./net/bind96, Version 9 of the Berkeley Internet Name Daemon, implementation of DNS

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2009Q2, Version: 9.6.1pl1, Package name: bind-9.6.1pl1, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self


Required to build:
[devel/libtool-base] [lang/perl5]

Package options: inet6, threads

Master sites: (Expand)

SHA1: b266511994525b6203af173fd6dda9db58c500a8
RMD160: 7421f22f0f30c70ba0324216a4410a2682ecdf1a
Filesize: 6446.493 KB

Version history: (Expand)


CVS history: (Expand)


   2009-09-05 10:52:22 by S.P.Zeidler | Files touched by this commit (1)
Log message:
should have been deleted with pullup #2844 already
   2009-07-29 09:59:53 by S.P.Zeidler | Files touched by this commit (9) | Package updated
Log message:
Pullup ticket 2844 - requested by reed
security update
last part of pullups for PR 41796

Revisions pulled up:
- pkgsrc/net/bind96/Makefile			1.7
- pkgsrc/net/bind96/PLIST			1.3
- pkgsrc/net/bind96/distinfo			1.4
- pkgsrc/net/bind96/options.mk			1.2
- pkgsrc/net/bind96/patches/patch-ab		1.2
- pkgsrc/net/bind96/patches/patch-ac		1.3
- pkgsrc/net/bind96/patches/patch-ad		1.2
- pkgsrc/net/bind96/patches/patch-ag		1.2
- pkgsrc/net/bind96/patches/patch-aj		1.1

   Module Name:    pkgsrc
   Committed By:   obache
   Date:           Fri Jul 24 12:30:00 UTC 2009

   Modified Files:
           pkgsrc/net/bind9: Makefile
           pkgsrc/net/bind95: Makefile
           pkgsrc/net/bind96: Makefile

   Log message:
   Update HOMEPAGE url.

   To generate a diff of this commit:
   cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/bind9/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/Makefile
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/Makefile

   Module Name:    pkgsrc
   Committed By:   obache
   Date:           Sun Jul 26 09:07:58 UTC 2009

   Modified Files:
           pkgsrc/net/bind96: Makefile PLIST distinfo options.mk
           pkgsrc/net/bind96/patches: patch-ab patch-ac patch-ad patch-ag
   Removed Files:
           pkgsrc/net/bind96/patches: patch-aj

   Log message:
   Update bind96 to 9.6.1.
   Based on PR 41772 by Robert Elz.

   Pkgsrc changes:
    o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
    o remove patch-aj, libbind has been removed from the BIND 9 distribution
      since 9.6.0.
    o add bind-dig-sigchase option. requested by PR 41751.

   Changes since 9.6.0:

           --- 9.6.1 released ---

   2607.   [bug]           named could incorrectly delete NSEC3 records for
                           empty nodes when processing a update request.
                           [RT #19749]

   2606.   [bug]           "delegation-only" was not being accepted in
                           delegation-only type zones. [RT #19717]

   2605.   [bug]           Accept DS responses from delegation only zones.
                           [RT # 19296]

   2603.   [port]          win32: handle .exe extension of named-checkzone and
                           named-comilezone argv[0] names under windows.
                           [RT #19767]

   2602.   [port]          win32: fix debugging command line build of libisccfg.
                           [RT #19767]

           --- 9.6.1rc1 released ---

   2599.   [bug]           Address rapid memory growth when validation fails.
                           [RT #19654]

   2597.   [bug]           Handle a validation failure with a insecure delegation
                           from a NSEC3 signed master/slave zone.  [RT #19464]

   2596.   [bug]           Stale tree nodes of cache/dynamic rbtdb could stay
                           long, leading to inefficient memory usage or rejecting
                           newer cache entries in the worst case. [RT #19563]

   2595.   [bug]           Fix unknown extended rcodes in dig. [RT #19625]

   2592.   [bug]           Treat "any" as a type in nsupdate. [RT #19455]

   2591.   [bug]           named could die when processing a update in
                           removed_orphaned_ds(). [RT #19507]

   2588.   [bug]           SO_REUSEADDR could be set unconditionally after failure
                           of bind(2) call.  This should be rare and mostly
                           harmless, but may cause interference with other
                           processes that happen to use the same port. [RT #19642]

   2586.   [bug]           Missing cleanup of SIG rdataset in searching a DLZ DB
                           or SDB. [RT #19577]

   2585.   [bug]           Uninitialized socket name could be referenced via a
                           statistics channel, triggering an assertion failure in
                           XML rendering. [RT #19427]

   2584.   [bug]           alpha: gcc optimization could break atomic operations.
                           [RT #19227]

   2583.   [port]          netbsd: provide a control to not add the compile
                           date to the version string, -DNO_VERSION_DATE.

   2582.   [bug]           Don't emit warning log message when we attempt to
                           remove non-existant journal. [RT #19516]

   2579.   [bug]           DNSSEC lookaside validation failed to handle unknown
                           algorithms. [RT #19479]

   2578.   [bug]           Changed default sig-signing-type to 65534, because
                           65535 turns out to be reserved.  [RT #19477]

   2499.   [port]          solaris: lib/lwres/getaddrinfo.c namespace clash.
                           [RT #18837]

           --- 9.6.1b1 released ---

   2577.   [doc]           Clarified some statistics counters. [RT #19454]

   2576.   [bug]           NSEC record were not being correctly signed when
                           a zone transitions from insecure to secure.
                           Handle such incorrectly signed zones. [RT #19114]

   2574.   [doc]           Document nsupdate -g and -o. [RT #19351]

   2573.   [bug]           Replacing a non-CNAME record with a CNAME record in a
                           single transaction in a signed zone failed. [RT #19397]

   2568.   [bug]           Report when the write to indicate a otherwise
                           successful start fails. [RT #19360]

   2567.   [bug]           dst__privstruct_writefile() could miss write errors.
                           write_public_key() could miss write errors.
                           dnssec-dsfromkey could miss write errors.
                           [RT #19360]

   2564.   [bug]           Only take EDNS fallback steps when processing timeouts.
                           [RT #19405]

   2563.   [bug]           Dig could leak a socket causing it to wait forever
                           to exit. [RT #19359]

   2562.   [doc]           ARM: miscellaneous improvements, reorganization,
                           and some new content.

   2561.   [doc]           Add isc-config.sh(1) man page. [RT #16378]

   2560.   [bug]           Add #include <config.h> to iptable.c. [RT #18258]

   2559.   [bug]           dnssec-dsfromkey could compute bad DS records when
                           reading from a K* files.  [RT #19357]

   2557.   [cleanup]       PCI compliance:
                           * new libisc log module file
                           * isc_dir_chroot() now also changes the working
                             directory to "/".
                           * additional INSISTs
                           * additional logging when files can't be removed.

   2556.   [port]          Solaris: mkdir(2) on tmpfs filesystems does not do the
                           error checks in the correct order resulting in the
                           wrong error code sometimes being returned. [RT #19249]

   2554.   [bug]           Validation of uppercase queries from NSEC3 zones could
                           fail. [RT #19297]

   2553.   [bug]           Reference leak on DNSSEC validation errors. [RT #19291]

   2552.   [bug]           zero-no-soa-ttl-cache was not being honoured.
                           [RT #19340]

   2551.   [bug]           Potential Reference leak on return. [RT #19341]

   2550.   [bug]           Check --with-openssl=<path> finds \ 
<openssl/opensslv.h>.
                           [RT #19343]

   2549.   [port]          linux: define NR_OPEN if not currently defined.
                           [RT #19344]

   2548.   [bug]           Install iterated_hash.h. [RT #19335]

   2547.   [bug]           openssl_link.c:mem_realloc() could reference an
                           out-of-range area of the source buffer.  New public
                           function isc_mem_reallocate() was introduced to address
                           this bug. [RT #19313]

   2545.   [doc]           ARM: Legal hostname checking (check-names) is
                           for SRV RDATA too. [RT #19304]

   2544.   [cleanup]       Removed unused structure members in adb.c. [RT #19225]

   2543.   [contrib]       Update contrib/zkt to version 0.98. [RT #19113]

   2542.   [doc]           Update the description of dig +adflag. [RT #19290]

   2541.   [bug]           Conditionally update dispatch manager statistics.
                           [RT #19247]

   2539.   [security]      Update the interaction between recursion, allow-query,
                           allow-query-cache and allow-recursion.  [RT #19198]

   2538.   [bug]           cache/ADB memory could grow over max-cache-size,
                           especially with threads and smaller max-cache-size
                           values. [RT #19240]

   2537.   [experimental]  Added more statistics counters including those on socket
                           I/O events and query RTT histograms. [RT #18802]

   2536.   [cleanup]       Silence some warnings when -Werror=format-security is
                           specified. [RT #19083]

   2535.   [bug]           dig +showsearh and +trace interacted badly. [RT #19091]

   2532.   [bug]           dig: check the question section of the response to
                           see if it matches the asked question. [RT #18495]

   2531.   [bug]           Change #2207 was incomplete. [RT #19098]

   2530.   [bug]           named failed to reject insecure to secure transitions
                           via UPDATE. [RT #19101]

   2529.   [cleanup]       Upgrade libtool to silence complaints from recent
                           version of autoconf. [RT #18657]

   2528.   [cleanup]       Silence spurious configure warning about
                           --datarootdir [RT #19096]

   2527.   [bug]           named could reuse cache on reload with
                           enabling/disabling validation. [RT #19119]

   2525.   [experimental]  New logging category "query-errors" to \ 
provide detailed
                           internal information about query failures, especially
                           about server failures. [RT #19027]

   2524.   [port]          sunos: dnssec-signzone needs strtoul(). [RT #19129]

   2523.   [bug]           Random type rdata freed by dns_nsec_typepresent().
                           [RT #19112]

   2522.   [security]      Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

   2521.   [bug]           Improve epoll cross compilation support. [RT #19047]

   2519.   [bug]           dig/host with -4 or -6 didn't work if more than two
                           nameserver addresses of the excluded address family
                           preceded in resolv.conf. [RT #19081]

   2517.   [bug]           dig +trace with -4 or -6 failed when it chose a
                           nameserver address of the excluded address.
                           [RT #18843]

   2516.   [bug]           glue sort for responses was performed even when not
                           needed. [RT #19039]

   2514.   [bug]           dig/host failed with -4 or -6 when resolv.conf contains
                           a nameserver of the excluded address family.
                           [RT #18848]

   2511.   [cleanup]       dns_rdata_tofmttext() add const to linebreak.
                           [RT #18885]

   2506.   [port]          solaris: Check at configure time if
                           hack_shutup_pthreadonceinit is needed. [RT #19037]

   2505.   [port]          Treat amd64 similarly to x86_64 when determining
                           atomic operation support. [RT #19031]

   2503.   [port]          linux: improve compatibility with Linux Standard
                           Base. [RT #18793]

   2502.   [cleanup]       isc_radix: Improve compliance with coding style,
                           document function in <isc/radix.h>. [RT #18534]

   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/Makefile
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/PLIST
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/distinfo
   cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/options.mk
   cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/patches/patch-ab \
       pkgsrc/net/bind96/patches/patch-ad pkgsrc/net/bind96/patches/patch-ag
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/patches/patch-ac
   cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/net/bind96/patches/patch-aj

   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Wed Jul 29 00:03:38 UTC 2009

   Modified Files:
           pkgsrc/net/bind96: Makefile distinfo

   Log message:
   Update to 9.6.1-P1.
   This is for PR pkg/41796: Security fix CVE-2009-0696

   To generate a diff of this commit:
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind96/Makefile
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/distinfo

   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Wed Jul 29 00:16:33 UTC 2009

   Modified Files:
           pkgsrc/net/bind96: Makefile

   Log message:
   Fix PKGNAME that I broke.

   To generate a diff of this commit:
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind96/Makefile