2012-09-13 03:33:40 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update bind97 to bind-9.7.6pl3.
--- 9.7.6-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
|
2012-08-26 16:23:49 by Thomas Klausner | Files touched by this commit (8) |
Log message:
Make it clearer which package contains exactly which bind version.
Patch from Bug Hunting.
|
2012-07-24 23:01:11 by S.P.Zeidler | Files touched by this commit (2) |
Log message:
patch release with fix for CVE-2012-3817:
--- 9.7.6-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
2012-06-14 09:45:42 by Steven Drake | Files touched by this commit (1202) |
Log message:
Recursive PKGREVISION bump for libxml2 buildlink addition.
|
2012-06-04 15:27:32 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update bind97 to 9.7.6pl1 (BIND 9.7.6-P1).
Security release for CVE-2012-1667.
--- 9.7.6-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
2012-05-22 05:33:28 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
Update bind97 package to 9.7.6.
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
|
2012-05-01 04:48:58 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.
Bump PKGREVISION.
|
2012-04-05 02:40:09 by Takahiro Kambe | Files touched by this commit (5) |
Log message:
Update bind97 package to 9.7.5.
Security Fixes
+ BIND 9 nameservers performing recursive queries could cache an
invalid record and subsequent queries for that record could
crash the resolvers with an assertion failure. [RT #26590]
[CVE-2011-4313]
Feature Changes
+ It is now possible to explicitly disable DLV in named.conf by
specifying "dnssec-lookaside no;". This is the default, but the
ability to configure it makes it clearly visible to administrators.
[RT #24858]
+ --enable-developer, a new composite argument to the configure
script, enables a set of build options normally disabled but
frequently selected in test or development builds, specifically:
enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
Darwin, also enable_exportlib) [RT #27103]
|
2012-03-12 16:40:16 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Don't install doc/arm HTML files twice.
|
2011-11-16 22:49:57 by S.P.Zeidler | Files touched by this commit (2) |
Log message:
BIND 9.7.4-P1 is a security patch for BIND 9.7.4.
* BIND 9 nameservers performing recursive queries could cache an invalid
record and subsequent queries for that record could crash the resolvers
with an assertion failure. [RT #26590]
|