Navigation:
Home |
Browse by maintainer |
Search |
RSS |
News |
Info |
Contact |
Statistics |
Ports tracker |
Help
net isc-bind
CVSweb ] [ 
Homepage ] [ 
RSS feed ]| Version: 9.16.1, Package name: isc-bind-9.16.1 |
| Maintained by: Stuart Henderson |
| Master sites: |
Flavors (export FLAVOR=xyz, setenv FLAVOR xyz):
|
| Description BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications. Flavours: geoip - include support for geolocation using GeoIP2 (libmaxminddb) |
| Filesize: 4435.32 KB |
| Version History (View Complete History) |
|
| 2020-03-19 13:05:22 by Stuart Henderson | Files touched by this commit (1) |
Log message: isc-bind: don't pick up cmocka if present at autoconf time |
| 2020-03-19 11:07:20 by Stuart Henderson | Files touched by this commit (14) |
Log message: update net/isc-bind to 9.16.1 |
| 2020-03-06 05:08:46 by Stuart Henderson | Files touched by this commit (2) |
Log message: net/isc-bind: apply upstream patch for problem with TCP client quota limits https://kb.isc.org/docs/operational-notification-an-error-in-handling-tcp-client-quota-limits-can-exhaust-tcp-connections-in-bind-9160 |
| 2020-02-20 07:00:52 by Stuart Henderson | Files touched by this commit (1) |
Log message: update -stable to BIND 9.11.16 |
| 2020-02-20 07:00:32 by Stuart Henderson | Files touched by this commit (15) |
Log message: update to BIND 9.16.0 (new stable/ESV release) |
| 2020-01-23 15:08:08 by Stuart Henderson | Files touched by this commit (5) |
Log message: get rid of some of bind's "|| defined(LIBRESSL_VERSION_NUMBER)" for things that libressl now has |
| 2020-01-23 13:52:05 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.14.10 |
| 2020-01-06 11:05:12 by Stuart Henderson | Files touched by this commit (1) |
Log message: garbage-collect DIG_SIGCHASE, no longer used upstream (use delv if you want to do full validation) |
| 2020-01-06 07:45:40 by Stuart Henderson | Files touched by this commit (2) |
Log message: struct stat definition is in sys/stat.h, not sys/fcntl.h. fix so that libisc knows that we do have nsec timestamps. spotted by florian@ in src/usr.sbin/bind. |
| 2019-12-24 03:49:11 by Stuart Henderson | Files touched by this commit (1) |
Log message: use COMPILER="base-clang ports-gcc" for all flavours, not just geoip. fixes build error relating to atomics on e.g. sparc64. (ports BIND in -current is built using this already). problem reported by solene@ |
| 2019-12-23 05:43:15 by Stuart Henderson | Files touched by this commit (1) |
Log message: remove SEPARATE_BUILD=Yes from -stable too, unbreak build on clean system |
| 2019-12-19 08:42:00 by Stuart Henderson | Files touched by this commit (1) |
Log message: disable SEPARATE_BUILD, fixes build failure (on a system which doesn't already have bind installed) reported by naddy |
| 2019-12-18 12:38:17 by Stuart Henderson | Files touched by this commit (6) |
Log message: update to bind 9.14.9 (released today) remove the no_openssl flavour, openssl/libressl is required in the current versions |
| 2019-12-18 12:24:26 by Stuart Henderson | Files touched by this commit (2) |
Log message: update -stable to bind 9.11.14 and merge the pledge improvements from -current |
| 2019-12-18 08:05:44 by Stuart Henderson | Files touched by this commit (12) |
Log message: major version update to BIND 9.14.8 |
| 2019-12-17 11:03:22 by Stuart Henderson | Files touched by this commit (3) |
Log message: update HOMEPAGE |
| 2019-12-17 07:18:43 by Stuart Henderson | Files touched by this commit (5) |
Log message: add edig/ehost/enslookup symlinks move another pledge to a better place, drop some rpath |
| 2019-12-16 17:46:15 by Stuart Henderson | Files touched by this commit (2) |
Log message: move down the second ratchetted pledge in the ports-BIND version of dig, it should have been done after loading a tsig keyfile. drop rpath from that pledge, it used to be needed for charset conversion with idn names, but this just prints "Cannot represent '%s' in the current locale" now for !utf8 locales (maybe as a result of dropping the !utf8 ctype files?) |
| 2019-11-20 15:16:11 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to bind-9.11.13 CVE-2019-6477, TCP-pipelined queries can bypass tcp-clients limit |
| 2019-11-20 15:15:58 by Stuart Henderson | Files touched by this commit (5) |
Log message: update to bind-9.11.13 CVE-2019-6477, TCP-pipelined queries can bypass tcp-clients limit |
| 2019-10-16 15:33:06 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to isc-bind-9.11.12 |
| 2019-09-19 08:46:47 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to isc-bind-9.11.11 |
| 2019-08-22 10:16:47 by Stuart Henderson | Files touched by this commit (10) |
Log message: update to bind-9.11.10 |
| 2019-07-27 08:01:45 by Stuart Henderson | Files touched by this commit (1) |
Log message: the geoip flavour requires COMPILER=base-clang ports-gcc / COMPILER_LANGS=c |
| 2019-07-18 01:27:06 by Stuart Henderson | Files touched by this commit (1) |
Log message: update to isc-bind-9.11.9, staying with old geoip for -stable CVE-2019-6471 |
| 2019-07-18 01:24:58 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to isc-bind 9.11.9, switch the geoip support to newly added geoip2/libmaxminddb CVE-2019-6471 |
| 2019-06-20 08:44:22 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.11.8 CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure https://kb.isc.org/docs/cve-2019-6471 |
| 2019-06-20 08:44:20 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.11.8 CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure https://kb.isc.org/docs/cve-2019-6471 |
| 2019-06-03 10:06:58 by Stuart Henderson | Files touched by this commit (153) |
Log message: s/PERMIT_PACKAGE_CDROM/PERMIT_PACKAGE/ and some light whitespace tidying in ports which I maintain |
| 2019-05-17 06:52:46 by Stuart Henderson | Files touched by this commit (6) |
Log message: update to BIND 9.11.7 |
| 2019-04-27 16:26:55 by Stuart Henderson | Files touched by this commit (5) |
Log message:
Security update to bind 9.11.6-P1, plus patches ("Replace atomic
operations in bin/named/client.c with isc_refcount reference counting")
from https://gitlab.isc.org/isc-projects/bind9/merge_requests/1864.patch
for wider arch support.
Fixes:
CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
https://kb.isc.org/docs/cve-2018-5743
|
| 2019-03-01 10:17:08 by Stuart Henderson | Files touched by this commit (7) |
Log message: update to BIND 9.11.6 |
| 2019-02-21 16:37:24 by Stuart Henderson | Files touched by this commit (4) |
Log message: MFC security update to isc-bind 9.11.5-P4 |
| 2019-02-21 16:35:34 by Stuart Henderson | Files touched by this commit (2) |
Log message: security update to isc-bind 9.11.5-P4 CVE-2018-5744: A specially crafted packet can cause named to leak memory ... A failure to free memory can occur when processing messages having a specific combination of EDNS options. By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted. ... CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (there is also CVE-2019-6465 but we don't build dlz) |
| 2018-12-13 07:27:47 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.11.5-P1 5108. [bug] Named could fail to determine bottom of zone when removing out of date keys leading to invalid NSEC and NSEC3 records being added to the zone. [GL #771] |
| 2018-12-02 06:25:44 by Stuart Henderson | Files touched by this commit (8) |
Log message: drop back to isc-bind 9.11.x pending investigation into how to fix the named's requirement that cwd is writable. install bind.keys to the right path (it used the compiled-in default anyway but this gives the wrong cue to anyone wanting to update dnssec root zone trust anchors). problems reported by Mikolaj Kucharski |
| 2018-11-06 06:48:40 by Stuart Henderson | Files touched by this commit (8) |
Log message: update to BIND 9.12.3, switching to 9.12.x branch |
| 2018-10-19 08:04:45 by Stuart Henderson | Files touched by this commit (9) |
Log message: update to bind-9.11.5 enable idn in utilities (dig/etc) |
| 2018-09-20 03:36:49 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to isc-bind 9.11.4-P2, fixing dnssec inline signing https://kb.isc.org/docs/change-4892-exposed-multiple-problems-affecting-dnssec-inline-signing |
| 2018-08-09 09:02:28 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.11.4-P1 4997. [security] named could crash during recursive processing of DNAME records when "deny-answer-aliases" was in use. (CVE-2018-5740) [GL #387] |
| 2018-07-12 04:12:30 by Stuart Henderson | Files touched by this commit (15) |
Log message: update to isc-bind-9.11.4 |
| 2018-06-25 14:42:32 by Stuart Henderson | Files touched by this commit (1) |
Log message: drop hidden dep on lmdb responsible for zkt build failures, reported by naddy@ landry@, thanks landry for testing which led to the cause |
| 2018-03-18 17:56:59 by Stuart Henderson | Files touched by this commit (1) |
Log message: fix; we now have ECDSA_SIG accessors |
| 2018-03-16 09:02:05 by Stuart Henderson | Files touched by this commit (1) |
Log message: add a comment re upstream supported version policy |
| 2018-03-14 18:59:18 by Stuart Henderson | Files touched by this commit (8) |
Log message: update to bind-9.11.3 |
| 2018-03-04 14:12:03 by Stuart Henderson | Files touched by this commit (1) |
Log message: typo in ifdef, thanks patrick keshishian for noticing. |
| 2018-02-20 14:02:13 by Stuart Henderson | Files touched by this commit (3) |
Log message: fix, we have all the DH_ DSA_ RSA_ needed |
| 2018-02-19 11:19:28 by Stuart Henderson | Files touched by this commit (2) |
Log message: fix; we now have DSA_set0_key DH_set0_key |
| 2018-02-18 07:09:40 by Stuart Henderson | Files touched by this commit (3) |
Log message: handle next round of libressl changes |
| 2018-02-18 04:52:03 by Stuart Henderson | Files touched by this commit (5) |
Log message: fix: various get0_key/pqg functions, ok jsing |
| 2018-01-16 15:15:31 by Stuart Henderson | Files touched by this commit (1) |
Log message: update BIND in -stable to 9.10.6-P1 * Addresses could be referenced after being freed during resolver processing, causing an assertion failure. The chances of this happening were remote, but the introduction of a delay in resolution increased them. (The delay will be addressed in an upcoming maintenance release.) This bug is disclosed in CVE-2017-3145. [RT #46839] |
| 2018-01-16 15:13:59 by Stuart Henderson | Files touched by this commit (2) |
Log message: security update to BIND 9.11.2-P1 * Addresses could be referenced after being freed during resolver processing, causing an assertion failure. The chances of this happening were remote, but the introduction of a delay in resolution increased them. (The delay will be addressed in an upcoming maintenance release.) This bug is disclosed in CVE-2017-3145. [RT #46839] |
| 2018-01-12 10:08:01 by Stuart Henderson | Files touched by this commit (10) |
Log message: update BIND to 9.11.2, switching from 9.10 to 9.11 branch (which is a long term support branch). note, the license changed to MPL. |
| 2018-01-11 12:27:12 by Robert Peichaer | Files touched by this commit (624) |
Log message: Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d daemon scripts and bump subpackages that contain the *.rc scripts. discussed with and OK aja@ OK tb |
| 2017-07-28 17:38:06 by Stuart Henderson | Files touched by this commit (4) |
Log message: update to bind 9.10.6 |
| 2017-07-28 14:53:33 by Marc Espie | Files touched by this commit (2) |
Log message: let it build with clang, just grab the unwinder from c++abi |
| 2017-07-10 01:38:05 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to BIND-9.10.5-P3 9.10.5-P2 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. These may be used in AXFR and IXFR responses. [RT #45509] |
| 2017-07-10 01:38:04 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND-9.10.5-P3 9.10.5-P2 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. These may be used in AXFR and IXFR responses. [RT #45509] |
| 2017-06-29 15:15:31 by Stuart Henderson | Files touched by this commit (1) |
Log message: Update to BIND 9.10.5-P2 An error in TSIG handling could permit unauthorized zone transfers or zone updates. CVE-2017-3142, CVE-2017-3143. Also updates the address of b.root in hints. |
| 2017-06-29 15:14:54 by Stuart Henderson | Files touched by this commit (2) |
Log message: Update to BIND 9.10.5-P2 An error in TSIG handling could permit unauthorized zone transfers or zone updates. CVE-2017-3142, CVE-2017-3143. Also updates the address of b.root in hints. |
| 2017-06-15 03:02:53 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to BIND 9.10.5-P1 * With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop. This flaw is disclosed in CVE-2017-3140. [RT #45181] A server is potentially vulnerable to degradation of service if 1. the server is configured to use RPZ, 2. the server uses NSDNAME or NSIP policy rules, and 3. an attacker can cause the server to process a specific query |
| 2017-06-15 03:01:49 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.5-P1 * With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop. This flaw is disclosed in CVE-2017-3140. [RT #45181] A server is potentially vulnerable to degradation of service if 1. the server is configured to use RPZ, 2. the server uses NSDNAME or NSIP policy rules, and 3. an attacker can cause the server to process a specific query |
| 2017-05-03 14:20:42 by Stuart Henderson | Files touched by this commit (7) |
Log message: update to BIND 9.10.5 |
| 2017-04-13 04:36:11 by Stuart Henderson | Files touched by this commit (1) |
Log message: MFC update to BIND 9.10.4-P8 (-P7 was withdrawn) CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel |
| 2017-04-13 04:35:33 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.4-P8 (-P7 was withdrawn) CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel |
| 2017-02-08 17:05:52 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.4-P6 * If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] * A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318] |
| 2017-02-08 17:04:40 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.4-P6 * If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] * A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318] |
| 2017-01-24 04:46:35 by Stuart Henderson | Files touched by this commit (6) |
Log message: add pledges for dig/host/nslookup in the ports version of BIND. initial pledge is "stdio rpath inet unix dns", dropping to "stdio inet dns" after argument parsing. access to resolv.conf is required late; the dns pledge is used for this rather than requiring full rpath; however contrary to the version in base, inet is allowed as well, so that it can be used as a debug tool for servers on alternate ports. works fine for me; no feedback after posting yet so committing to get real-world testing. please report any issues. |
| 2017-01-12 05:24:04 by Stuart Henderson | Files touched by this commit (1) |
Log message: MFC: SECURITY update to BIND 9.10.4-P5 Named could mishandle authority sections that were missing RRSIGs triggering an assertion failure. CVE-2016-9444 Named mishandled some responses where covering RRSIG records are returned without the requested data resulting in a assertion failure. CVE-2016-9147 Named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. CVE-2016-9131 |
| 2017-01-12 05:22:20 by Stuart Henderson | Files touched by this commit (2) |
Log message: SECURITY update to BIND 9.10.4-P5 Named could mishandle authority sections that were missing RRSIGs triggering an assertion failure. CVE-2016-9444 Named mishandled some responses where covering RRSIG records are returned without the requested data resulting in a assertion failure. CVE-2016-9147 Named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. CVE-2016-9131 |
| 2016-11-01 15:05:37 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.4-P1, fixing a resolver DoS in DNAME handling. CVE-2016-8864 |
| 2016-11-01 15:02:03 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to BIND 9.10.4-P1, fixing a resolver DoS in DNAME handling. CVE-2016-8864 |
| 2016-09-27 13:49:58 by Stuart Henderson | Files touched by this commit (1) |
Log message:
-stable update to BIND 9.10.4-P3, fixing
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775 (lwres only)
https://kb.isc.org/article/AA-01419/74/CVE-2016-2776 ("all servers if
they can receive request packets from any source")
|
| 2016-09-27 13:49:10 by Stuart Henderson | Files touched by this commit (2) |
Log message:
update to BIND 9.10.4-P3, fixing
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775 (lwres only)
https://kb.isc.org/article/AA-01419/74/CVE-2016-2776 ("all servers if
they can receive request packets from any source")
|
| 2016-09-13 10:12:14 by Christian Weisgerber | Files touched by this commit (21) |
Log message: replace libiconv module |
| 2016-07-20 05:46:55 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message:
Update to BIND 9.10.4-P2, fixes CVE-2016-2775 ("getrrsetbyname with a non
absolute name could trigger an infinite recursion bug in lwres[..]"; affects
users of lwresd and users with "lwres" enabled in their configuration).
ok sthen@
|
| 2016-07-19 04:46:15 by Stuart Henderson | Files touched by this commit (2) |
Log message:
Update to BIND 9.10.4-P2, fixes CVE-2016-2775 ("getrrsetbyname with a non
absolute name could trigger an infinite recursion bug in lwres[..]"; affects
users of lwresd and users with "lwres" enabled in their configuration).
Also has a couple of regression fixes. OK naddy@
|
| 2016-05-26 03:25:25 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.4-P1, fixing a problem where adjacent bitfields were protected by different locks. See http://fanf.livejournal.com/144615.html for an informative write-up on the issue: "Even the Deathstation 9000 can't screw up the BIND 9.10.4 fix". |
| 2016-04-29 05:01:02 by Stuart Henderson | Files touched by this commit (8) |
Log message: update to bind-9.10.4 |
| 2016-03-11 13:28:34 by Christian Weisgerber | Files touched by this commit (247) |
Log message: garbage collect CONFIGURE_SHARED |
| 2016-03-10 02:57:19 by Jasper Lievisse Adriaanse | Files touched by this commit (1) |
Log message: update to BIND 9.10.3-P4 https://kb.isc.org/article/AA-01363/81/BIND-9.10.3-P4-Release-Notes.html |
| 2016-03-09 17:03:34 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.3-P4, fixes crashes (assertion failures), one present since 9.0.0. CVE-2016-1285 CVE-2016-1286 CVE-2016-2088 |
| 2016-02-29 17:07:18 by Stuart Henderson | Files touched by this commit (16) |
Log message: bump (GeoIP pkgpath change) |
| 2016-01-22 07:54:09 by Jasper Lievisse Adriaanse | Files touched by this commit (1) |
Log message: - security update to BIND 9.10.3P3 https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html |
| 2016-01-19 15:24:05 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.3P3 - Fixed a regression in resolver.c:possibly_mark() which caused known-bogus servers to be queried anyway. [RT #41321] - render_ecs errors were mishandled when printing out a OPT record resulting in a assertion failure. (CVE-2015-8705) [RT #41397] - Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] |
| 2015-12-17 10:07:41 by Stuart Henderson | Files touched by this commit (1) |
Log message: bump isc-bind REVISION to avoid warnings with updates (different deps between 5.8-stable and -current) |
| 2015-12-17 10:06:39 by Stuart Henderson | Files touched by this commit (3) |
Log message: MFC update to bind-9.10.3-P2 4260. [security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987] 4253. [security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945] |
| 2015-12-15 15:43:37 by Stuart Henderson | Files touched by this commit (4) |
Log message: update to bind-9.10.3-P2 4260. [security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987] 4253. [security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945] |
| 2015-10-07 13:36:50 by Stuart Henderson | Files touched by this commit (1) |
Log message: oops, forgot to re-add json-c to WANTLIB/LIB_DEPENDS in previous commit. spotted by nigel@ |
| 2015-10-03 13:44:51 by Stuart Henderson | Files touched by this commit (1) |
Log message: reenable json stats in BIND, there used to be a problem with build on arch without sync_val_compare_and_swap_4 but this was worked around in json-c. reminded by jca. |
| 2015-09-25 08:02:31 by Stuart Henderson | Files touched by this commit (1) |
Log message: build dig with SIGCHASE support |
| 2015-09-16 09:28:16 by Stuart Henderson | Files touched by this commit (8) |
Log message: update to BIND 9.10.3. add a bunch of patches because they now support OpenSSL 1.1 api (OPENSSL_VERSION_NUMBER < / >= 0x10100000L checks). |
| 2015-09-02 14:28:13 by Stuart Henderson | Files touched by this commit (1) |
Log message: SECURITY update to bind-9.10.2-P4: CVE-2015-5722, CVE-2015-5986 |
| 2015-09-02 14:27:37 by Stuart Henderson | Files touched by this commit (1) |
Log message: SECURITY update to bind-9.10.2-P4: CVE-2015-5722, CVE-2015-5986 |
| 2015-09-02 14:25:43 by Stuart Henderson | Files touched by this commit (2) |
Log message: SECURITY update to bind-9.10.2-P4: CVE-2015-5722, CVE-2015-5986 |
| 2015-08-24 14:46:50 by Stuart Henderson | Files touched by this commit (2) |
Log message: Add a no_ssl flavour to BIND. Expand the comment about json-c as that's broken on mips64 as well as hppa. |
| 2015-07-30 17:26:59 by Stuart Henderson | Files touched by this commit (2) |
Log message: Apply BIND security update to OPENBSD_5_6 as well Security update to BIND 9.10.2p3 - a failure to reset a value to NULL in tkey.c could result in an assertion failure. (CVE-2015-5477) |
| 2015-07-28 14:04:17 by Stuart Henderson | Files touched by this commit (2) |
Log message: Security update to BIND 9.10.2p3 - a failure to reset a value to NULL in tkey.c could result in an assertion failure. (CVE-2015-5477) |
| 2015-07-28 14:03:35 by Stuart Henderson | Files touched by this commit (2) |
Log message: Security update to BIND 9.10.2p3 - a failure to reset a value to NULL in tkey.c could result in an assertion failure. (CVE-2015-5477) |
| 2015-07-15 00:43:31 by Stuart Henderson | Files touched by this commit (1) |
Log message: Build BIND with --enable-filter-aaaa, no change by default, but this allows use of the filter-aaaa-on-v4 config option. Req'd by Marcus Andree. |
| 2015-07-07 13:34:10 by Stuart Henderson | Files touched by this commit (1) |
Log message: MFC update to BIND 9.10.2-P2, fixes CVE-2015-4620 - querying a malicious zone can trigger a "REQUIRE" assertion failure in the resolver if DNSSEC validation is enabled. |
| 2015-07-07 13:32:47 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.2-P2, fixes CVE-2015-4620 - querying a malicious zone can trigger a "REQUIRE" assertion failure in the resolver if DNSSEC validation is enabled. |
| 2015-06-10 16:47:24 by Stuart Henderson | Files touched by this commit (3) |
Log message: MFC: SECURITY update to BIND 9.10.2-P1, various problems with RPZ (policy zones), and a possible crash with async zone loads. https://kb.isc.org/article/AA-01266 "If you are using RPZ in BIND 9.10 in a production environment, and particularly if you have multiple policy zones, you should upgrade to BIND 9.10.2-P1. Otherwise, this upgrade is not urgent." |
| 2015-06-10 16:40:41 by Stuart Henderson | Files touched by this commit (2) |
Log message: SECURITY update to BIND 9.10.2-P1, various problems with RPZ (policy zones), and a possible crash with async zone loads. https://kb.isc.org/article/AA-01266 "If you are using RPZ in BIND 9.10 in a production environment, and particularly if you have multiple policy zones, you should upgrade to BIND 9.10.2-P1. Otherwise, this upgrade is not urgent." |
| 2015-05-16 04:15:53 by Mark Kettenis | Files touched by this commit (2) |
Log message: Use $CC to link shared library to make sure crtbeginS.o gets linked in. Switches CONFIGURE_STYLE to autoconf to make sure configure gets regenerated. ok (and help from) sthen@ |
| 2015-03-14 16:26:21 by Stuart Henderson | Files touched by this commit (1) |
Log message: take MAINTAINER |
| 2015-03-14 15:01:54 by Stuart Henderson | Files touched by this commit (5) |
Log message: update to BIND 9.10.2 |
| 2015-02-18 15:51:18 by Stuart Henderson | Files touched by this commit (1) |
Log message: Update to BIND 9.10.1P2 On servers configured to perform DNSSEC validation using managed trust anchors (i.e., keys configured explicitly via managed-keys, or implicitly via dnssec-validation auto; or dnssec-lookaside auto;), revoking a trust anchor and sending a new untrusted replacement could cause named to crash with an assertion failure. This could occur in the event of a botched key rollover, or potentially as a result of a deliberate attack if the attacker was in position to monitor the victim's DNS traffic. This flaw was discovered by Jan-Piet Mens, and is disclosed in [CVE-2015-1349] [RT #38344] (**) |
| 2015-02-18 15:49:44 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to BIND 9.10.2P2 On servers configured to perform DNSSEC validation using managed trust anchors (i.e., keys configured explicitly via managed-keys, or implicitly via dnssec-validation auto; or dnssec-lookaside auto;), revoking a trust anchor and sending a new untrusted replacement could cause named to crash with an assertion failure. This could occur in the event of a botched key rollover, or potentially as a result of a deliberate attack if the attacker was in position to monitor the victim's DNS traffic. This flaw was discovered by Jan-Piet Mens, and is disclosed in [CVE-2015-1349] [RT #38344] (**) |
| 2015-01-30 08:15:42 by Stuart Henderson | Files touched by this commit (1) |
Log message:
previous change ("Disable json stats in bind") resulted in losing a couple
of symbols from libdns; bump SHARED_LIBS version and REVISION.
|
| 2015-01-15 15:34:02 by Stuart Henderson | Files touched by this commit (1) |
Log message: Disable json stats in bind and zap BROKEN-hppa. |
| 2015-01-15 11:10:39 by Landry Breuil | Files touched by this commit (1) |
Log message: BROKEN-hppa = uses json-c which requires atomic ops |
| 2014-12-17 16:39:17 by Stuart Henderson | Files touched by this commit (4) |
Log message: Revert previous BIND workaround for query failures when coming up cold. Instead, cherrypick a fix from git at source.isc.org; this exempts TLD and root zone lookups from max-recursion-queries and changes the default to 75. |
| 2014-12-09 10:54:11 by Stuart Henderson | Files touched by this commit (5) |
Log message: MFC BIND update: Update to BIND 9.10.1-P1, including query limits for recursion (DoS avoidance, CVE-2014-8500), assertion DoS (recursive only, only with prefetch enabled, CVE-2014-3214), assertion DoS (EDNS option processing, CVE-2014-3859) and fixes to GeoIP (CVE-2014-8680 and another unclassified). https://kb.isc.org/article/AA-01223/81/BIND-9.10.1-P1-Release-Notes.html Add a local patch to increase the default query limit, during testing it appears that the standard defaults can be easily falsely triggered during priming at startup. |
| 2014-12-09 10:21:36 by Stuart Henderson | Files touched by this commit (4) |
Log message: Update to BIND 9.10.1-P1, including query limits for recursion (DoS avoidance, CVE-2014-8500), assertion DoS (recursive only, only with prefetch enabled, CVE-2014-3214), assertion DoS (EDNS option processing, CVE-2014-3859) and fixes to GeoIP (CVE-2014-8680 and another unclassified). https://kb.isc.org/article/AA-01223/81/BIND-9.10.1-P1-Release-Notes.html Add a local patch to increase the default query limit, during testing it appears that the standard defaults can be easily falsely triggered during priming at startup. |