Navigation:
Browse pkgsrc
(this page)
net bind911
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2020-09-19 15:07:00 by Takahiro Kambe | Files touched by this commit (2) |  |
Log message:
net/bind911: update to 9.11.23
Update bind911 package to 9.11.23.
--- 9.11.23 released ---
5497. [bug] 'dig +bufsize=0' failed to disable EDNS. [GL #2054]
5496. [bug] Address a TSAN report by ensuring each rate limiter
object holds a reference to its task. [GL #2081]
5492. [bug] Tighten LOC parsing to reject a period (".") and/or \
"m"
as a value. Fix handling of negative altitudes which are
not whole meters. [GL #2074]
5489. [bug] Named erroneously accepted certain invalid resource
records that were incorrectly processed after
subsequently being written to disk and loaded back, as
the wire format differed. Such records include: CERT,
IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
X25. [GL !3953]
5488. [bug] NTA code needed to have a weak reference on its
associated view to prevent the latter from being deleted
while NTA tests were being performed. [GL #2067]
|
| 2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | |
Log message: *: bump PKGREVISION for perl-5.32. |
| 2020-08-21 18:09:44 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: net/bind911: update to 9.11.22 Update bind911 to 9.11.22 (BIND 9.11.22). --- 9.11.22 released --- 5481. [security] "update-policy" rules of type "subdomain" were incorrectly treated as "zonesub" rules, which allowed keys used in "subdomain" rules to update names outside of the specified subdomains. The problem was fixed by making sure "subdomain" rules are again processed as described in the ARM. (CVE-2020-8624) [GL #2055] 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet. (CVE-2020-8623) [GL #2037] 5476. [security] It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request. (CVE-2020-8622) [GL #2028] 5475. [bug] Wildcard RPZ passthru rules could incorrectly be overridden by other rules that were loaded from RPZ zones which appeared later in the "response-policy" statement. This has been fixed. [GL #1619] 5474. [bug] dns_rdata_hip_next() failed to return ISC_R_NOMORE when it should have. [GL !3880] 5465. [func] Added fallback to built-in trust-anchors, managed-keys, or trusted-keys if the bindkeys-file (bind.keys) cannot be parsed. [GL #1235] 5463. [bug] Address a potential NULL pointer dereference when out of memory in dnstap.c. [GL #2010] 5462. [bug] Move LMDB locking from LMDB itself to named. [GL #1976] |
| 2020-06-18 16:06:21 by Takahiro Kambe | Files touched by this commit (3) | |
Log message: net/bind911: update to 9.11.20 Update bind911 to 9.11.20, fixing CVE-2020-8619. --- 9.11.20 released --- 5437. [bug] Fix a data race in lib/dns/resolver.c:log_formerr(). [GL #1808] 5434. [security] It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns. (CVE-2020-8619) [GL #1111] [GL #1718] 5433. [test] Prevent the resolver system test for change #5395 (max-recursion-queries) from failing on systems without IPv6 support. [GL #1873] 5428. [bug] Clean up GSSAPI resources in nsupdate only after taskmgr has been destroyed. Thanks to Petr Menšík. [GL !3316] 5427. [bug] Fix a regression in address/prefix length checking that should have been a warning instead of an error. [GL #1849] 5415. [test] Address race in dnssec system test that led to test failures. [GL #1852] 5413. [test] Address race in autosign system test that led to test failures. [GL #1852] 5412. [bug] 'provide-ixfr no;' failed to return up-to-date responses when the serial was greater than or equal to the current serial. [GL #1714] 5409. [performance] When looking up NSEC3 data in a zone database, skip the check for empty non-terminal nodes; the NSEC3 tree does not have any. [GL #1834] 5408. [protocol] Print Extended DNS Errors if present in OPT record. [GL #1835] 5405. [bug] 'named-checkconf -p' could include spurious text in server-addresses statements due to an uninitialized DSCP value. [GL #1812] |
| 2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689) |
Log message: Revbump for icu |
| 2020-05-30 16:20:37 by Takahiro Kambe | Files touched by this commit (3) |
Log message: net/bind911: fix build problem if PKG_DEVELOPER is enabled There was build problem after pkg-config was aded to USE_TOOLS if PKG_DEVELOPER is enabled, causing WRKDIR reference. Fix method is dirty (or quick) hack. |
| 2020-05-21 14:45:47 by Jonathan Perkin | Files touched by this commit (2) |
Log message: bind*: Require pkg-config. |
| 2020-05-19 12:21:25 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind911: update to 9.11.19
Update bind911 to 9.11.19 (BIND 9.11.19).
--- 9.11.19 released ---
5404. [bug] 'named-checkconf -z' could incorrectly indicate
success if errors were found in one view but not in a
subsequent one. [GL #1807]
5398. [bug] Named could fail to restart if a zone with a double
quote (") in its name was added with 'rndc addzone'.
[GL #1695]
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5394. [cleanup] Named formerly attempted to change the effective UID and
GID in named_os_openfile(), which could trigger a
spurious log message if they were already set to the
desired values. This has been fixed. [GL #1042]
[GL #1090]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5387. [func] Warn about AXFR streams with inconsistent message IDs.
[GL #1674]
|
New packages: