Path to this page:
./
net/bind97,
Version 9 of the Berkeley Internet Name Daemon, implementation of DNS
Branch: pkgsrc-2010Q4,
Version: 9.7.3,
Package name: bind-9.7.3,
Maintainer: pkgsrc-usersBIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:
- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self
Required to build:[
lang/perl5] [
devel/libtool-base]
Package options: inet6, threads
Master sites: (Expand)
SHA1: 78e14b3d3e653a8c21b098361b645dee5ed66238
RMD160: 9e53c9cefa2e8261bc52b5d6d7ed550891d9dce5
Filesize: 7474.203 KB
Version history: (Expand)
- (2011-02-24) Updated to version: bind-9.7.3
- (2011-01-25) Package added to pkgsrc.se, version bind-9.7.2pl3 (created)
CVS history: (Expand)
2011-02-23 20:23:21 by Matthias Scheler | Files touched by this commit (6) | |
Log message:
Pullup ticket #3363 - requested by taca
net/bind97: security update
Revisions pulled up:
- net/bind97/Makefile 1.6
- net/bind97/PLIST 1.4
- net/bind97/distinfo 1.6
- net/bind97/files/named9.sh 1.2
- net/bind97/patches/patch-ac 1.3
- net/bind97/patches/patch-ae 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 16 17:43:22 UTC 2011
Modified Files:
pkgsrc/net/bind97: Makefile PLIST distinfo
pkgsrc/net/bind97/files: named9.sh
pkgsrc/net/bind97/patches: patch-ac patch-ae
Log message:
Update bind97 package to 9.7.3.
* also sync rc scrpt with base system.
Bug Fixes
9.7.3
* BIND now builds with threads disabled in versions of NetBSD earlier
than 5.0 and with pthreads enabled by default in NetBSD versions
5.0 and higher. Also removes support for unproven-pthreads,
mit-pthreads and ptl2. [RT #19203]
* Added a regression test for fix 2896/RT #21045 ("rndc sign" failed
to properly update the zone when adding a DNSKEY for publication
only). [RT #21324]
* "nsupdate -l" now gives error message if \
"session.key" file is not
found. [RT #21670]
* HPUX now correctly defaults to using /dev/poll, which should
increase performance. [RT #21919]
* If named is running as a threaded application, after an "rndc stop"
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
* After an "rndc reconfig", the refresh timer for managed-keys is
ignored, resulting in managed-keys not being refreshed until named
is restarted. [RT #22296]
* An NSEC3PARAM record placed inside a zone which is not properly
signed with NSEC3 could cause named to crash, if changed via
dynamic update. [RT #22363]
* "rndc -h" now includes "loadkeys" option. [RT #22493]
* When performing a GSS-TSIG signed dynamic zone update, memory could
be leaked. This causes an unclean shutdown and may affect
long-running servers. [RT #22573]
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
* When signing records, named didn't filter out any TTL changes to
DNSKEY records. This resulted in an incomplete key set. TTL changes
are now dealt with before signing. [RT #22590]
* Corrected a defect where a combination of dynamic updates and zone
transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
* Don't run MX checks (check-mx) when the MX record points to ".".
[RT #22645]
* DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
* The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32
were updated/corrected per current Windows OS. [RT #22724]
* "dnssec-settime -S" no longer tests prepublication interval
validity when the interval is set to 0. [RT #22761]
* isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
attr. [RT #22766]
* The Kerberos realm was being truncated when being pulled from the
the host prinicipal, make krb5-self updates fail. [RT #22770]
* named failed to preserve the case of domain names in RDATA which is
not compressible when writing master files. [RT #22863]
* The man page for dnssec-keyfromlabel incorrectly had "-U" rather
than the correct option "-I". [RT #22887]
* The "rndc" command usage statement was missing the \
"-b" option. [RT
#22937]
* There was a bug in how the clients-per-query code worked with some
query patterns. This could result, in rare circumstances, in having
all the client query slots filled with queries for the same DNS
label, essentially ignoring the max-clients-per-query setting. [RT
#22972]
* The secure zone update feature in named is based on the zone being
signed and configured for dynamic updates. A bug in the ACL
processing for "allow-update { none; };" resulted in a zone that is
supposed to be static being treated as a dynamic zone. Thus, name
would try to sign/re-sign that zone erroneously. [RT #23120]
|