https://kb.isc.org/article/AA-01015/0
9.9.3-p1 -> 9.9.3-P2
9.8.5-p1 -> 9.8.5-P2
9.6.x is not affected, neither is 10.x.
Security: CVE-2013-4854 Remote DOS
- Add EUI_RRTYPES option
While here:
- Remove leading article from COMMENT
- Convert tab to space in WWW: line
PR: ports/180741
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
changelog:
- 1.11.0 is mostly a bug fix release, but two new features are support
for the $GENERATE syntax and the TLSA RR type.
- A number of bugs have been fixed as well.
- Python 2.4 or later is required.
- Change pkgconfig:build to pkgconfig since it's the same and it's bad practice.
It accidentally slipped in during the original introduction
- Trim header
It consists of a client that regularly sends UDP packets and a
server that updates a bind zone file or runs a command using the
peer IPv4 address of recieved UDP packets.
WWW: http://fossil.instinctive.eu/ddns/home
PR: ports/179316
Submitted by: Natacha Porte <natbsd@instinctive.eu>
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Now supports NAPTR regular expression validation on all platforms,
and avoids memory exhaustion compiling pathological regular
expressions. (CVE-2013-2266) [RT #32688]
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received. (CVE-2012-5688)
[RT #30792 / #30996]
Prevents an assertion failure in named when RPZ and DNS64 are
used together. (CVE-2012-5689) [RT #32141]
See release notes for further features and bug fixes:
https://kb.isc.org/article/AA-00970/0/BIND-9.9.3-P1-Extended-Support-Version-Release-Notes.html
Security: CVE-2013-3919
CVE-2013-2266
CVE-2012-5688
CVE-2012-5689
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. (CVE-2012-5166) [RT #31090]
Now supports NAPTR regular expression validation on all platforms,
and avoids memory exhaustion compiling pathological regular
expressions. (CVE-2013-2266) [RT #32688]
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received. (CVE-2012-5688)
[RT #30792 / #30996]
Prevents an assertion failure in named when RPZ and DNS64 are
used together. (CVE-2012-5689) [RT #32141]
See release notes for further features and bug fixes:
https://kb.isc.org/article/AA-00969/0/BIND-9.8.5-P1-Release-Notes.html
Security: CVE-2013-3919
CVE-2012-5166
CVE-2013-2266
CVE-2012-5688
CVE-2012-5689
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Prevents a named assert (crash) when validating caused by using
"Bad cache" data before it has been initialized. [CVE-2012-3817]
[RT #30025]
A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process. [CVE-2012-1667] [RT #29644]
See release notes for further features and bug fixes:
https://kb.isc.org/article/AA-00968/0/BIND-9.6-ESV-R9-P1-Release-Notes.html
Security: CVE-2013-3919
CVE-2012-3817
CVE-2012-1667
- address the issue raised by Bob Harold. RRL on recursive servers
applies rate limits after waiting for recursion except on
sub-domains of domains for which the server is authoritative.
- fix the bug reported by Roy Arends in which "slipped" NXDOMAIN
responses had rcode values of 0 (NoError) instead of 3 (NXDOMAIN).
- move reports of RRL drop and slip actions from the "queries"
log category to the "query-errors" category. Because they are not
in the "queres" category, enabling or disabling query logging no
longer affects them.
Changelog is here:
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.1
Also pet the Makefile:
- Change ${LOCALBASE} to ${PREFIX} where applicable
- Fix overwrite of recursor.conf by changing to bsd.port.pre/post.mk (and
thus fixing ${PREFIX})
PR: ports/178340
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: Sten Spans <sten@blinkenlights.nl> (maintainer)
