./net/bind99, Berkeley Internet Name Daemon implementation of DNS, version 9.9

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 9.9.9pl6nb1, Package name: bind-9.9.9pl6nb1, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.9 release.


Required to build:
[pkgtools/cwrappers]

Package options: inet6, readline, threads

Master sites:

SHA1: 620ffa8c7b2e6b650c4c76fe29dba75bc9281037
RMD160: f7a96e6407769b6577e457a4f03a137ffb050d44
Filesize: 8573.037 KB

Version history: (Expand)


CVS history: (Expand)


   2017-02-24 16:46:14 by Filip Hajny | Files touched by this commit (4)
Log message:
Fix bind.keys PLIST handling, thanks joerg@ for the notice.
   2017-02-20 16:19:54 by Filip Hajny | Files touched by this commit (6) | Package updated
Log message:
Change bind99 and bind910 package to use the standard PKG_SYSCONFDIR
for config files instead of the hardcoded /etc path. Sync SMF support
across the two packages. Bump PKGREVISION.
   2017-02-09 01:50:15 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).

Security Fixes

     * If a server is configured with a response policy zone (RPZ) that
       rewrites an answer with local data, and is also configured for
       DNS64 address mapping, a NULL pointer can be read triggering a
       server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
     * named could mishandle authority sections with missing RRSIGs,
       triggering an assertion failure. This flaw is disclosed in
       CVE-2016-9444. [RT #43632]
     * named mishandled some responses where covering RRSIG records were
       returned without the requested data, resulting in an assertion
       failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
     * named incorrectly tried to cache TKEY records which could trigger
       an assertion failure when there was a class mismatch. This flaw is
       disclosed in CVE-2016-9131. [RT #43522]
     * It was possible to trigger assertions when processing responses
       containing answers of type DNAME. This flaw is disclosed in
       CVE-2016-8864. [RT #43465]
     * It was possible to trigger an assertion when rendering a message
       using a specially crafted request. This flaw is disclosed in
       CVE-2016-2776. [RT #43139]
     * Calling getrrsetbyname() with a non- absolute name could trigger an
       infinite recursion bug in lwresd or named with lwres configured if,
       when combined with a search list entry from resolv.conf, the
       resulting name is too long. This flaw is disclosed in
       CVE-2016-2775. [RT #42694]

Feature Changes

     * None.

Porting Changes

     * None.

Bug Fixes

     * A synthesized CNAME record appearing in a response before the
       associated DNAME could be cached, when it should not have been.
       This was a regression introduced while addressing CVE-2016-8864.
       [RT #44318]
     * Windows installs were failing due to triggering UAC without the
       installation binary being signed.
     * A race condition in rbt/rbtdb was leading to INSISTs being
       triggered.
   2017-01-12 01:05:46 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update bind99 to 9.9.9pl5 (BIND 9.9.9-P5), including security fixes.

	--- 9.9.9-P5 released ---

4530.	[bug]		Change 4489 broke the handling of CNAME -> DNAME
			in responses resulting in SERVFAIL being returned.
			[RT #43779]

4528.	[bug]		Only set the flag bits for the i/o we are waiting
			for on EPOLLERR or EPOLLHUP. [RT #43617]

4519.	[port]		win32: handle ERROR_MORE_DATA. [RT #43534]

4517.	[security]	Named could mishandle authority sections that were
			missing RRSIGs triggering an assertion failure.
			(CVE-2016-9444) [RT # 43632]

4510.	[security]	Named mishandled some responses where covering RRSIG
			records are returned without the requested data
			resulting in a assertion failure. (CVE-2016-9147)
			[RT #43548]

4508.	[security]	Named incorrectly tried to cache TKEY records which
			could trigger a assertion failure when there was
			a class mismatch. (CVE-2016-9131) [RT #43522]
   2016-11-06 12:07:00 by Thomas Klausner | Files touched by this commit (1)
Log message:
belnet mirror of isc reports 404, remove it.
   2016-11-02 01:06:09 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update bind99 to 9.9.9pl4 (BIND 9.9.9-P4).

	--- 9.9.9-P4 released ---

4489.	[security]	It was possible to trigger assertions when processing
			a response. (CVE-2016-8864) [RT #43465]
   2016-10-09 23:42:04 by Thomas Klausner | Files touched by this commit (110)
Log message:
Recursive bump for all users of pgsql now that the default is 95.
   2016-09-27 19:13:42 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update bind99 to 9.9.9pl3 (BIND 9.9.9-P3), fixing CVE-2016-2776.

	--- 9.9.9-P3 released ---

4467.	[security]	It was possible to trigger a assertion when rendering
			a message. (CVE-2016-2776) [RT #43139]