Path to this page:
Subject: CVS commit: [pkgsrc-2012Q2] pkgsrc/net/nsd
From: Matthias Scheler
Date: 2012-07-21 22:17:15
Message id: 20120721201715.8E872175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3865 - requested by wiz
net/nsd: security update
Revisions pulled up:
- net/nsd/Makefile 1.56
- net/nsd/distinfo 1.34
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jul 20 16:28:49 UTC 2012
Modified Files:
pkgsrc/net/nsd: Makefile distinfo
Log Message:
Update to 3.2.12, prompted by Lloyd Parkes in PR 46727.
NSD 3.2.12
Bugfixes
Fix for VU#624931 CVE-2012-2978: NSD denial of service
vulnerability from non-standard DNS packet from any host on
the internet.
NSD 3.2.11
Features
Fallback to AXFR if IXFR is unknown at the primary. NSD considers
IXFR unknown at the primary if there is a negative response
for the IXFR RRtype. This does not override the value for
'allow-axfr-fallback'.
Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
RFC5702, RFC5933, and RFC6605 (ECDSA)).
Zone statistics, enable with --enable-zone-stats. This stores
the BIND8 stats per zone in a configurable statistics file.
This option does not scale and should therefore not be enabled
when serving many zones.
Support for TLSA RRtype (DANE).
Bugfixes
Fix for qtype ANY for a wildcard domain in NSEC signed zone:
Don't add the wildcard domain NSEC into the answer section.
Instead, put the wildcard expanded NSEC into the answer section
and keep the wildcard domain NSEC in the authority section.
Fix for accept spinning reported by OpenBSD.
Fix restart failed due to bad ixfr packet because of zone
removed from nsd.conf.
Bugfix #453: typo in nsdc man page.
Operational notes
NSD uses the query name for dname compression again (Fix #235
had as side effect that this didn't happen anymore and is hereby
undone).
Files: