the localnets acl. A Winsock library call on some Windows systems can return an incorrect value for an interface's netmask, potentially causing unexpected matches to BIND's built-in "localnets" Access Control List. (CVE-2013-6230) [RT #34687]
Revision 1.29 / (download) - annotate - [select for diffs], Sat Sep 21 16:00:34 2013 UTC (10 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.4 (BIND 9.9.4).
(CVE-2013-4854 and CVE-2013-3919 were already fixed in pkgsrc).
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Changed the logging category for RRL events from 'queries' to
'query-errors'. [RT #33540]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Fix DNSSEC auto maintenance so signatures can be removed from a
zone with only KSK keys for an algorithm. [RT #34439]
Fix DNSSEC auto maintenance so signatures from newly inactive
keys are removed (when publishing a new key while deactivating
another key at the same time). [RT #32178]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Fix Response Policy Zones on slave servers so new RPZ changes
take effect. [RT #34450]
Fix the "zone-statistics" option to work with the default
traditional statistics (not new "--enable-newstats" feature).
[RT #34466]
named could crash when deleting inline-signing zones with "rndc
delzone". [RT #34066]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
named was failing to answer queries during "rndc reload" [RT
#34098]
win32: Some executables had been omitted from the installer. [RT
#34116]
fixed a broken 'Invalid keyfile' error message in dnssec-keygen.
[RT #34045]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
Corrected the way that "rndc addzone" and "rndc delzone" handle
non-standard characters in zone names. [RT #33419]
Adjusted RRL behavior for recursive queries to defer rate-limiting
until after recursion is complete. Also uses correct rcode for
slipped NXDOMAIN responses. [RT #33604]
Previously, BIND could erroneously report a missing file
specification when using inline slave zones. [RT #33662]
Revision 1.26.2.3 / (download) - annotate - [select for diffs], Sat Jul 27 11:35:40 2013 UTC (10 years, 8 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.26.2.2: +2 -2
lines
Diff to previous 1.26.2.2 (colored) to branchpoint 1.26 (colored) next main 1.27 (colored) to selected 1.72 (colored)
Pullup ticket #4189 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.28 - net/bind99/distinfo 1.17 --- Module Name: pkgsrc Committed By: taca Date: Sat Jul 27 03:20:07 UTC 2013 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.3pl2 (BIND 9.9.3-P2). --- 9.9.3-P2 released --- 3621. [security] Incorrect bounds checking on private type 'keydata' can lead to a remotely triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Revision 1.26.2.2 / (download) - annotate - [select for diffs], Sat Jul 27 06:12:06 2013 UTC (10 years, 8 months ago) by taca
Branch: pkgsrc-2013Q2
Changes since 1.26.2.1: +1 -1
lines
Diff to previous 1.26.2.1 (colored) to branchpoint 1.26 (colored) to selected 1.72 (colored)
Revert previous. It was accidently commit on my work area environment.
Revision 1.26.2.1 / (download) - annotate - [select for diffs], Sat Jul 27 06:02:55 2013 UTC (10 years, 8 months ago) by taca
Branch: pkgsrc-2013Q2
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored) to selected 1.72 (colored)
Forward update of bind99.
Revision 1.28 / (download) - annotate - [select for diffs], Sat Jul 27 03:20:07 2013 UTC (10 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.27: +2 -3
lines
Diff to previous 1.27 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.3pl2 (BIND 9.9.3-P2). --- 9.9.3-P2 released --- 3621. [security] Incorrect bounds checking on private type 'keydata' can lead to a remotely triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jul 12 10:44:59 2013 UTC (10 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.26: +2 -1
lines
Diff to previous 1.26 (colored) to selected 1.72 (colored)
Bump PKGREVISION of all packages which create users, to pick up change of sysutils/user_* packages.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jun 6 02:55:03 2013 UTC (10 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.25: +3 -4
lines
Diff to previous 1.25 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.3pl1 (BIND 9.9.3-P1). Please refer CHANGES file for complete changes and here is quote from release announce. Introduction BIND 9.9.3-P1 is the latest production release of BIND 9.9-ESV. Security Fixes Prevents exploitation of a runtime_check which can crash named when satisfying a recursive query for particular malformed zones. (CVE-2013-3919) [RT #33690] Now supports NAPTR regular expression validation on all platforms, and avoids memory exhaustion compiling pathological regular expressions. (CVE-2013-2266) [RT #32688] Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (CVE-2012-5688) [RT #30792 / #30996] Prevents an assertion failure in named when RPZ and DNS64 are used together. (CVE-2012-5689) [RT #32141] New Features Adds a new configuration option, "check-spf"; valid values are "warn" (default) and "ignore". When set to "warn", checks SPF and TXT records in spf format, warning if either resource record type occurs without a corresponding record of the other resource record type. [RT #33355] Adds the command-line tool "dnssec-coverage" that checks to make sure that there is no scheduled lapse in key coverage. Requires python. [RT #28098] Adds support for the EUI48 and EUI64 RR types. [RT #33082] Adds support for the RFC 6742 ILNP record types (NID, LP, L32, and L64). [RT #31836]
Revision 1.25 / (download) - annotate - [select for diffs], Fri May 31 12:41:32 2013 UTC (10 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.24: +2 -1
lines
Diff to previous 1.24 (colored) to selected 1.72 (colored)
Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
Revision 1.24 / (download) - annotate - [select for diffs], Sat Apr 6 03:45:21 2013 UTC (11 years ago) by rodent
Branch: MAIN
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored) to selected 1.72 (colored)
Fixes: COMMENT should not be longer than 70 characters. COMMENT should not begin with 'A'. COMMENT should not begin with 'An'. COMMENT should not begin with 'a'. COMMENT should not end with a period. COMMENT should start with a capital letter. pkglint warnings. Some files also got minor formatting, spelling, and style corrections.
Revision 1.20.2.1 / (download) - annotate - [select for diffs], Sat Mar 30 17:52:50 2013 UTC (11 years ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.20: +2 -3
lines
Diff to previous 1.20 (colored) next main 1.21 (colored) to selected 1.72 (colored)
Pullup ticket #4103 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.21-1.23
- net/bind99/distinfo 1.12-1.14
- net/bind99/options.mk 1.5-1.6
- net/bind99/patches/patch-configure 1.4
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Feb 6 23:24:19 UTC 2013
Modified Files:
pkgsrc/net/bind99: Makefile
Log Message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Mar 2 20:33:35 UTC 2013
Modified Files:
pkgsrc/net/bind96: Makefile
Log Message:
Bump PKGREVISION for mysql default change to 55.
---
Module Name: pkgsrc
Committed By: pettai
Date: Sat Feb 9 00:14:34 UTC 2013
Modified Files:
pkgsrc/net/bind99: distinfo options.mk
Log Message:
Updated rrl patch version + source
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 26 22:12:14 UTC 2013
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
pkgsrc/net/bind99/patches: patch-configure
Log Message:
Update bind99 to 9.9.2pl2 (BIND 9.9.2-P2).
--- 9.9.2-P2 released ---
3516. [security] Removed the check for regex.h in configure in order
to disable regex syntax checking, as it exposes
BIND to a critical flaw in libregex on some
platforms. [RT #32688]
---
Module Name: pkgsrc
Committed By: pettai
Date: Wed Mar 27 12:08:24 UTC 2013
Modified Files:
pkgsrc/net/bind99: distinfo options.mk
Log Message:
Also update the corresponding RRL patch + distinfo file
Revision 1.23 / (download) - annotate - [select for diffs], Tue Mar 26 22:12:14 2013 UTC (11 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.22: +2 -3
lines
Diff to previous 1.22 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.2pl2 (BIND 9.9.2-P2). --- 9.9.2-P2 released --- 3516. [security] Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688]
Revision 1.22 / (download) - annotate - [select for diffs], Sat Mar 2 20:33:30 2013 UTC (11 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.21: +2 -2
lines
Diff to previous 1.21 (colored) to selected 1.72 (colored)
Bump PKGREVISION for mysql default change to 55.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:10 2013 UTC (11 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored) to selected 1.72 (colored)
PKGREVISION bumps for the security/openssl 1.0.1d update.
Revision 1.20 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:27 2012 UTC (11 years, 4 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.19: +2 -1
lines
Diff to previous 1.19 (colored) to selected 1.72 (colored)
recursive bump from cyrus-sasl libsasl2 shlib major bump.
Revision 1.11.2.3 / (download) - annotate - [select for diffs], Wed Dec 5 07:07:51 2012 UTC (11 years, 4 months ago) by sbd
Branch: pkgsrc-2012Q3
Changes since 1.11.2.2: +2 -4
lines
Diff to previous 1.11.2.2 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored) to selected 1.72 (colored)
Pullup ticket #3983 - requested by taca
net/bind99 security update
Revisions pulled up:
- net/bind99/Makefile 1.14-1.19
- net/bind99/distinfo 1.10-1.11
- net/bind99/options.mk 1.4
---
Module Name: pkgsrc
Committed By: cheusov
Date: Sun Oct 21 15:49:07 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile
pkgsrc/net/bind97: Makefile
pkgsrc/net/bind98: Makefile
pkgsrc/net/bind99: Makefile
pkgsrc/net/host: Makefile
Log Message:
Add CONFLICTS between net/bind and net/host.
net/bind9*: remove "bind<x.y.z" entries from CONFLICTS. It is useless
because package's PKGBASE is "bind".
---
Module Name: pkgsrc
Committed By: asau
Date: Tue Oct 23 17:19:22 UTC 2012
Modified Files:
pkgsrc/net/3proxy: Makefile
pkgsrc/net/6tunnel: Makefile
pkgsrc/net/DarwinStreamingServer: Makefile
pkgsrc/net/GeoIP: Makefile
pkgsrc/net/Geomyidae: Makefile
pkgsrc/net/IglooFTP: Makefile
pkgsrc/net/LaBrea: Makefile
pkgsrc/net/ORBit: Makefile
pkgsrc/net/ORBit2: Makefile
pkgsrc/net/Radicale: Makefile
pkgsrc/net/SDL_net: Makefile
pkgsrc/net/Transmission: Makefile.common
pkgsrc/net/adns: Makefile
pkgsrc/net/aget: Makefile
pkgsrc/net/aiccu: Makefile
pkgsrc/net/airport2basestationconfig: Makefile
pkgsrc/net/airportbasestationconfig: Makefile
pkgsrc/net/airportmodemutility: Makefile
pkgsrc/net/amule: Makefile
pkgsrc/net/aoe-vblade: Makefile
pkgsrc/net/apollo: Makefile
pkgsrc/net/argus: Makefile
pkgsrc/net/aria2: Makefile
pkgsrc/net/arp-scan: Makefile
pkgsrc/net/arpd: Makefile
pkgsrc/net/arping: Makefile
pkgsrc/net/arpwatch: Makefile
pkgsrc/net/autonet: Makefile
pkgsrc/net/avahi: Makefile
pkgsrc/net/awhois: Makefile
pkgsrc/net/balance: Makefile
pkgsrc/net/barnyard: Makefile
pkgsrc/net/batchftp: Makefile
pkgsrc/net/bftpd: Makefile
pkgsrc/net/bind96: Makefile
pkgsrc/net/bind97: Makefile
pkgsrc/net/bind98: Makefile
pkgsrc/net/bind99: Makefile
pkgsrc/net/bing: Makefile
pkgsrc/net/bird: Makefile.common
pkgsrc/net/bittornado: Makefile
pkgsrc/net/bittornado-gui: Makefile
pkgsrc/net/bittorrent: Makefile
pkgsrc/net/bittorrent-gui: Makefile
pkgsrc/net/bmon: Makefile
pkgsrc/net/bounce: Makefile
pkgsrc/net/bpalogin: Makefile
pkgsrc/net/bridged: Makefile
pkgsrc/net/bsddip: Makefile
pkgsrc/net/btget: Makefile
pkgsrc/net/btpd: Makefile
pkgsrc/net/bug-buddy: Makefile
pkgsrc/net/cacti: Makefile
pkgsrc/net/calypso: Makefile
pkgsrc/net/cdpd: Makefile
pkgsrc/net/cftp: Makefile
pkgsrc/net/chimera: Makefile
pkgsrc/net/chksniff: Makefile
pkgsrc/net/choparp: Makefile
pkgsrc/net/choqok: Makefile
pkgsrc/net/chrony: Makefile
pkgsrc/net/cia: Makefile
pkgsrc/net/cidr: Makefile
pkgsrc/net/cisco-mibs: Makefile
pkgsrc/net/clive: Makefile
pkgsrc/net/cmu-dhcpd: Makefile
pkgsrc/net/cntlm: Makefile
pkgsrc/net/coda: Makefile
pkgsrc/net/coherence: Makefile
pkgsrc/net/coilmq: Makefile
pkgsrc/net/connect: Makefile
pkgsrc/net/corkscrew: Makefile
pkgsrc/net/couriertcpd: Makefile
pkgsrc/net/csup: Makefile
pkgsrc/net/dante: Makefile
pkgsrc/net/darkstat: Makefile
pkgsrc/net/dc_gui2: Makefile
pkgsrc/net/dcsharp: Makefile
pkgsrc/net/dctc: Makefile
pkgsrc/net/ddclient: Makefile
pkgsrc/net/delegate: Makefile
pkgsrc/net/dhcpcd: Makefile
pkgsrc/net/dhcpcd-dbus: Makefile
pkgsrc/net/dhcpcd-gtk: Makefile
pkgsrc/net/dhcpd-pools: Makefile
pkgsrc/net/dhid: Makefile
pkgsrc/net/djbdns: Makefile
pkgsrc/net/djbdns-run: Makefile
pkgsrc/net/dlint: Makefile
pkgsrc/net/dnscap: Makefile
pkgsrc/net/dnscheck: Makefile
pkgsrc/net/dnsdoctor: Makefile
pkgsrc/net/dnsmasq: Makefile
pkgsrc/net/dnstop: Makefile
pkgsrc/net/dnstracer: Makefile
pkgsrc/net/docsis: Makefile
pkgsrc/net/driftnet: Makefile
pkgsrc/net/drill: Makefile
pkgsrc/net/dtcp: Makefile
pkgsrc/net/dtcpclient: Makefile
pkgsrc/net/dtorrent: Makefile
pkgsrc/net/dynipclient: Makefile
pkgsrc/net/echoping: Makefile
pkgsrc/net/ed2k-gtk-gui: Makefile
pkgsrc/net/edonkey2k: Makefile
pkgsrc/net/ekiga: Makefile
pkgsrc/net/entropy: Makefile
pkgsrc/net/ether2dns: Makefile
pkgsrc/net/etherape: Makefile
pkgsrc/net/ettercap: Makefile
pkgsrc/net/ettercap-NG: Makefile
pkgsrc/net/ez-ipupdate: Makefile
pkgsrc/net/fair-identd: Makefile
pkgsrc/net/fetch: Makefile
pkgsrc/net/filezilla: Makefile
pkgsrc/net/firewalk: Makefile
pkgsrc/net/flickcurl: Makefile
pkgsrc/net/flodo: Makefile
pkgsrc/net/flow-tools: Makefile
pkgsrc/net/fmirror: Makefile
pkgsrc/net/fpdns: Makefile
pkgsrc/net/fping: Makefile
pkgsrc/net/fping6: Makefile
pkgsrc/net/freeDiameter: Makefile
pkgsrc/net/freenet-tools: Makefile
pkgsrc/net/freeradius: Makefile
pkgsrc/net/freeradius2: Makefile
pkgsrc/net/ftplibpp: Makefile
pkgsrc/net/ftpproxy: Makefile
pkgsrc/net/gated: Makefile
pkgsrc/net/gethost: Makefile
pkgsrc/net/gift: Makefile
pkgsrc/net/gift-fasttrack: Makefile
pkgsrc/net/gift-gnutella: Makefile
pkgsrc/net/gift-openft: Makefile
pkgsrc/net/giftcurs: Makefile
pkgsrc/net/gini: Makefile
pkgsrc/net/gitso: Makefile
pkgsrc/net/gkrellm-multiping: Makefile
pkgsrc/net/gkrellm-snmp: Makefile
pkgsrc/net/gkrellm-wireless: Makefile
pkgsrc/net/glib-networking: Makefile
pkgsrc/net/gnapfetch: Makefile
pkgsrc/net/gnet: Makefile
pkgsrc/net/gnet1: Makefile
pkgsrc/net/gnetcat: Makefile
pkgsrc/net/gnome-netstatus: Makefile
pkgsrc/net/gnome-nettool: Makefile
pkgsrc/net/gnome-vfs-smb: Makefile
pkgsrc/net/gofish: Makefile
pkgsrc/net/gopher: Makefile
pkgsrc/net/gsnmp: Makefile
pkgsrc/net/gssdp: Makefile
pkgsrc/net/gst-plugins0.10-libnice: Makefile
pkgsrc/net/gst-plugins0.10-mms: Makefile
pkgsrc/net/gst-plugins0.10-rtmp: Makefile
pkgsrc/net/gst-plugins0.10-soup: Makefile
pkgsrc/net/gt-itm: Makefile
pkgsrc/net/gtk-gnutella: Makefile
pkgsrc/net/gtk-vnc: Makefile
pkgsrc/net/gtk_wicontrol: Makefile
pkgsrc/net/gupnp: Makefile
pkgsrc/net/gupnp-av: Makefile
pkgsrc/net/gupnp-igd: Makefile
pkgsrc/net/gupnp-tools: Makefile
pkgsrc/net/gupnp-vala: Makefile
pkgsrc/net/haproxy: Makefile
pkgsrc/net/hesiod: Makefile
pkgsrc/net/hf6to4: Makefile
pkgsrc/net/hlfl: Makefile
pkgsrc/net/host: Makefile
pkgsrc/net/howl: Makefile
pkgsrc/net/hping: Makefile
pkgsrc/net/hping3: Makefile
pkgsrc/net/httping: Makefile
pkgsrc/net/httptunnel: Makefile
pkgsrc/net/iana-etc: Makefile
pkgsrc/net/icsi-finger: Makefile
pkgsrc/net/iftop: Makefile
pkgsrc/net/inadyn: Makefile
pkgsrc/net/ipcalc: Makefile
pkgsrc/net/ipcheck: Makefile
pkgsrc/net/iperf: Makefile
pkgsrc/net/ipgrab: Makefile
pkgsrc/net/iplog: Makefile
pkgsrc/net/ipv6calc: Makefile
pkgsrc/net/ipw: Makefile
pkgsrc/net/irrd: Makefile
pkgsrc/net/irrtoolset5: Makefile
pkgsrc/net/isc-dhclient4: Makefile
pkgsrc/net/isc-dhcp4: Makefile
pkgsrc/net/isc-dhcpd4: Makefile
pkgsrc/net/isc-dhcrelay4: Makefile
pkgsrc/net/ishell: Makefile
pkgsrc/net/isic: Makefile
pkgsrc/net/istgt: Makefile
pkgsrc/net/jftpgw: Makefile
pkgsrc/net/jigdo: Makefile
pkgsrc/net/jumpgate: Makefile
pkgsrc/net/jwhois: Makefile
pkgsrc/net/kdenetwork3: Makefile
pkgsrc/net/kftpgrabber: Makefile
pkgsrc/net/kiax: Makefile
pkgsrc/net/kismet: Makefile
pkgsrc/net/kmldonkey: Makefile
pkgsrc/net/kmldonkey-kde3: Makefile
pkgsrc/net/knock: Makefile
pkgsrc/net/knot: Makefile
pkgsrc/net/kphone: Makefile
pkgsrc/net/ktorrent: Makefile
pkgsrc/net/ktorrent-kde3: Makefile
pkgsrc/net/lambdamoo: Makefile
pkgsrc/net/lambdamoo-core: Makefile
pkgsrc/net/lambdamoo-doc: Makefile
pkgsrc/net/latd: Makefile
pkgsrc/net/ldns: Makefile
pkgsrc/net/lft: Makefile
pkgsrc/net/lftp: Makefile
pkgsrc/net/libIDL: Makefile
pkgsrc/net/libares: Makefile
pkgsrc/net/libasyncns: Makefile
pkgsrc/net/libbind: Makefile
pkgsrc/net/libcares: Makefile
pkgsrc/net/libdlna: Makefile
pkgsrc/net/libdmapsharing: Makefile
pkgsrc/net/libdnet: Makefile
pkgsrc/net/libfetch: Makefile
pkgsrc/net/libgdata: Makefile
pkgsrc/net/libktorrent: Makefile
pkgsrc/net/liblive: Makefile
pkgsrc/net/libmms: Makefile
pkgsrc/net/libnice: Makefile
pkgsrc/net/libnids: Makefile
pkgsrc/net/libnipper: Makefile
pkgsrc/net/libpcap: Makefile
pkgsrc/net/libquvi: Makefile
pkgsrc/net/libquvi-scripts: Makefile
pkgsrc/net/libradius: Makefile
pkgsrc/net/libsoup24: Makefile
pkgsrc/net/libsscript: Makefile
pkgsrc/net/libtorrent: Makefile
pkgsrc/net/libtrace: Makefile
pkgsrc/net/libupnp: Makefile
pkgsrc/net/libvncserver: Makefile
pkgsrc/net/linc: Makefile
pkgsrc/net/llnlxdir: Makefile
pkgsrc/net/llnlxftp: Makefile
pkgsrc/net/logjam: Makefile
pkgsrc/net/lopster: Makefile
pkgsrc/net/lua-socket: Makefile
pkgsrc/net/mDNSResponder: Makefile
pkgsrc/net/mDNSResponder-nss: Makefile
pkgsrc/net/maradns: Makefile
pkgsrc/net/mbrowse: Makefile
pkgsrc/net/mcast-tools: Makefile
pkgsrc/net/md-whois: Makefile
pkgsrc/net/microdc2: Makefile
pkgsrc/net/mikutter: Makefile
pkgsrc/net/miniupnpd: Makefile
pkgsrc/net/miredo: Makefile
pkgsrc/net/mirror: Makefile
pkgsrc/net/mldonkey: Makefile.common
pkgsrc/net/modpcap: Makefile
pkgsrc/net/mono-nat: Makefile
pkgsrc/net/monotorrent: Makefile
pkgsrc/net/monsoon: Makefile
pkgsrc/net/mosh: Makefile
pkgsrc/net/mouse-pppoe: Makefile
pkgsrc/net/mping: Makefile
pkgsrc/net/mrt: Makefile
pkgsrc/net/mrtg: Makefile
pkgsrc/net/msdl: Makefile
pkgsrc/net/mtftpd: Makefile
pkgsrc/net/mtr: Makefile
pkgsrc/net/mydns-mysql: Makefile
pkgsrc/net/mydns-pgsql: Makefile
pkgsrc/net/nagios-base: Makefile
pkgsrc/net/nagios-nrpe: Makefile
pkgsrc/net/nagios-nsca: Makefile
pkgsrc/net/nagios-plugin-ldap: Makefile
pkgsrc/net/nagios-plugin-mysql: Makefile
pkgsrc/net/nagios-plugin-pgsql: Makefile
pkgsrc/net/nagios-plugin-radius: Makefile
pkgsrc/net/nagios-plugin-snmp: Makefile
pkgsrc/net/nagios-plugin-spamd: Makefile
pkgsrc/net/nagstamon: Makefile
pkgsrc/net/nam: Makefile
pkgsrc/net/nap: Makefile
pkgsrc/net/napshare: Makefile
pkgsrc/net/nasd: Makefile
pkgsrc/net/nbtscan: Makefile
pkgsrc/net/ncftp3: Makefile
pkgsrc/net/nemesis: Makefile
pkgsrc/net/net-snmp: Makefile
pkgsrc/net/net6: Makefile
pkgsrc/net/netatalk: Makefile
pkgsrc/net/netcat: Makefile
pkgsrc/net/netcat6: Makefile
pkgsrc/net/netdisco: Makefile
pkgsrc/net/netgroup: Makefile
pkgsrc/net/netname: Makefile
pkgsrc/net/netpipes: Makefile
pkgsrc/net/nfdump: Makefile
pkgsrc/net/ngrep: Makefile
pkgsrc/net/nicotine: Makefile
pkgsrc/net/nicovideo-dl: Makefile
pkgsrc/net/nidentd: Makefile
pkgsrc/net/nipper: Makefile
pkgsrc/net/nload: Makefile
pkgsrc/net/nmap: Makefile
pkgsrc/net/nocol: Makefile
pkgsrc/net/nprobe: Makefile
pkgsrc/net/ns: Makefile
pkgsrc/net/nsd: Makefile
pkgsrc/net/nslint: Makefile
pkgsrc/net/nstx: Makefile
pkgsrc/net/ntop: Makefile
pkgsrc/net/ntp4: Makefile
pkgsrc/net/ocamlnet: Makefile
pkgsrc/net/ocsinventory-agent: Makefile
pkgsrc/net/oidentd: Makefile
pkgsrc/net/oinkmaster: Makefile
pkgsrc/net/omniNotify: Makefile
pkgsrc/net/omniORB: Makefile
pkgsrc/net/openag: Makefile
pkgsrc/net/openntpd: Makefile
pkgsrc/net/openresolv: Makefile
pkgsrc/net/openslp: Makefile
pkgsrc/net/openvmps: Makefile
pkgsrc/net/openvpn: Makefile
pkgsrc/net/openvpn-acct-wtmpx: Makefile
pkgsrc/net/openwbem: Makefile
pkgsrc/net/ortp: Makefile
pkgsrc/net/overnet: Makefile
pkgsrc/net/p5-Cisco-Abbrev: Makefile
pkgsrc/net/p5-DNS-ZoneParse: Makefile
pkgsrc/net/p5-Danga-Socket: Makefile
pkgsrc/net/p5-Data-Stream-Bulk: Makefile
pkgsrc/net/p5-Geo-IP: Makefile
pkgsrc/net/p5-Geo-IPfree: Makefile
pkgsrc/net/p5-IO-Interface: Makefile
pkgsrc/net/p5-IO-Socket-INET6: Makefile
pkgsrc/net/p5-IO-Socket-Multicast: Makefile
pkgsrc/net/p5-IP-Country: Makefile
pkgsrc/net/p5-Net: Makefile
pkgsrc/net/p5-Net-Akismet: Makefile
pkgsrc/net/p5-Net-Amazon: Makefile
pkgsrc/net/p5-Net-Amazon-S3: Makefile
pkgsrc/net/p5-Net-Bind: Makefile
pkgsrc/net/p5-Net-Bonjour: Makefile
pkgsrc/net/p5-Net-CIDR-Lite: Makefile
pkgsrc/net/p5-Net-CIDR-Set: Makefile
pkgsrc/net/p5-Net-CUPS: Makefile
pkgsrc/net/p5-Net-DBus: Makefile
pkgsrc/net/p5-Net-DHCP: Makefile
pkgsrc/net/p5-Net-DNS: Makefile
pkgsrc/net/p5-Net-DNS-Resolver-Programmable: Makefile
pkgsrc/net/p5-Net-DNS-Zone-Parser: Makefile
pkgsrc/net/p5-Net-DNSServer: Makefile
pkgsrc/net/p5-Net-Daemon: Makefile
pkgsrc/net/p5-Net-Dev-MIBLoadOrder: Makefile
pkgsrc/net/p5-Net-FTPSSL: Makefile
pkgsrc/net/p5-Net-Frame: Makefile
pkgsrc/net/p5-Net-Frame-Dump: Makefile
pkgsrc/net/p5-Net-Frame-Layer-IPv6: Makefile
pkgsrc/net/p5-Net-Frame-Simple: Makefile
pkgsrc/net/p5-Net-GitHub: Makefile
pkgsrc/net/p5-Net-Gnats: Makefile
pkgsrc/net/p5-Net-Google: Makefile
pkgsrc/net/p5-Net-Google-AuthSub: Makefile
pkgsrc/net/p5-Net-Google-Code: Makefile
pkgsrc/net/p5-Net-INET6Glue: Makefile
pkgsrc/net/p5-Net-IP: Makefile
pkgsrc/net/p5-Net-IPv4Addr: Makefile
pkgsrc/net/p5-Net-IPv6Addr: Makefile
pkgsrc/net/p5-Net-Ident: Makefile
pkgsrc/net/p5-Net-Interface: Makefile
pkgsrc/net/p5-Net-Jifty: Makefile
pkgsrc/net/p5-Net-LDAP-Server: Makefile
pkgsrc/net/p5-Net-LibIDN: Makefile
pkgsrc/net/p5-Net-Libdnet: Makefile
pkgsrc/net/p5-Net-Libdnet6: Makefile
pkgsrc/net/p5-Net-MAC: Makefile
pkgsrc/net/p5-Net-NBName: Makefile
pkgsrc/net/p5-Net-OAuth: Makefile
pkgsrc/net/p5-Net-OpenID-Consumer: Makefile
pkgsrc/net/p5-Net-Packet: Makefile
pkgsrc/net/p5-Net-Pcap: Makefile
pkgsrc/net/p5-Net-RawIP: Makefile
pkgsrc/net/p5-Net-SMTP-TLS: Makefile
pkgsrc/net/p5-Net-SNMP: Makefile
pkgsrc/net/p5-Net-SNMP-Mixin: Makefile
pkgsrc/net/p5-Net-Server: Makefile
pkgsrc/net/p5-Net-Server-Coro: Makefile
pkgsrc/net/p5-Net-Server-SS-PreFork: Makefile
pkgsrc/net/p5-Net-TFTP: Makefile
pkgsrc/net/p5-Net-Telnet: Makefile
pkgsrc/net/p5-Net-Telnet-Cisco: Makefile
pkgsrc/net/p5-Net-Trac: Makefile
pkgsrc/net/p5-Net-Twitter: Makefile
pkgsrc/net/p5-Net-Write: Makefile
pkgsrc/net/p5-Net-XMPP: Makefile
pkgsrc/net/p5-Net-XWhois: Makefile
pkgsrc/net/p5-Net-Z3950-ZOOM: Makefile
pkgsrc/net/p5-Net-eBay: Makefile
pkgsrc/net/p5-NetAddr-IP: Makefile
pkgsrc/net/p5-NetPacket: Makefile
pkgsrc/net/p5-Nmap-Parser: Makefile
pkgsrc/net/p5-POE-Component-Client-DNS: Makefile
pkgsrc/net/p5-POE-Component-Client-Ident: Makefile
pkgsrc/net/p5-POE-Component-SNMP: Makefile
pkgsrc/net/p5-RADIUS: Makefile
pkgsrc/net/p5-RPC-XML: Makefile
pkgsrc/net/p5-RT-Client-REST: Makefile
pkgsrc/net/p5-RadiusPerl: Makefile
pkgsrc/net/p5-SNMP-Info: Makefile
pkgsrc/net/p5-SNMP-MIB-Compiler: Makefile
pkgsrc/net/p5-SNMP_Session: Makefile
pkgsrc/net/p5-SOAP-Lite: Makefile
pkgsrc/net/p5-SOAP-Transport-TCP: Makefile
pkgsrc/net/p5-Socket6: Makefile
pkgsrc/net/p5-Test-DNS: Makefile
pkgsrc/net/p5-Test-TCP: Makefile
pkgsrc/net/p5-Umph-Prompt: Makefile
pkgsrc/net/p5-WebService-Google-Reader: Makefile
pkgsrc/net/p5-X500-DN: Makefile
pkgsrc/net/p5-eBay-API: Makefile
pkgsrc/net/p5-gcap: Makefile
pkgsrc/net/p5-grake: Makefile
pkgsrc/net/p5-umph: Makefile
pkgsrc/net/packit: Makefile
pkgsrc/net/parpd: Makefile
pkgsrc/net/partysip: Makefile
pkgsrc/net/pchar: Makefile
pkgsrc/net/pconsole: Makefile
pkgsrc/net/pear-Net_DIME: Makefile
pkgsrc/net/pear-Net_IDNA2: Makefile
pkgsrc/net/pear-Net_LDAP2: Makefile
pkgsrc/net/pear-Net_SMTP: Makefile
pkgsrc/net/pear-Net_Sieve: Makefile
pkgsrc/net/pear-Net_Socket: Makefile
pkgsrc/net/pear-Net_URL: Makefile
pkgsrc/net/pear-SOAP: Makefile
pkgsrc/net/pen: Makefile
pkgsrc/net/perlbal: Makefile
pkgsrc/net/pfnet: Makefile
pkgsrc/net/php-ftp: Makefile
pkgsrc/net/php-geoip: Makefile
pkgsrc/net/php-snmp: Makefile
pkgsrc/net/php-soap: Makefile
pkgsrc/net/php-sockets: Makefile
pkgsrc/net/php-xmlrpc: Makefile
pkgsrc/net/php-yaz: Makefile
pkgsrc/net/pim6dd: Makefile
pkgsrc/net/pim6sd: Makefile
pkgsrc/net/pload: Makefile
pkgsrc/net/poink: Makefile
pkgsrc/net/polsms: Makefile
pkgsrc/net/poptop: Makefile
pkgsrc/net/portmap: Makefile
pkgsrc/net/powerdns: Makefile
pkgsrc/net/powerdns-ldap: Makefile
pkgsrc/net/powerdns-mysql: Makefile
pkgsrc/net/powerdns-pgsql: Makefile
pkgsrc/net/powerdns-recursor: Makefile
pkgsrc/net/powerdns-sqlite: Makefile
pkgsrc/net/pppd: Makefile
pkgsrc/net/pptp: Makefile
pkgsrc/net/proftpd: Makefile
pkgsrc/net/proxycheck: Makefile
pkgsrc/net/proxytunnel: Makefile
pkgsrc/net/publicfile: Makefile
pkgsrc/net/puf: Makefile
pkgsrc/net/pure-ftpd: Makefile
pkgsrc/net/pxe: Makefile
pkgsrc/net/py-GeoIP: Makefile
pkgsrc/net/py-IP: Makefile
pkgsrc/net/py-METAR: Makefile
pkgsrc/net/py-ORBit: Makefile
pkgsrc/net/py-adns: Makefile
pkgsrc/net/py-boto: Makefile
pkgsrc/net/py-dns: Makefile
pkgsrc/net/py-dpkt: Makefile
pkgsrc/net/py-foolscap: Makefile
pkgsrc/net/py-google: Makefile
pkgsrc/net/py-kenosis: Makefile
pkgsrc/net/py-libdnet: Makefile
pkgsrc/net/py-libpcap: Makefile
pkgsrc/net/py-medusa: Makefile
pkgsrc/net/py-omniORBpy: Makefile
pkgsrc/net/py-pcap: Makefile
pkgsrc/net/py-s3cmd: Makefile
pkgsrc/net/py-soaplib: Makefile
pkgsrc/net/py-soappy: Makefile
pkgsrc/net/py-spreadmodule: Makefile
pkgsrc/net/py-suds: Makefile
pkgsrc/net/py-twisted: Makefile.common
pkgsrc/net/py-zmq: Makefile
pkgsrc/net/py-zsi: Makefile
pkgsrc/net/pygopherd: Makefile
pkgsrc/net/qadsl: Makefile
pkgsrc/net/quagga: Makefile
pkgsrc/net/queryperf: Makefile
pkgsrc/net/quvi: Makefile
pkgsrc/net/ra-rtsp-proxy: Makefile
pkgsrc/net/rabbitmq: Makefile
pkgsrc/net/radiusclient-ng: Makefile
pkgsrc/net/radiusd-cistron: Makefile
pkgsrc/net/rancid: Makefile
pkgsrc/net/rbldnsd: Makefile
pkgsrc/net/rdesktop: Makefile
pkgsrc/net/rdist6: Makefile
pkgsrc/net/remmina: Makefile
pkgsrc/net/remmina-plugins: Makefile
pkgsrc/net/rinetd: Makefile
pkgsrc/net/rootprobe: Makefile
pkgsrc/net/rp-l2tp: Makefile
pkgsrc/net/rp-pppoe: Makefile
pkgsrc/net/rsync: Makefile
pkgsrc/net/rtmpdump: Makefile
pkgsrc/net/rtorrent: Makefile
pkgsrc/net/ruby-amqp: Makefile
pkgsrc/net/ruby-dnsruby: Makefile
pkgsrc/net/ruby-domain_name: Makefile
pkgsrc/net/ruby-icmp: Makefile
pkgsrc/net/ruby-stompserver: Makefile
pkgsrc/net/samba: Makefile
pkgsrc/net/samba30: Makefile
pkgsrc/net/samba33: Makefile
pkgsrc/net/samba35: Makefile
pkgsrc/net/scamper: Makefile
pkgsrc/net/scapy: Makefile
pkgsrc/net/scdp: Makefile
pkgsrc/net/scli: Makefile
pkgsrc/net/sdig: Makefile
pkgsrc/net/sdist: Makefile
pkgsrc/net/sendfile: Makefile
pkgsrc/net/ser: Makefile
pkgsrc/net/sharity-light: Makefile
pkgsrc/net/sipcalc: Makefile
pkgsrc/net/sipsak: Makefile
pkgsrc/net/sitescooper: Makefile
pkgsrc/net/skype1: Makefile
pkgsrc/net/skype21: Makefile
pkgsrc/net/slurm: Makefile
pkgsrc/net/smokeping: Makefile
pkgsrc/net/sniffit: Makefile
pkgsrc/net/snmptt: Makefile
pkgsrc/net/snort: Makefile
pkgsrc/net/snort-rules: Makefile
pkgsrc/net/socat: Makefile
pkgsrc/net/socket++: Makefile
pkgsrc/net/socks4: Makefile
pkgsrc/net/socks5: Makefile
pkgsrc/net/solaris-tap: Makefile
pkgsrc/net/speedtouch: Makefile
pkgsrc/net/spegla: Makefile
pkgsrc/net/spread: Makefile
pkgsrc/net/spreadlogd: Makefile
pkgsrc/net/srsh: Makefile
pkgsrc/net/sslh: Makefile
pkgsrc/net/ssmping: Makefile
pkgsrc/net/ssync: Makefile
pkgsrc/net/stripes: Makefile
pkgsrc/net/sup: Makefile
pkgsrc/net/synergy: Makefile
pkgsrc/net/synergy1.2: Makefile
pkgsrc/net/sysmon: Makefile
pkgsrc/net/tacacs: Makefile
pkgsrc/net/tacacs-shrubbery: Makefile
pkgsrc/net/tcpdmerge: Makefile
pkgsrc/net/tcpdpriv: Makefile
pkgsrc/net/tcpdstat: Makefile
pkgsrc/net/tcpdump: Makefile
pkgsrc/net/tcpflow: Makefile
pkgsrc/net/tcpick: Makefile
pkgsrc/net/tcpillust: Makefile
pkgsrc/net/tcpreplay: Makefile
pkgsrc/net/tcpslice: Makefile
pkgsrc/net/tcptrace: Makefile
pkgsrc/net/tcptraceroute: Makefile
pkgsrc/net/teamspeak-client: Makefile
pkgsrc/net/teamspeak-server: Makefile
pkgsrc/net/tightvnc: Makefile
pkgsrc/net/tightvncviewer: Makefile
pkgsrc/net/tinc: Makefile
pkgsrc/net/tinyfugue: Makefile
pkgsrc/net/tkined: Makefile
pkgsrc/net/tn5250: Makefile
pkgsrc/net/tnftp: Makefile
pkgsrc/net/tnftpd: Makefile
pkgsrc/net/tor: Makefile
pkgsrc/net/torrentutils: Makefile
pkgsrc/net/totd: Makefile
pkgsrc/net/traceroute-as: Makefile
pkgsrc/net/traceroute-nanog: Makefile
pkgsrc/net/trafshow: Makefile
pkgsrc/net/trickle: Makefile
pkgsrc/net/tsclient: Makefile
pkgsrc/net/tsocks: Makefile
pkgsrc/net/tspc: Makefile
pkgsrc/net/ttt: Makefile
pkgsrc/net/twitux: Makefile
pkgsrc/net/ucarp: Makefile
pkgsrc/net/ucspi-ssl: Makefile
pkgsrc/net/ucspi-tcp: Makefile
pkgsrc/net/udns: Makefile
pkgsrc/net/udpcast: Makefile
pkgsrc/net/udptunnel: Makefile
pkgsrc/net/unbound: Makefile
pkgsrc/net/unfs3: Makefile
pkgsrc/net/unison: Makefile
pkgsrc/net/unison2.32: Makefile
pkgsrc/net/unworkable: Makefile
pkgsrc/net/upclient: Makefile
pkgsrc/net/upnpinspector: Makefile
pkgsrc/net/urlgfe: Makefile
pkgsrc/net/userppp: Makefile
pkgsrc/net/uucp: Makefile
pkgsrc/net/vcheck: Makefile
pkgsrc/net/vde: Makefile
pkgsrc/net/vinagre: Makefile
pkgsrc/net/vino: Makefile
pkgsrc/net/vnc: Makefile
pkgsrc/net/vncviewer: Makefile
pkgsrc/net/vnstat: Makefile
pkgsrc/net/vpnc: Makefile
pkgsrc/net/vsftpd: Makefile
pkgsrc/net/vtun: Makefile
pkgsrc/net/wakeup: Makefile
pkgsrc/net/walker: Makefile
pkgsrc/net/wap-utils: Makefile
pkgsrc/net/waste: Makefile
pkgsrc/net/wget: Makefile
pkgsrc/net/wgetpaste: Makefile
pkgsrc/net/whatmask: Makefile
pkgsrc/net/whois3: Makefile
pkgsrc/net/whoson: Makefile
pkgsrc/net/wide-dhcpv6: Makefile
pkgsrc/net/wimon: Makefile
pkgsrc/net/wireshark: Makefile
pkgsrc/net/wistumbler: Makefile
pkgsrc/net/wistumbler2: Makefile
pkgsrc/net/wistumbler2-gtk: Makefile
pkgsrc/net/wmget: Makefile
pkgsrc/net/wminet: Makefile
pkgsrc/net/wmnd: Makefile
pkgsrc/net/wmnet: Makefile
pkgsrc/net/wmpload: Makefile
pkgsrc/net/wol: Makefile
pkgsrc/net/wpa_gui: Makefile
pkgsrc/net/wpa_supplicant: Makefile
pkgsrc/net/wu-ftpd: Makefile
pkgsrc/net/x2vnc: Makefile
pkgsrc/net/xfce4-wavelan-plugin: Makefile
pkgsrc/net/xipdump: Makefile
pkgsrc/net/xmftp: Makefile
pkgsrc/net/xnap: Makefile
pkgsrc/net/xorp: Makefile
pkgsrc/net/xrmftp: Makefile
pkgsrc/net/xtraceroute: Makefile
pkgsrc/net/xymon: Makefile
pkgsrc/net/xymonclient: Makefile
pkgsrc/net/yafc: Makefile
pkgsrc/net/yale-tftpd: Makefile
pkgsrc/net/yaz: Makefile
pkgsrc/net/youtube-dl: Makefile
pkgsrc/net/ytalk: Makefile
pkgsrc/net/ywho: Makefile
pkgsrc/net/zeromq: Makefile
pkgsrc/net/zsync: Makefile
Log Message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
---
Module Name: pkgsrc
Committed By: tron
Date: Thu Nov 8 16:01:51 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
Log Message:
Explicitly disable Python support. This fixes build problems e.g. if the
"pkg_alternatives" package is installed and a binary called "python"
is available.
---
Module Name: pkgsrc
Committed By: pettai
Date: Sat Nov 10 23:45:39 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo options.mk
Log Message:
Added RRL (Response Rate Limiting) build option
---
Module Name: pkgsrc
Committed By: pettai
Date: Sun Nov 11 00:22:11 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
Log Message:
Remove the PATCH* lines from the Makefile
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 5 00:55:54 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.2pl1nb2 (BIND 9.9.2-P1) which solves CVE-2012-5688.
--- 9.9.2-P1 released ---
3407. [security] Named could die on specific queries with dns64 enabled.
[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
Revision 1.19 / (download) - annotate - [select for diffs], Wed Dec 5 00:55:54 2012 UTC (11 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.18: +2 -3
lines
Diff to previous 1.18 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.2pl1nb2 (BIND 9.9.2-P1) which solves CVE-2012-5688. --- 9.9.2-P1 released --- 3407. [security] Named could die on specific queries with dns64 enabled. [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
Revision 1.18 / (download) - annotate - [select for diffs], Sun Nov 11 00:22:11 2012 UTC (11 years, 5 months ago) by pettai
Branch: MAIN
Changes since 1.17: +1 -4
lines
Diff to previous 1.17 (colored) to selected 1.72 (colored)
Remove the PATCH* lines from the Makefile
Revision 1.17 / (download) - annotate - [select for diffs], Sat Nov 10 23:45:39 2012 UTC (11 years, 5 months ago) by pettai
Branch: MAIN
Changes since 1.16: +5 -2
lines
Diff to previous 1.16 (colored) to selected 1.72 (colored)
Added RRL (Response Rate Limiting) build option
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Sat Nov 10 19:22:49 2012 UTC (11 years, 5 months ago) by spz
Branch: pkgsrc-2012Q3
Changes since 1.11.2.1: +1 -0
lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored) to selected 1.72 (colored)
Pullup ticket #3966 - requested by tron net/bind99: build fix Revisions pulled up: - net/bind99/Makefile 1.16 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Thu Nov 8 16:01:51 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile Log Message: Explicitly disable Python support. This fixes build problems e.g. if the "pkg_alternatives" package is installed and a binary called "python" is available. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/bind99/Makefile
Revision 1.16 / (download) - annotate - [select for diffs], Thu Nov 8 16:01:51 2012 UTC (11 years, 5 months ago) by tron
Branch: MAIN
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored) to selected 1.72 (colored)
Explicitly disable Python support. This fixes build problems e.g. if the "pkg_alternatives" package is installed and a binary called "python" is available.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Oct 23 17:18:11 2012 UTC (11 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.14: +1 -3
lines
Diff to previous 1.14 (colored) to selected 1.72 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.14 / (download) - annotate - [select for diffs], Sun Oct 21 15:49:07 2012 UTC (11 years, 6 months ago) by cheusov
Branch: MAIN
Changes since 1.13: +3 -2
lines
Diff to previous 1.13 (colored) to selected 1.72 (colored)
Add CONFLICTS between net/bind and net/host. net/bind9*: remove "bind<x.y.z" entries from CONFLICTS. It is useless because package's PKGBASE is "bind".
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Wed Oct 10 13:48:13 2012 UTC (11 years, 6 months ago) by tron
Branch: pkgsrc-2012Q3
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored) to selected 1.72 (colored)
Pullup ticket #3944 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.12-1.13
- net/bind99/PLIST 1.3
- net/bind99/distinfo 1.9
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.3
- net/bind99/patches/patch-configure 1.3
- net/bind99/patches/patch-configure.in 1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 3 21:59:10 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
Log Message:
Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.
I hope that's all of them.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Oct 10 03:07:13 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
patch-configure patch-configure.in
Log Message:
Update bind99 to 9.9.2 (BIND 9.9.2).
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.
Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with UDP
clients, but could be a significant problem for a server handling a steady
rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone, or which
DLV records should be published in a DLV zone, and queries the DNS to ensure
that it exists. (Note: This tool depends on python; it will not be built or
installed on systems that do not have a python interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking
for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
to specify the maximum rsa exponent size that will be accepted when
validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
Revision 1.13 / (download) - annotate - [select for diffs], Wed Oct 10 03:07:12 2012 UTC (11 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.12: +2 -3
lines
Diff to previous 1.12 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.2 (BIND 9.9.2). Here are change changes from release note. Note security fixes except CVE-2012-5166 should be already fixed in previous version of bind99 package. Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes. Security Fixes * A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] * Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] * Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] * A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] * ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-checkds" command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * Adds configuration option "max-rsa-exponent-size <value>;" that can be used to specify the maximum rsa exponent size that will be accepted when validating [RT #29228] Feature Changes * Improves OpenSSL error logging [RT #29932] * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
Revision 1.12 / (download) - annotate - [select for diffs], Wed Oct 3 21:56:52 2012 UTC (11 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored) to selected 1.72 (colored)
Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them.
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Thu Sep 13 07:48:01 2012 UTC (11 years, 7 months ago) by sbd
Branch: pkgsrc-2012Q2
Changes since 1.6.2.1: +3 -3
lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored) to selected 1.72 (colored)
Pullup ticket #3919 - requested by taca net/bind?? CVE-2012-4244 security fix Revisions pulled up: - net/bind96/DESCR 1.2 - net/bind96/Makefile 1.29-1.30 - net/bind96/distinfo 1.20 - net/bind97/DESCR 1.2 - net/bind97/Makefile 1.18-1.19 - net/bind97/distinfo 1.16 - net/bind98/DESCR 1.2 - net/bind98/Makefile 1.15-1.16 - net/bind98/distinfo 1.14 - net/bind99/DESCR 1.2 - net/bind99/Makefile 1.10-1.11 - net/bind99/distinfo 1.8 --- Module Name: pkgsrc Committed By: wiz Date: Sun Aug 26 14:23:49 UTC 2012 Modified Files: pkgsrc/net/bind96: DESCR Makefile pkgsrc/net/bind97: DESCR Makefile pkgsrc/net/bind98: DESCR Makefile pkgsrc/net/bind99: DESCR Makefile Log Message: Make it clearer which package contains exactly which bind version. Patch from Bug Hunting. --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 13 01:32:55 UTC 2012 Modified Files: pkgsrc/net/bind96: Makefile distinfo Log Message: Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3). --- 9.6-ESV-R7-P3 released --- 3364. [security] Named could die on specially crafted record. [RT #30416] 3358 [bug] Fix declaration of fatal in bin/named/server.c and bin/nsupdate/main.c. [RT #30522] --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 13 01:33:40 UTC 2012 Modified Files: pkgsrc/net/bind97: Makefile distinfo Log Message: Update bind97 to bind-9.7.6pl3. --- 9.7.6-P3 released --- 3364. [security] Named could die on specially crafted record. [RT #30416] --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 13 01:35:18 UTC 2012 Modified Files: pkgsrc/net/bind98: Makefile distinfo Log Message: Update bind98 to 9.8.3pl3 (BIND 9.8.3-P3). --- 9.8.3-P3 released --- 3364. [security] Named could die on specially crafted record. [RT #30416] --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 13 01:35:56 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3). --- 9.9.1-P3 released --- 3364. [security] Named could die on specially crafted record. [RT #30416]
Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 13 01:35:56 2012 UTC (11 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base
Branch point for: pkgsrc-2012Q3
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3). --- 9.9.1-P3 released --- 3364. [security] Named could die on specially crafted record. [RT #30416]
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 26 14:23:49 2012 UTC (11 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored) to selected 1.72 (colored)
Make it clearer which package contains exactly which bind version. Patch from Bug Hunting.
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Wed Jul 25 10:30:24 2012 UTC (11 years, 8 months ago) by sbd
Branch: pkgsrc-2012Q2
Changes since 1.6: +2 -3
lines
Diff to previous 1.6 (colored) to selected 1.72 (colored)
Pullup ticket #3871 - requested by spz
net/bind99 security update
Revisions pulled up:
- net/bind99/Makefile 1.9
- net/bind99/distinfo 1.7
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 20:40:12 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
patch version fixing CVE-2012-3817 and CVE-2012-3868:
--- 9.9.1-P2 released ---
3349. [bug] Change #3345 was incomplete. [RT #30233]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jul 24 20:40:12 2012 UTC (11 years, 8 months ago) by spz
Branch: MAIN
Changes since 1.8: +2 -3
lines
Diff to previous 1.8 (colored) to selected 1.72 (colored)
patch version fixing CVE-2012-3817 and CVE-2012-3868:
--- 9.9.1-P2 released ---
3349. [bug] Change #3345 was incomplete. [RT #30233]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jul 10 10:23:03 2012 UTC (11 years, 9 months ago) by sbd
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) to selected 1.72 (colored)
Add and enable readline option. To make this work properly rework the readline detection to not use LIBS but instead use the new @LIBREADLINE@ AC_SUBST (This stops _everything_ being linked to libreadline!). Bump PKGREVISION.
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jul 10 07:52:46 2012 UTC (11 years, 9 months ago) by sbd
Branch: MAIN
Changes since 1.6: +1 -3
lines
Diff to previous 1.6 (colored) to selected 1.72 (colored)
Only set PTHREAD_AUTO_VARS if the threads options is enabled. Also move PTHREAD_OPTS to just above where pthread.buildlink3.mk is included.
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jun 14 07:45:39 2012 UTC (11 years, 10 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored) to selected 1.72 (colored)
Recursive PKGREVISION bump for libxml2 buildlink addition.
Revision 1.1.1.1.2.3 / (download) - annotate - [select for diffs], Tue Jun 5 08:26:51 2012 UTC (11 years, 10 months ago) by sbd
Branch: pkgsrc-2012Q1
Changes since 1.1.1.1.2.2: +1 -1
lines
Diff to previous 1.1.1.1.2.2 (colored) to branchpoint 1.1.1.1 (colored) next main 1.2 (colored) to selected 1.72 (colored)
Pullup ticket #3817 - requested by taca net/bind99 security update Revisions pulled up: - net/bind99/Makefile 1.5 - net/bind99/distinfo 1.5 --- Module Name: pkgsrc Committed By: taca Date: Mon Jun 4 13:24:28 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.1pl1 (BIND 9.9.1-P1). Security release for CVE-2012-1667. --- 9.9.1-P1 released --- 3331. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644]
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jun 4 13:24:28 2012 UTC (11 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored) to selected 1.72 (colored)
Update bind99 to 9.9.1pl1 (BIND 9.9.1-P1). Security release for CVE-2012-1667. --- 9.9.1-P1 released --- 3331. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644]
Revision 1.1.1.1.2.2 / (download) - annotate - [select for diffs], Tue May 22 09:09:52 2012 UTC (11 years, 11 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.1.1.1.2.1: +1 -2
lines
Diff to previous 1.1.1.1.2.1 (colored) to branchpoint 1.1.1.1 (colored) to selected 1.72 (colored)
Pullup ticket #3797 - requested by taca
net/bind99/: security update
Revisions pulled up:
- net/bind99/Makefile 1.3-1.4
- net/bind99/PLIST 1.2
- net/bind99/distinfo 1.4
- net/bind99/files/named9.sh 1.2
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.2
- net/bind99/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 12:00:15 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
pkgsrc/net/bind99/files: named9.sh
Log Message:
PR#45780 net/bind99: Fix chroot operation
DNSSEC related, bind99 needs same fix as bind98
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:31:07 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
Removed Files:
pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c
Log Message:
Update biind99 package to 9.9.1.
pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.
Changes from release announce:
Security Fixes
* Windows binary packages distributed by ISC are now built and linked
against OpenSSL 1.0.0i
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* A note will be added to the README in future releases to explain
that the improved scalability provided by using multiple threads
to listen for and process queries (change 3137, RT #22992) does
not provide any performance benefit when running BIND on versions
of the linux kernel that do not include the 'lockless UDP transmit
path' changes that were incorporated in 2.6.39. (Some linux
distributors may have provided this functionality under their
own version numbering systems).
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* named-checkconf now correctly validates dns64 clients acl
definitions. [RT #27631]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Improves DNS64 reverse zone performance. [RT #28563]
* Adds wire format lookup method to sdb. [RT #28563]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Prevents intermittent named crashes following an rndc reload [RT
#28606]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
* Prevents named crashes as a result of dereferencing a NULL pointer
in zmgr_start_xfrin_ifquota if the zone was being removed while
there were zone transfers still pending [RT #28419]
* Corrects a parser bug that could cause named to crash while
reading a malformed zone file. [RT #28467]
* Ensures that when a client recurses its status fields are
consistently set so that named doesn't fail on an INSIST in
client.c:exit_check. [RT #28346]
* Fixed a problem preventing proper use of 64 bit time values in
libbind. [RT # 26542]
* isccc/cc.c:table_fromwire could fail to free an allocated object
on error, leading to a possible memory leak condition. [RT #28265]
* Fixed a build error on systems without ENOTSUP. [RT #28200]
* The header file isc/hmacsha.h is now installed when building
BIND. [RT #28169]
* AAAA responses will no longer be returned in the additional
section when filter-aaaa-on-v4 is in use. (Prior to this change,
they would be returned for some query types). [RT #27292]
Revision 1.4 / (download) - annotate - [select for diffs], Tue May 22 03:31:07 2012 UTC (11 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.3: +2 -3
lines
Diff to previous 1.3 (colored) to selected 1.72 (colored)
Update biind99 package to 9.9.1. pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in. Changes from release announce: Security Fixes * Windows binary packages distributed by ISC are now built and linked against OpenSSL 1.0.0i New Features * None Feature Changes * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] * A note will be added to the README in future releases to explain that the improved scalability provided by using multiple threads to listen for and process queries (change 3137, RT #22992) does not provide any performance benefit when running BIND on versions of the linux kernel that do not include the 'lockless UDP transmit path' changes that were incorporated in 2.6.39. (Some linux distributors may have provided this functionality under their own version numbering systems). Bug Fixes * The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi-threaded environment. (Note that this may not provide a measurable improvement over previous versions of BIND, but it corrects the performance impact of change 3309 / RT #27995) [RT #29239] * Addresses a race condition that can cause named to to crash when the masters list for a zone is updated via rndc reload/reconfig [RT #26732] * named-checkconf now correctly validates dns64 clients acl definitions. [RT #27631] * Fixes a race condition in zone.c that can cause named to crash during the processing of rndc delzone [RT #29028] * Prevents a named segfault from resolver.c due to procedure fctx_finddone() not being thread-safe. [RT #27995] * Improves DNS64 reverse zone performance. [RT #28563] * Adds wire format lookup method to sdb. [RT #28563] * Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering an assertion when flushing cache data. [RT #28571] * Prevents intermittent named crashes following an rndc reload [RT #28606] * Resolves inconsistencies in locating DNSSEC keys where zone names contain characters that require special mappings [RT #28600] * A new flag -R has been added to queryperf for running tests using non-recursive queries. It also now builds correctly on MacOS version 10.7 (darwin) [RT #28565] * Named no longer crashes if gssapi is enabled in named.conf but was not compiled into the binary [RT #28338] * SDB now handles unexpected errors from back-end database drivers gracefully instead of exiting on an assert. [RT #28534] * Prevents named crashes as a result of dereferencing a NULL pointer in zmgr_start_xfrin_ifquota if the zone was being removed while there were zone transfers still pending [RT #28419] * Corrects a parser bug that could cause named to crash while reading a malformed zone file. [RT #28467] * Ensures that when a client recurses its status fields are consistently set so that named doesn't fail on an INSIST in client.c:exit_check. [RT #28346] * Fixed a problem preventing proper use of 64 bit time values in libbind. [RT # 26542] * isccc/cc.c:table_fromwire could fail to free an allocated object on error, leading to a possible memory leak condition. [RT #28265] * Fixed a build error on systems without ENOTSUP. [RT #28200] * The header file isc/hmacsha.h is now installed when building BIND. [RT #28169] * AAAA responses will no longer be returned in the additional section when filter-aaaa-on-v4 is in use. (Prior to this change, they would be returned for some query types). [RT #27292]
Revision 1.3 / (download) - annotate - [select for diffs], Sun May 20 12:00:15 2012 UTC (11 years, 11 months ago) by marino
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored) to selected 1.72 (colored)
PR#45780 net/bind99: Fix chroot operation DNSSEC related, bind99 needs same fix as bind98
Revision 1.1.1.1.2.1 / (download) - annotate - [select for diffs], Thu May 3 18:13:43 2012 UTC (11 years, 11 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.1.1.1: +1 -0
lines
Diff to previous 1.1.1.1 (colored) to selected 1.72 (colored)
Pullup ticket #3762 - requested by taca net/bind99: security patch Revisions pulled up: - net/bind99/Makefile 1.2 - net/bind99/distinfo 1.3 - net/bind99/patches/patch-lib_dns_resolver.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue May 1 02:47:52 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile distinfo Added Files: pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c Log Message: Add fix to a race condition in the resolver code that can cause a recursive nameserver: <https://kb.isc.org/article/AA-00664>. Bump PKGREVISION.
Revision 1.2 / (download) - annotate - [select for diffs], Tue May 1 02:47:52 2012 UTC (11 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored) to selected 1.72 (colored)
Add fix to a race condition in the resolver code that can cause a recursive nameserver: <https://kb.isc.org/article/AA-00664>. Bump PKGREVISION.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Mar 7 14:25:00 2012 UTC (12 years, 1 month ago) by taca
Branch: TNF
CVS Tags: pkgsrc-base,
pkgsrc-2012Q1-base
Branch point for: pkgsrc-2012Q1
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored) to selected 1.72 (colored)
Importing BIND 9.9.0 as pkgsrc/net/bind99. Introduction BIND 9.9.0 is the first production release of BIND 9.9. This document summarizes changes from BIND 9.8 to BIND 9.9. Please see the CHANGES file in the source code release for a complete list of all changes. New Features * The new "inline-signing" option * NXDOMAIN redirection * "rndc flushtree <name>" command * "rndc sync" command * The new "rndc signing" command * "auto-dnssec" zones * Improves the startup time And more.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Mar 7 14:25:00 2012 UTC (12 years, 1 month ago) by taca
Branch: MAIN
Diff to selected 1.72 (colored)
Initial revision