2021-06-17 14:14:45 by Juraj Lutter | Files touched by this commit (2) |
Log message:
net/bind911: Update to 9.11.33
This is a maintenance release.
Release notes:
https://bind.isc.org/doc/arm/9.11/Bv9ARM.ch09.html#relnotes-9.11.33
|
2021-06-02 17:34:31 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
netb/bind911: reset PKGREVISION
|
2021-06-02 17:33:50 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind911: update to 9.11.32
Notes for BIND 9.11.32
Feature Changes
* DNSSEC responses containing NSEC3 records with iteration counts greater
than 150 are now treated as insecure. [GL #2445]
* The maximum supported number of NSEC3 iterations that can be configured
for a zone has been reduced to 150. [GL #2642]
* The implementation of the ZONEMD RR type has been updated to match RFC
8976. [GL #2658]
|
2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575) |
Log message:
*: recursive bump for perl 5.34
|
2021-04-29 07:54:13 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind911: update to 9.11.31
Security release.
--- 9.11.31 released ---
5621. [bug] Due to a backporting mistake in change 5609, named
binaries built against a Kerberos/GSSAPI library whose
header files did not define the GSS_SPNEGO_MECHANISM
preprocessor macro were not able to start if their
configuration included the "tkey-gssapi-credential"
option. This has been fixed. [GL #2634]
--- 9.11.30 released ---
5617. [security] A specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO.
(CVE-2021-25216) [GL #2604]
5616. [security] named crashed when a DNAME record placed in the ANSWER
section during DNAME chasing turned out to be the final
answer to a client query. (CVE-2021-25215) [GL #2540]
5615. [security] Insufficient IXFR checks could result in named serving a
zone without an SOA record at the apex, leading to a
RUNTIME_CHECK assertion failure when the zone was
subsequently refreshed. This has been fixed by adding an
owner name check for all SOA records which are included
in a zone transfer. (CVE-2021-25214) [GL #2467]
5614. [bug] Ensure all resources are properly cleaned up when a call
to gss_accept_sec_context() fails. [GL #2620]
5609. [func] The ISC implementation of SPNEGO was removed from BIND 9
source code. It was no longer necessary as all major
contemporary Kerberos/GSSAPI libraries include support
for SPNEGO. [GL #2607]
|
2021-04-21 13:43:04 by Adam Ciarcinski | Files touched by this commit (1822) |
Log message:
revbump for textproc/icu
|
2021-03-21 05:08:44 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind911: update to 9.11.29
--- 9.11.29 released ---
5586. [bug] An invalid direction field in a LOC record resulted in
an INSIST failure when a zone file containing such a
record was loaded. [GL #2499]
|
2021-02-17 22:45:19 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
bind: update to 9.11.28.
--- 9.11.28 released ---
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
(CVE-2020-8625) [GL #2354]
|
2021-01-29 19:25:34 by Juraj Lutter | Files touched by this commit (2) |
Log message:
net/bind911: Update to 9.11.27
- Changelog:
* Bug Fixes:
- Multiple threads could attempt to destroy a single RBTDB instance at the
same time, resulting in an unpredictable but low-probability assertion
failure in free_rbtdb(). This has been fixed. [GL #2317]
- Full changelog at:
https://downloads.isc.org/isc/bind9/9.11.27/RELEASE-NOTES-bind-9.11.27.html
|
2021-01-29 19:00:21 by Juraj Lutter | Files touched by this commit (2) |
Log message:
net/bind911: Switch to https download
- Switch to https download
- Do not try to download no longer existing file
|