./net/bind910, Berkeley Internet Name Daemon implementation of DNS, version 9.10

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2015Q4, Version: 9.10.3pl4, Package name: bind-9.10.3pl4, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.10 release.



Package options: inet6, readline, threads

Master sites: (Expand)

SHA1: c3f87804b2b950a0be8122c41ebbc253d0624786
RMD160: 75af2755febcd4b5a6f1b15c14d76ed4b1b11ba8
Filesize: 8329.624 KB

Version history: (Expand)

CVS history: (Expand)


   2016-03-11 10:38:01 by Benny Siegert | Files touched by this commit (2) 
Log message:
Pullup ticket #4949 - requested by taca
net/bind910: security fix

Revisions pulled up:
- net/bind910/Makefile                                          1.18
- net/bind910/distinfo                                          1.15

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Mar 10 00:48:41 UTC 2016

   Modified Files:
   	pkgsrc/net/bind910: Makefile distinfo

   Log message:
   Update bind910 to 9.10.3pl4 (BIND 9.10.3-P4), security release.

   	--- 9.10.3-P4 released ---

   4322.	[security]	Duplicate EDNS COOKIE options in a response could
   			trigger an assertion failure. (CVE-2016-2088)
   			[RT #41809]

   4319.	[security]	Fix resolver assertion failure due to improper
   			DNAME handling when parsing fetch reply messages.
   			(CVE-2016-1286) [RT #41753]

   4318.	[security]	Malformed control messages can trigger assertions
   			in named and rndc. (CVE-2016-1285) [RT #41666]
   2016-01-20 20:32:01 by Benny Siegert | Files touched by this commit (2) 
Log message:
Pullup ticket #4901 - requested by taca
net/bind910: security fix

Revisions pulled up:
- net/bind910/Makefile                                          1.15
- net/bind910/distinfo                                          1.14

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Jan 20 02:15:58 UTC 2016

   Modified Files:
           pkgsrc/net/bind910: Makefile distinfo

   Log message:
   Update bind910 to 9.10.3pl3 (BIND 9.10.3-P3).

   Security Fixes

        * Specific APL data could trigger an INSIST. This flaw was discovered
          by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]
        * Certain errors that could be encountered when printing out or
          logging an OPT record containing a CLIENT-SUBNET option could be
          mishandled, resulting in an assertion failure. This flaw was
          discovered by Brian Mitchell and is disclosed in CVE-2015-8705. [RT
          #41397]
        * Named is potentially vulnerable to the OpenSSL vulnerabilty
          described in CVE-2015-3193.
        * Insufficient testing when parsing a message allowed records with an
          incorrect class to be be accepted, triggering a REQUIRE failure
          when those records were subsequently cached. This flaw is disclosed
          in CVE-2015-8000. [RT #40987]
        * Incorrect reference counting could result in an INSIST failure if a
          socket error occurred while performing a lookup. This flaw is
          disclosed in CVE-2015-8461. [RT#40945]

   New Features

        * None.

   Feature Changes

        * Updated the compiled in addresses for H.ROOT-SERVERS.NET.

   Bug Fixes

        * Authoritative servers that were marked as bogus (e.g. blackholed in
          configuration or with invalid addresses) were being queried anyway.
          [RT #41321]