pkgsrc.se | The NetBSD package collection

./net/bind910, Berkeley Internet Name Daemon implementation of DNS, version 9.10

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2017Q1, Version: 9.10.4pl8, Package name: bind-9.10.4pl8, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.10 release.

Required to build:
[pkgtools/cwrappers]

Package options: inet6, readline, threads

Master sites:

ftp://ftp.isc.org/isc/bind9/9.10.4-P8/ (Download)

SHA1: 33a4c37bb85f632e7002bc157e9d357e389466da
RMD160: dec49998fd31d431d1d7f77545fb7de8fd36237b
Filesize: 9104.776 KB

Version history: (Expand)

(2017-04-13) Updated to version: bind-9.10.4pl8
(2017-04-04) Package added to pkgsrc.se, version bind-9.10.4pl6nb1 (created)

CVS history: (Expand)

2017-04-13 13:29:32 by Benny Siegert | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #5272 - requested by taca
net/bind910: security fix

Revisions pulled up:
- net/bind910/Makefile                                          1.32
- net/bind910/distinfo                                          1.23

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Apr 13 01:52:42 UTC 2017

   Modified Files:
   	pkgsrc/net/bind910: Makefile distinfo

   Log message:
   Update bind910 to 9.10.4pl8 (BIND 9.10.4-P8).

   Quote from release announce:

      BIND 9.10.4-P8 addresses the security issues described in
      CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the
      built-in trusted keys for the root zone.

   From CHANGELOG:

   	--- 9.10.4-P8 released ---

   4582.	[security]	'rndc ""' could trigger a assertion failure in named.
   			(CVE-2017-3138) [RT #44924]

   4580.	[bug]		4578 introduced a regression when handling CNAME to
   			referral below the current domain. [RT #44850]

   	--- 9.10.4-P7 released ---

   4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
   			queries could trigger assertion failures.
   			(CVE-2017-3137) [RT #44734]

   4575.	[security]	DNS64 with "break-dnssec yes;" can result in an
   			assertion failure. (CVE-2017-3136) [RT #44653]

   4564.	[maint]		Update the built in managed keys to include the
   			upcoming root KSK. [RT #44579]