Update bind97 package to 9.7.2pl2. (leaf package)
New Features * Zones may be dynamically added and removed with the "rndc addzone" and "rndc delzone" commands. These dynamically added zones are written to a per-view configuration file. Do not rely on the configuration file name nor contents as this will change in a future release. This is an experimental feature at this time. * Added new "filter-aaaa-on-v4" access control list to select which IPv4 clients have AAAA record filtering applied. * A new command "rndc secroots" was added to dump a combined summary of the currently managed keys combined with statically configured trust anchors. * Added support to load new keys into managed zones without signing immediately with "rndc loadkeys". Added support to link keys with "dnssec-keygen -S" and "dnssec-settime -S". Changes * Documentation improvements * ORCHID prefixes were removed from the automatic empty zone list. * Improved handling of GSSAPI security contexts. Specifically, better memory management of cached contexts, limited lifetime of a context to 1 hour, and added a "realm" command to nsupdate to allow selection of a non-default realm name. * The contributed tool "ztk" was updated to version 1.0. Security Fixes * If BIND, acting as a DNSSEC validating server, has two or more trust anchors configured in named.conf for the same zone (such as example.com) and the response for a record in that zone from the authoritative server includes a bad signature, the validating server will crash while trying to validate that query. * A flaw where the wrong ACL was applied was fixed. This flaw allowed access to a cache via recursion even though the ACL disallowed it. Bug Fixes * Removed a warning message when running BIND 9 under Windows for when a TCP connection was aborted. This is a common occurrence and the warning was extraneous. * Worked around a race condition in the cache database memory handling. Without this fix a DNS cache DB or ADB could incorrectly stay in an over memory state, effectively refusing further caching, which subsequently made a BIND 9 caching server unworkable. * Partially disabled change 2864 because it would cause infinite attempts of RRSIG queries. * BIND did not properly handle non-cacheable negative responses from insecure zones. This caused several non-protocol-compliant zones to become unresolvable. BIND is now more accepting of responses it receives from less strict servers. * A bug, introduced in BIND 9.7.2, caused named to fail to start if a master zone file was unreadable or missing. This has been corrected in 9.7.2-P1. * BIND previously accepted answers from authoritative servers that did not provide a "proper" response, such as not setting AA bit. BIND was changed to be more strict in what it accepted but this caused operational issues. This new strictness has been backed out in 9.7.2-P1.
This commit is contained in:
parent
e9284bc5a2
commit
6666be33cf
3 changed files with 13 additions and 9 deletions
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile,v 1.3 2010/07/16 00:35:20 taca Exp $
|
||||
# $NetBSD: Makefile,v 1.4 2010/09/29 15:08:47 taca Exp $
|
||||
|
||||
DISTNAME= bind-${BIND_VERSION}
|
||||
PKGNAME= ${DISTNAME:S/-P/pl/}
|
||||
|
@ -16,7 +16,7 @@ PKG_DESTDIR_SUPPORT= user-destdir
|
|||
|
||||
MAKE_JOBS_SAFE= no
|
||||
|
||||
BIND_VERSION= 9.7.1-P2
|
||||
BIND_VERSION= 9.7.2-P2
|
||||
|
||||
.include "../../mk/bsd.prefs.mk"
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
@comment $NetBSD: PLIST,v 1.2 2010/07/05 03:17:45 taca Exp $
|
||||
@comment $NetBSD: PLIST,v 1.3 2010/09/29 15:08:47 taca Exp $
|
||||
bin/dig
|
||||
bin/host
|
||||
bin/isc-config.sh
|
||||
|
@ -364,11 +364,11 @@ share/doc/bind9/arm/man.rndc.conf.html
|
|||
share/doc/bind9/arm/man.rndc.html
|
||||
share/doc/bind9/draft/draft-ietf-6man-text-addr-representation-07.txt
|
||||
share/doc/bind9/draft/draft-ietf-behave-address-format-07.txt
|
||||
share/doc/bind9/draft/draft-ietf-behave-dns64-09.txt
|
||||
share/doc/bind9/draft/draft-ietf-behave-dns64-10.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-axfr-clarify-14.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-dns-tcp-requirements-03.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-dnssec-bis-updates-10.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-dnssec-gost-07.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-dnssec-registry-fixes-06.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-ecc-key-07.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-interop3597-02.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt
|
||||
|
@ -377,12 +377,15 @@ share/doc/bind9/draft/draft-ietf-dnsext-rfc3597-bis-02.txt
|
|||
share/doc/bind9/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-bad-dns-res-05.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-default-local-zones-10.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-dnssec-key-timing-00.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-dnssec-trust-history-01.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-inaddr-required-07.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt
|
||||
share/doc/bind9/draft/draft-ietf-dnsop-respsize-06.txt
|
||||
share/doc/bind9/draft/draft-kato-dnsop-local-zones-00.txt
|
||||
share/doc/bind9/draft/draft-kerr-ixfr-only-01.txt
|
||||
share/doc/bind9/draft/draft-mekking-dnsop-auto-cpsync-00.txt
|
||||
share/doc/bind9/draft/draft-yao-dnsext-bname-04.txt
|
||||
share/doc/bind9/rfc/rfc1032.txt
|
||||
share/doc/bind9/rfc/rfc1033.txt
|
||||
share/doc/bind9/rfc/rfc1034.txt
|
||||
|
@ -510,6 +513,7 @@ share/doc/bind9/rfc/rfc5452.txt
|
|||
share/doc/bind9/rfc/rfc5507.txt
|
||||
share/doc/bind9/rfc/rfc5625.txt
|
||||
share/doc/bind9/rfc/rfc5702.txt
|
||||
share/doc/bind9/rfc/rfc5933.txt
|
||||
share/doc/bind9/rfc/rfc952.txt
|
||||
share/examples/rc.d/lwresd
|
||||
share/examples/rc.d/named9
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
$NetBSD: distinfo,v 1.3 2010/07/16 00:35:20 taca Exp $
|
||||
$NetBSD: distinfo,v 1.4 2010/09/29 15:08:47 taca Exp $
|
||||
|
||||
SHA1 (bind-9.7.1-P2.tar.gz) = b24ea0e8a67b841601b803f54070610036931e64
|
||||
RMD160 (bind-9.7.1-P2.tar.gz) = ec978498c0e0fa7f709fa3398a573e67557f06a4
|
||||
Size (bind-9.7.1-P2.tar.gz) = 7549535 bytes
|
||||
SHA1 (bind-9.7.2-P2.tar.gz) = ad143fa002d16352648c651ac12471258971a0d1
|
||||
RMD160 (bind-9.7.2-P2.tar.gz) = dcc8bf34d0e72c53257d9ac61f88fd0f3f039672
|
||||
Size (bind-9.7.2-P2.tar.gz) = 7573857 bytes
|
||||
SHA1 (patch-aa) = 6cec876c8caa7082f97365863f3f88c4f168da48
|
||||
SHA1 (patch-ab) = 9585a26a376d32f80ac8266eb7967c00b433f14d
|
||||
SHA1 (patch-ac) = ce61643531948feb7db32c04594adc7ed041f4c6
|
||||
|
|
Loading…
Reference in a new issue