pkgsrc/net/bind98
taca a6571bf16f Update bind98 package to 9.8.1.
pkgsrc change: add a patch to fix build problem with some PKG_OPTIONS,
such as "ldap".


New Features

9.8.1

     * Added a new include file with function typedefs for the DLZ
       "dlopen" driver. [RT #23629]
     * Added a tool able to generate malformed packets to allow testing of
       how named handles them. [RT #24096]
     * The root key is now provided in the file bind.keys allowing DNSSEC
       validation to be switched on at start up by adding
       "dnssec-validation auto;" to named.conf. If the root key provided
       has expired, named will log the expiration and validation will not
       work. More information and the most current copy of bind.keys can
       be found at http://www.isc.org/bind-keys. *Please note this feature
       was actually added in 9.8.0 but was not included in the 9.8.0
       release notes. [RT #21727]

Security Fixes

9.8.1

     * If named is configured with a response policy zone (RPZ) and a
       query of type RRSIG is received for a name configured for RRset
       replacement in that RPZ, it will trigger an INSIST and crash the
       server. RRSIG. [RT #24280]
     * named, set up to be a caching resolver, is vulnerable to a user
       querying a domain with very large resource record sets (RRSets)
       when trying to negatively cache the response. Due to an off-by-one
       error, caching the response could cause named to crash. [RT #24650]
       [CVE-2011-1910]
     * Using Response Policy Zone (RPZ) to query a wildcard CNAME label
       with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
       query type independant. [RT #24715]
     * Using Response Policy Zone (RPZ) with DNAME records and querying
       the subdomain of that label can cause named to crash. Now logs that
       DNAME is not supported. [RT #24766]
     * Change #2912 populated the message section in replies to UPDATE
       requests, which some Windows clients wanted. This exposed a latent
       bug that allowed the response message to crash named. With this
       fix, change 2912 has been reduced to copy only the zone section to
       the reply. A more complete fix for the latent bug will be released
       later. [RT #24777]

Feature Changes

9.8.1

     * Merged in the NetBSD ATF test framework (currently version 0.12)
       for development of future unit tests. Use configure --with-atf to
       build ATF internally or configure --with-atf=prefix to use an
       external copy. [RT #23209]
     * Added more verbose error reporting from DLZ LDAP. [RT #23402]
     * The DLZ "dlopen" driver is now built by default, no longer
       requiring a configure option. To disable it, use "configure
       --without-dlopen". (Note: driver not supported on win32.) [RT
       #23467]
     * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
     * Make --with-gssapi default for ./configure. [RT #23738]
     * Improved the startup time for an authoritative server with a large
       number of zones by making the zone task table of variable size
       rather than fixed size. This means that authoritative servers with
       lots of zones will be serving that zone data much sooner. [RT
       #24406]
     * Per RFC 6303, RFC 1918 reverse zones are now part of the built-in
       list of empty zones. [RT #24990]
2011-09-01 03:44:35 +00:00
..
files
patches Update bind98 package to 9.8.1. 2011-09-01 03:44:35 +00:00
buildlink3.mk
builtin.mk
DESCR
distinfo Update bind98 package to 9.8.1. 2011-09-01 03:44:35 +00:00
Makefile Update bind98 package to 9.8.1. 2011-09-01 03:44:35 +00:00
MESSAGE
options.mk
PLIST Update bind98 package to 9.8.1. 2011-09-01 03:44:35 +00:00