kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/bind99
History
taca ad40a0067d Update bind99 to 9.9.2 (BIND 9.9.2). 
Here are change changes from release note.  Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.

Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.


Security Fixes

* A deliberately constructed combination of records could cause named to hang
  while populating the additional section of a response. [CVE-2012-5166] [RT
  #31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
  exceeds 65535 bytes.  [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
  data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
  could cause undesirable behavior, including termination of the named
  process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
  condition that could cause a memory leak. This rarely occurred with UDP
  clients, but could be a significant problem for a server handling a steady
  rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]


New Features

* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
  now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
  determine which DS records should be published in the parent zone, or which
  DLV records should be published in a DLV zone, and queries the DNS to ensure
  that it exists. (Note: This tool depends on python; it will not be built or
  installed on systems that do not have a python interpreter.)  [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking
  for the correctness of signatures and NSEC/NSEC3 chains.  [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
  to specify the maximum rsa exponent size that will be accepted when
  validating [RT #29228]


Feature Changes

* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
  [RT #29492]
2012-10-10 03:07:12 +00:00
..
files PR#45780 net/bind99: Fix chroot operation 2012-05-20 12:00:15 +00:00
patches Update bind99 to 9.9.2 (BIND 9.9.2). 2012-10-10 03:07:12 +00:00
buildlink3.mk
builtin.mk
DESCR Make it clearer which package contains exactly which bind version. 2012-08-26 14:23:49 +00:00
distinfo Update bind99 to 9.9.2 (BIND 9.9.2). 2012-10-10 03:07:12 +00:00
Makefile Update bind99 to 9.9.2 (BIND 9.9.2). 2012-10-10 03:07:12 +00:00
MESSAGE
options.mk Add and enable readline option. 2012-07-10 10:23:03 +00:00
PLIST Update bind99 to 9.9.2 (BIND 9.9.2). 2012-10-10 03:07:12 +00:00