./net/bind911, Berkeley Internet Name Daemon implementation of DNS, version 9.11

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 9.11.23, Package name: bind-9.11.23, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.11 release.

- Catalog Zones, a new method for provisioning servers
- "dnstap", a fast and flexible method of capturing and logging
DNS traffic.
- "dyndb", a new API for loading zone data from an external database
- dnssec-keymgr, a new key mainenance utility
- mdig, an alternate version of dig utility
- And more...

MESSAGE.rcd [+/-]

Required to run:
[security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, readline, threads

Master sites:

SHA1: ad66e80ce0a0e5460cfd9a1c9e308fdc069dc51d
RMD160: c9f597d963792d179d104dba6ddb796b7c5ade71
Filesize: 8064.278 KB

Version history: (Expand)


CVS history: (Expand)


   2020-09-19 15:07:00 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.23

Update bind911 package to 9.11.23.

	--- 9.11.23 released ---

5497.	[bug]		'dig +bufsize=0' failed to disable EDNS. [GL #2054]

5496.	[bug]		Address a TSAN report by ensuring each rate limiter
			object holds a reference to its task. [GL #2081]

5492.	[bug]		Tighten LOC parsing to reject a period (".") and/or \ 
"m"
			as a value. Fix handling of negative altitudes which are
			not whole meters. [GL #2074]

5489.	[bug]		Named erroneously accepted certain invalid resource
			records that were incorrectly processed after
			subsequently being written to disk and loaded back, as
			the wire format differed. Such records include: CERT,
			IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
			X25. [GL !3953]

5488.	[bug]		NTA code needed to have a weak reference on its
			associated view to prevent the latter from being deleted
			while NTA tests were being performed. [GL #2067]
   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | Package updated
Log message:
*: bump PKGREVISION for perl-5.32.
   2020-08-21 18:09:44 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.22

Update bind911 to 9.11.22 (BIND 9.11.22).

	--- 9.11.22 released ---

5481.	[security]	"update-policy" rules of type "subdomain" were
			incorrectly treated as "zonesub" rules, which allowed
			keys used in "subdomain" rules to update names outside
			of the specified subdomains. The problem was fixed by
			making sure "subdomain" rules are again processed as
			described in the ARM. (CVE-2020-8624) [GL #2055]

5480.	[security]	When BIND 9 was compiled with native PKCS#11 support, it
			was possible to trigger an assertion failure in code
			determining the number of bits in the PKCS#11 RSA public
			key with a specially crafted packet. (CVE-2020-8623)
			[GL #2037]

5476.	[security]	It was possible to trigger an assertion failure when
			verifying the response to a TSIG-signed request.
			(CVE-2020-8622) [GL #2028]

5475.	[bug]		Wildcard RPZ passthru rules could incorrectly be
			overridden by other rules that were loaded from RPZ
			zones which appeared later in the "response-policy"
			statement. This has been fixed. [GL #1619]

5474.	[bug]		dns_rdata_hip_next() failed to return ISC_R_NOMORE
			when it should have. [GL !3880]

5465.	[func]		Added fallback to built-in trust-anchors, managed-keys,
			or trusted-keys if the bindkeys-file (bind.keys) cannot
			be parsed. [GL #1235]

5463.	[bug]		Address a potential NULL pointer dereference when out of
			memory in dnstap.c. [GL #2010]

5462.	[bug]		Move LMDB locking from LMDB itself to named. [GL #1976]
   2020-06-18 16:06:21 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
net/bind911: update to 9.11.20

Update bind911 to 9.11.20, fixing CVE-2020-8619.

	--- 9.11.20 released ---

5437.	[bug]		Fix a data race in lib/dns/resolver.c:log_formerr().
			[GL #1808]

5434.	[security]	It was possible to trigger an INSIST in
			lib/dns/rbtdb.c:new_reference() with a particular zone
			content and query patterns. (CVE-2020-8619) [GL #1111]
			[GL #1718]

5433.	[test]		Prevent the resolver system test for change #5395
			(max-recursion-queries) from failing on systems without
			IPv6 support. [GL #1873]

5428.	[bug]		Clean up GSSAPI resources in nsupdate only after taskmgr
			has been destroyed. Thanks to Petr Menšík. [GL !3316]

5427.	[bug]		Fix a regression in address/prefix length checking that
			should have been a warning instead of an error.
			[GL #1849]

5415.	[test]		Address race in dnssec system test that led to
			test failures. [GL #1852]

5413.	[test]		Address race in autosign system test that led to
			test failures. [GL #1852]

5412.	[bug]		'provide-ixfr no;' failed to return up-to-date responses
			when the serial was greater than or equal to the
			current serial. [GL #1714]

5409.	[performance]	When looking up NSEC3 data in a zone database, skip the
			check for empty non-terminal nodes; the NSEC3 tree does
			not have any. [GL #1834]

5408.	[protocol]	Print Extended DNS Errors if present in OPT record.
			[GL #1835]

5405.	[bug]		'named-checkconf -p' could include spurious text in
			server-addresses statements due to an uninitialized DSCP
			value. [GL #1812]
   2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689)
Log message:
Revbump for icu
   2020-05-30 16:20:37 by Takahiro Kambe | Files touched by this commit (3)
Log message:
net/bind911: fix build problem if PKG_DEVELOPER is enabled

There was build problem after pkg-config was aded to USE_TOOLS if
PKG_DEVELOPER is enabled, causing WRKDIR reference.

Fix method is dirty (or quick) hack.
   2020-05-21 14:45:47 by Jonathan Perkin | Files touched by this commit (2)
Log message:
bind*: Require pkg-config.
   2020-05-19 12:21:25 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.19

Update bind911 to 9.11.19 (BIND 9.11.19).

	--- 9.11.19 released ---

5404.	[bug]		'named-checkconf -z' could incorrectly indicate
			success if errors were found in one view but not in a
			subsequent one. [GL #1807]

5398.	[bug]		Named could fail to restart if a zone with a double
			quote (") in its name was added with 'rndc addzone'.
			[GL #1695]

5395.	[security]	Further limit the number of queries that can be
			triggered from a request.  Root and TLD servers
			are no longer exempt from max-recursion-queries.
			Fetches for missing name server address records
			are limited to 4 for any domain. (CVE-2020-8616)
			[GL #1388]

5394.	[cleanup]	Named formerly attempted to change the effective UID and
			GID in named_os_openfile(), which could trigger a
			spurious log message if they were already set to the
			desired values. This has been fixed. [GL #1042]
			[GL #1090]

5390.	[security]	Replaying a TSIG BADTIME response as a request could
			trigger an assertion failure. (CVE-2020-8617)
			[GL #1703]

5387.	[func]		Warn about AXFR streams with inconsistent message IDs.
			[GL #1674]