./net/bind99, Berkeley Internet Name Daemon implementation of DNS, version 9.9

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2017Q1, Version: 9.9.9pl8, Package name: bind-9.9.9pl8, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.9 release.

Required to build:

Package options: inet6, readline, threads

Master sites:

SHA1: da2e566ddc16d4a4cfcc6ae4580bec62de645ae6
RMD160: f8f4e121a116ee89a4f14a3d58bdad8312c19e04
Filesize: 8584.817 KB

Version history: (Expand)

CVS history: (Expand)

   2017-04-13 13:54:13 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #5273 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                           1.66
- net/bind99/distinfo                                           1.44

   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Apr 13 01:53:35 UTC 2017

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log message:
   Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8).

   Quote from release announce:

      BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
      CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
      for the root zone.

   Quote from CHANGELOG:

   	--- 9.9.9-P8 released ---

   4582.	[security]	'rndc ""' could trigger a assertion failure in named.
   			(CVE-2017-3138) [RT #44924]

   4580.	[bug]		4578 introduced a regression when handling CNAME to
   			referral below the current domain. [RT #44850]

   	--- 9.9.9-P7 released ---

   4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
   			queries could trigger assertion failures.
   			(CVE-2017-3137) [RT #44734]

   4575.	[security]	DNS64 with "break-dnssec yes;" can result in an
   			assertion failure. (CVE-2017-3136) [RT #44653]

   4564.	[maint]		Update the built in managed keys to include the
   			upcoming root KSK. [RT #44579]