Update bind97 package to 9.7.2pl2. (leaf package)

New Features

     * Zones may be dynamically added and removed with the "rndc addzone"
       and "rndc delzone" commands. These dynamically added zones are
       written to a per-view configuration file. Do not rely on the
       configuration file name nor contents as this will change in a
       future release. This is an experimental feature at this time.
     * Added new "filter-aaaa-on-v4" access control list to select which
       IPv4 clients have AAAA record filtering applied.
     * A new command "rndc secroots" was added to dump a combined summary
       of the currently managed keys combined with statically configured
       trust anchors.
     * Added support to load new keys into managed zones without signing
       immediately with "rndc loadkeys". Added support to link keys with
       "dnssec-keygen -S" and "dnssec-settime -S".

Changes

     * Documentation improvements
     * ORCHID prefixes were removed from the automatic empty zone list.
     * Improved handling of GSSAPI security contexts. Specifically, better
       memory management of cached contexts, limited lifetime of a context
       to 1 hour, and added a "realm" command to nsupdate to allow
       selection of a non-default realm name.
     * The contributed tool "ztk" was updated to version 1.0.

Security Fixes

     * If BIND, acting as a DNSSEC validating server, has two or more
       trust anchors configured in named.conf for the same zone (such as
       example.com) and the response for a record in that zone from the
       authoritative server includes a bad signature, the validating
       server will crash while trying to validate that query.
     * A flaw where the wrong ACL was applied was fixed. This flaw allowed
       access to a cache via recursion even though the ACL disallowed it.

Bug Fixes

     * Removed a warning message when running BIND 9 under Windows for
       when a TCP connection was aborted. This is a common occurrence and
       the warning was extraneous.
     * Worked around a race condition in the cache database memory
       handling. Without this fix a DNS cache DB or ADB could incorrectly
       stay in an over memory state, effectively refusing further caching,
       which subsequently made a BIND 9 caching server unworkable.
     * Partially disabled change 2864 because it would cause infinite
       attempts of RRSIG queries.
     * BIND did not properly handle non-cacheable negative responses from
       insecure zones. This caused several non-protocol-compliant zones to
       become unresolvable. BIND is now more accepting of responses it
       receives from less strict servers.
     * A bug, introduced in BIND 9.7.2, caused named to fail to start if a
       master zone file was unreadable or missing. This has been corrected
       in 9.7.2-P1.
     * BIND previously accepted answers from authoritative servers that
       did not provide a "proper" response, such as not setting AA bit.
       BIND was changed to be more strict in what it accepted but this
       caused operational issues. This new strictness has been backed out
       in 9.7.2-P1.
This commit is contained in:
taca 2010-09-29 15:08:47 +00:00
parent e9284bc5a2
commit 6666be33cf
3 changed files with 13 additions and 9 deletions

View file

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.3 2010/07/16 00:35:20 taca Exp $
# $NetBSD: Makefile,v 1.4 2010/09/29 15:08:47 taca Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
@ -16,7 +16,7 @@ PKG_DESTDIR_SUPPORT= user-destdir
MAKE_JOBS_SAFE= no
BIND_VERSION= 9.7.1-P2
BIND_VERSION= 9.7.2-P2
.include "../../mk/bsd.prefs.mk"

View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.2 2010/07/05 03:17:45 taca Exp $
@comment $NetBSD: PLIST,v 1.3 2010/09/29 15:08:47 taca Exp $
bin/dig
bin/host
bin/isc-config.sh
@ -364,11 +364,11 @@ share/doc/bind9/arm/man.rndc.conf.html
share/doc/bind9/arm/man.rndc.html
share/doc/bind9/draft/draft-ietf-6man-text-addr-representation-07.txt
share/doc/bind9/draft/draft-ietf-behave-address-format-07.txt
share/doc/bind9/draft/draft-ietf-behave-dns64-09.txt
share/doc/bind9/draft/draft-ietf-behave-dns64-10.txt
share/doc/bind9/draft/draft-ietf-dnsext-axfr-clarify-14.txt
share/doc/bind9/draft/draft-ietf-dnsext-dns-tcp-requirements-03.txt
share/doc/bind9/draft/draft-ietf-dnsext-dnssec-bis-updates-10.txt
share/doc/bind9/draft/draft-ietf-dnsext-dnssec-gost-07.txt
share/doc/bind9/draft/draft-ietf-dnsext-dnssec-registry-fixes-06.txt
share/doc/bind9/draft/draft-ietf-dnsext-ecc-key-07.txt
share/doc/bind9/draft/draft-ietf-dnsext-interop3597-02.txt
share/doc/bind9/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt
@ -377,12 +377,15 @@ share/doc/bind9/draft/draft-ietf-dnsext-rfc3597-bis-02.txt
share/doc/bind9/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt
share/doc/bind9/draft/draft-ietf-dnsop-bad-dns-res-05.txt
share/doc/bind9/draft/draft-ietf-dnsop-default-local-zones-10.txt
share/doc/bind9/draft/draft-ietf-dnsop-dnssec-key-timing-00.txt
share/doc/bind9/draft/draft-ietf-dnsop-dnssec-trust-history-01.txt
share/doc/bind9/draft/draft-ietf-dnsop-inaddr-required-07.txt
share/doc/bind9/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt
share/doc/bind9/draft/draft-ietf-dnsop-respsize-06.txt
share/doc/bind9/draft/draft-kato-dnsop-local-zones-00.txt
share/doc/bind9/draft/draft-kerr-ixfr-only-01.txt
share/doc/bind9/draft/draft-mekking-dnsop-auto-cpsync-00.txt
share/doc/bind9/draft/draft-yao-dnsext-bname-04.txt
share/doc/bind9/rfc/rfc1032.txt
share/doc/bind9/rfc/rfc1033.txt
share/doc/bind9/rfc/rfc1034.txt
@ -510,6 +513,7 @@ share/doc/bind9/rfc/rfc5452.txt
share/doc/bind9/rfc/rfc5507.txt
share/doc/bind9/rfc/rfc5625.txt
share/doc/bind9/rfc/rfc5702.txt
share/doc/bind9/rfc/rfc5933.txt
share/doc/bind9/rfc/rfc952.txt
share/examples/rc.d/lwresd
share/examples/rc.d/named9

View file

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.3 2010/07/16 00:35:20 taca Exp $
$NetBSD: distinfo,v 1.4 2010/09/29 15:08:47 taca Exp $
SHA1 (bind-9.7.1-P2.tar.gz) = b24ea0e8a67b841601b803f54070610036931e64
RMD160 (bind-9.7.1-P2.tar.gz) = ec978498c0e0fa7f709fa3398a573e67557f06a4
Size (bind-9.7.1-P2.tar.gz) = 7549535 bytes
SHA1 (bind-9.7.2-P2.tar.gz) = ad143fa002d16352648c651ac12471258971a0d1
RMD160 (bind-9.7.2-P2.tar.gz) = dcc8bf34d0e72c53257d9ac61f88fd0f3f039672
Size (bind-9.7.2-P2.tar.gz) = 7573857 bytes
SHA1 (patch-aa) = 6cec876c8caa7082f97365863f3f88c4f168da48
SHA1 (patch-ab) = 9585a26a376d32f80ac8266eb7967c00b433f14d
SHA1 (patch-ac) = ce61643531948feb7db32c04594adc7ed041f4c6