head 1.15; access; symbols pkgsrc-2013Q1:1.14.0.2 pkgsrc-2013Q1-base:1.14 pkgsrc-2012Q4:1.11.0.2 pkgsrc-2012Q4-base:1.11 pkgsrc-2012Q3:1.8.0.2 pkgsrc-2012Q3-base:1.8 pkgsrc-2012Q2:1.5.0.2 pkgsrc-2012Q2-base:1.5 pkgsrc-2012Q1:1.2.0.2 pkgsrc-2012Q1-base:1.2 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.15 date 2013.04.08.15.55.45; author pettai; state Exp; branches; next 1.14; 1.14 date 2013.03.27.12.08.24; author pettai; state Exp; branches; next 1.13; 1.13 date 2013.03.26.22.12.14; author taca; state Exp; branches; next 1.12; 1.12 date 2013.02.09.00.14.34; author pettai; state Exp; branches; next 1.11; 1.11 date 2012.12.05.00.55.54; author taca; state Exp; branches 1.11.2.1; next 1.10; 1.10 date 2012.11.10.23.45.39; author pettai; state Exp; branches; next 1.9; 1.9 date 2012.10.10.03.07.12; author taca; state Exp; branches; next 1.8; 1.8 date 2012.09.13.01.35.56; author taca; state Exp; branches 1.8.2.1; next 1.7; 1.7 date 2012.07.24.20.40.12; author spz; state Exp; branches; next 1.6; 1.6 date 2012.07.10.10.23.03; author sbd; state Exp; branches; next 1.5; 1.5 date 2012.06.04.13.24.28; author taca; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2012.05.22.03.31.07; author taca; state Exp; branches; next 1.3; 1.3 date 2012.05.01.02.47.52; author taca; state Exp; branches; next 1.2; 1.2 date 2012.03.23.21.25.01; author marino; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2012.03.07.14.25.00; author taca; state Exp; branches 1.1.1.1; next ; 1.11.2.1 date 2013.03.30.17.52.50; author tron; state Exp; branches; next ; 1.8.2.1 date 2012.10.10.13.48.13; author tron; state Exp; branches; next 1.8.2.2; 1.8.2.2 date 2012.12.05.07.07.52; author sbd; state Exp; branches; next ; 1.5.2.1 date 2012.07.25.10.30.24; author sbd; state Exp; branches; next 1.5.2.2; 1.5.2.2 date 2012.09.13.07.48.01; author sbd; state Exp; branches; next ; 1.2.2.1 date 2012.05.03.18.13.43; author tron; state Exp; branches; next 1.2.2.2; 1.2.2.2 date 2012.05.22.09.09.52; author tron; state Exp; branches; next 1.2.2.3; 1.2.2.3 date 2012.06.05.08.26.51; author sbd; state Exp; branches; next ; 1.1.1.1 date 2012.03.07.14.25.00; author taca; state Exp; branches; next ; desc @@ 1.15 log @New rrl patch, new checksum @ text @$NetBSD: distinfo,v 1.14 2013/03/27 12:08:24 pettai Exp $ SHA1 (bind-9.9.2-P2.tar.gz) = 3aadeaf64164a31a1cf22737ff2eea706792b68d RMD160 (bind-9.9.2-P2.tar.gz) = 3fd39bc8a572ac2c888ce6fc71454a8034cd9b68 Size (bind-9.9.2-P2.tar.gz) = 7277958 bytes SHA1 (rl-9.9.2-P2.patch) = 4ea620a491e9d8427f9d1c484a2d240d56c61eec RMD160 (rl-9.9.2-P2.patch) = fdfc7ad77d86efc0f12da21a760b16b8ca99fc34 Size (rl-9.9.2-P2.patch) = 100699 bytes SHA1 (patch-bin_dig_Makefile.in) = d2c2a0b137be7e31fdc15438d107116fc38a38b9 SHA1 (patch-bin_dig_dighost.c) = 186cdc70605242afb0211dc8802ec75677a65614 SHA1 (patch-bin_nsupdate_Makefile.in) = 42b39d60468ffa8ed13f77259755b217966de664 SHA1 (patch-bin_tests_system_Makefile.in) = 1f268808c55223ac11d1794039503424a51ee71b SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 SHA1 (patch-configure) = 96135505a9c554c95dade6872b42f360ad5bfeec SHA1 (patch-configure.in) = f07381d79ef45a7356d0657c220fcec3ffc6741d SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f SHA1 (patch-lib_bind9_Makefile.in) = 89e21d21fa512f11a2fdb8d7455abd5d95f20ba5 SHA1 (patch-lib_dns_Makefile.in) = 1770a8bd86901c618b11d255f3af54748d04b759 SHA1 (patch-lib_dns_rbt.c) = df4b029369d9fa3b250d8505b5f7590e2cd86654 SHA1 (patch-lib_dns_zone.c) = e01378ee95bf7c5b903a2c3a90acf83a3a4cae52 SHA1 (patch-lib_isc_Makefile.in) = 5e0739d19957b1f26bcc24a6c76bcab6248cbff5 SHA1 (patch-lib_isccc_Makefile.in) = a31831872b7724cb84f663ed70a82335d812f95f SHA1 (patch-lib_isccfg_Makefile.in) = 5ce4a85c1a13eca255804850b18b421418a2a01b SHA1 (patch-lib_lwres_Makefile.in) = 40fd0ed1d699cb2f6258f33888a9495899373767 SHA1 (patch-lib_lwres_getaddrinfo.c) = ccc00e446867785e401eb92e63e05505dfd01087 SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1 @ 1.14 log @Also update the corresponding RRL patch + distinfo file @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2013/03/26 22:12:14 taca Exp $ d6 3 a8 3 SHA1 (rl-9.9.2-P2.patch) = f1a9514ed3777f2c7eed3f705f62b77a5167858e RMD160 (rl-9.9.2-P2.patch) = ccbc7dd5ed7270bf24a2c60082d582c4133627f3 Size (rl-9.9.2-P2.patch) = 100619 bytes @ 1.13 log @Update bind99 to 9.9.2pl2 (BIND 9.9.2-P2). --- 9.9.2-P2 released --- 3516. [security] Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2013/02/09 00:14:34 pettai Exp $ d6 3 a8 3 SHA1 (rl-9.9.2-P1.patch) = 60bf003124a16c6dcfc297fc2ad8da2c916b568f RMD160 (rl-9.9.2-P1.patch) = d7bbb95e7fe864d776747e05043c90d5c4e887a2 Size (rl-9.9.2-P1.patch) = 100497 bytes @ 1.12 log @Updated rrl patch version + source @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2012/12/05 00:55:54 taca Exp $ d3 3 a5 3 SHA1 (bind-9.9.2-P1.tar.gz) = 9d56db2a86dde8167f7adfb200beee0f51d771a5 RMD160 (bind-9.9.2-P1.tar.gz) = 0693b2dd3678ea918d30107dc78514b60bcf923d Size (bind-9.9.2-P1.tar.gz) = 7277498 bytes d14 1 a14 1 SHA1 (patch-configure) = a9f5f75fafc9f0b756adcbbf6bee257fd5d4567e @ 1.11 log @Update bind99 to 9.9.2pl1nb2 (BIND 9.9.2-P1) which solves CVE-2012-5688. --- 9.9.2-P1 released --- 3407. [security] Named could die on specific queries with dns64 enabled. [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2012/11/10 23:45:39 pettai Exp $ d6 3 a8 3 SHA1 (rl-9.9.2.patch) = 18250e466e03a36a0b81dbceb41570aa2d548118 RMD160 (rl-9.9.2.patch) = ea855f46db89b0791a8cf610474106775104568b Size (rl-9.9.2.patch) = 91993 bytes @ 1.11.2.1 log @Pullup ticket #4103 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.21-1.23 - net/bind99/distinfo 1.12-1.14 - net/bind99/options.mk 1.5-1.6 - net/bind99/patches/patch-configure 1.4 --- Module Name: pkgsrc Committed By: jperkin Date: Wed Feb 6 23:24:19 UTC 2013 Modified Files: pkgsrc/net/bind99: Makefile Log Message: PKGREVISION bumps for the security/openssl 1.0.1d update. --- Module Name: pkgsrc Committed By: wiz Date: Sat Mar 2 20:33:35 UTC 2013 Modified Files: pkgsrc/net/bind96: Makefile Log Message: Bump PKGREVISION for mysql default change to 55. --- Module Name: pkgsrc Committed By: pettai Date: Sat Feb 9 00:14:34 UTC 2013 Modified Files: pkgsrc/net/bind99: distinfo options.mk Log Message: Updated rrl patch version + source --- Module Name: pkgsrc Committed By: taca Date: Tue Mar 26 22:12:14 UTC 2013 Modified Files: pkgsrc/net/bind99: Makefile distinfo pkgsrc/net/bind99/patches: patch-configure Log Message: Update bind99 to 9.9.2pl2 (BIND 9.9.2-P2). --- 9.9.2-P2 released --- 3516. [security] Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] --- Module Name: pkgsrc Committed By: pettai Date: Wed Mar 27 12:08:24 UTC 2013 Modified Files: pkgsrc/net/bind99: distinfo options.mk Log Message: Also update the corresponding RRL patch + distinfo file @ text @d1 1 a1 1 $NetBSD$ d3 6 a8 6 SHA1 (bind-9.9.2-P2.tar.gz) = 3aadeaf64164a31a1cf22737ff2eea706792b68d RMD160 (bind-9.9.2-P2.tar.gz) = 3fd39bc8a572ac2c888ce6fc71454a8034cd9b68 Size (bind-9.9.2-P2.tar.gz) = 7277958 bytes SHA1 (rl-9.9.2-P2.patch) = f1a9514ed3777f2c7eed3f705f62b77a5167858e RMD160 (rl-9.9.2-P2.patch) = ccbc7dd5ed7270bf24a2c60082d582c4133627f3 Size (rl-9.9.2-P2.patch) = 100619 bytes d14 1 a14 1 SHA1 (patch-configure) = 96135505a9c554c95dade6872b42f360ad5bfeec @ 1.10 log @Added RRL (Response Rate Limiting) build option @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2012/10/10 03:07:12 taca Exp $ d3 3 a5 3 SHA1 (bind-9.9.2.tar.gz) = eb9fa7b497d67ce61a120cb96c302381bc385324 RMD160 (bind-9.9.2.tar.gz) = 80118091f62a5f44565c86ab1ce4461c2c6d890b Size (bind-9.9.2.tar.gz) = 7285050 bytes @ 1.9 log @Update bind99 to 9.9.2 (BIND 9.9.2). Here are change changes from release note. Note security fixes except CVE-2012-5166 should be already fixed in previous version of bind99 package. Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes. Security Fixes * A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] * Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] * Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] * A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] * ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-checkds" command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * Adds configuration option "max-rsa-exponent-size ;" that can be used to specify the maximum rsa exponent size that will be accepted when validating [RT #29228] Feature Changes * Improves OpenSSL error logging [RT #29932] * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2012/09/13 01:35:56 taca Exp $ d6 3 @ 1.8 log @Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3). --- 9.9.1-P3 released --- 3364. [security] Named could die on specially crafted record. [RT #30416] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2012/07/24 20:40:12 spz Exp $ d3 3 a5 3 SHA1 (bind-9.9.1-P3.tar.gz) = 1c890f69f627ffbc76460c766bafefde408ed799 RMD160 (bind-9.9.1-P3.tar.gz) = 23c2081af02eea7a0b7f5e903edf0727f5df2237 Size (bind-9.9.1-P3.tar.gz) = 7217415 bytes d9 1 a9 1 SHA1 (patch-bin_tests_system_Makefile.in) = 3224a66b7d29f6f17d02de1663c61b5e57b91d20 d11 2 a12 2 SHA1 (patch-configure) = 8997a0a2881b7c4a576ea67f6c27016421034772 SHA1 (patch-configure.in) = c815126eb9175e4404fb44a8639a0e091c68f192 @ 1.8.2.1 log @Pullup ticket #3944 - requested by taca net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.12-1.13 - net/bind99/PLIST 1.3 - net/bind99/distinfo 1.9 - net/bind99/patches/patch-bin_tests_system_Makefile.in 1.3 - net/bind99/patches/patch-configure 1.3 - net/bind99/patches/patch-configure.in 1.2 --- Module Name: pkgsrc Committed By: wiz Date: Wed Oct 3 21:59:10 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile Log Message: Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them. --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 10 03:07:13 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile PLIST distinfo pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in patch-configure patch-configure.in Log Message: Update bind99 to 9.9.2 (BIND 9.9.2). Here are change changes from release note. Note security fixes except CVE-2012-5166 should be already fixed in previous version of bind99 package. Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes. Security Fixes * A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] * Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] * Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] * A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] * ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-checkds" command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * Adds configuration option "max-rsa-exponent-size ;" that can be used to specify the maximum rsa exponent size that will be accepted when validating [RT #29228] Feature Changes * Improves OpenSSL error logging [RT #29932] * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (bind-9.9.2.tar.gz) = eb9fa7b497d67ce61a120cb96c302381bc385324 RMD160 (bind-9.9.2.tar.gz) = 80118091f62a5f44565c86ab1ce4461c2c6d890b Size (bind-9.9.2.tar.gz) = 7285050 bytes d9 1 a9 1 SHA1 (patch-bin_tests_system_Makefile.in) = 1f268808c55223ac11d1794039503424a51ee71b d11 2 a12 2 SHA1 (patch-configure) = a9f5f75fafc9f0b756adcbbf6bee257fd5d4567e SHA1 (patch-configure.in) = f07381d79ef45a7356d0657c220fcec3ffc6741d @ 1.8.2.2 log @Pullup ticket #3983 - requested by taca net/bind99 security update Revisions pulled up: - net/bind99/Makefile 1.14-1.19 - net/bind99/distinfo 1.10-1.11 - net/bind99/options.mk 1.4 --- Module Name: pkgsrc Committed By: cheusov Date: Sun Oct 21 15:49:07 UTC 2012 Modified Files: pkgsrc/net/bind96: Makefile pkgsrc/net/bind97: Makefile pkgsrc/net/bind98: Makefile pkgsrc/net/bind99: Makefile pkgsrc/net/host: Makefile Log Message: Add CONFLICTS between net/bind and net/host. net/bind9*: remove "bindheaps to avoid triggering an assertion when flushing cache data. [RT #28571] * Prevents intermittent named crashes following an rndc reload [RT #28606] * Resolves inconsistencies in locating DNSSEC keys where zone names contain characters that require special mappings [RT #28600] * A new flag -R has been added to queryperf for running tests using non-recursive queries. It also now builds correctly on MacOS version 10.7 (darwin) [RT #28565] * Named no longer crashes if gssapi is enabled in named.conf but was not compiled into the binary [RT #28338] * SDB now handles unexpected errors from back-end database drivers gracefully instead of exiting on an assert. [RT #28534] * Prevents named crashes as a result of dereferencing a NULL pointer in zmgr_start_xfrin_ifquota if the zone was being removed while there were zone transfers still pending [RT #28419] * Corrects a parser bug that could cause named to crash while reading a malformed zone file. [RT #28467] * Ensures that when a client recurses its status fields are consistently set so that named doesn't fail on an INSIST in client.c:exit_check. [RT #28346] * Fixed a problem preventing proper use of 64 bit time values in libbind. [RT # 26542] * isccc/cc.c:table_fromwire could fail to free an allocated object on error, leading to a possible memory leak condition. [RT #28265] * Fixed a build error on systems without ENOTSUP. [RT #28200] * The header file isc/hmacsha.h is now installed when building BIND. [RT #28169] * AAAA responses will no longer be returned in the additional section when filter-aaaa-on-v4 is in use. (Prior to this change, they would be returned for some query types). [RT #27292] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2012/05/01 02:47:52 taca Exp $ d3 3 a5 3 SHA1 (bind-9.9.1.tar.gz) = c963de85ba6f55d7615471b29b356efe6c844e9c RMD160 (bind-9.9.1.tar.gz) = f128445b25de7ac8508ecdb9d78165b9dcf169a0 Size (bind-9.9.1.tar.gz) = 7092357 bytes @ 1.3 log @Add fix to a race condition in the resolver code that can cause a recursive nameserver: . Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2012/03/23 21:25:01 marino Exp $ d3 3 a5 3 SHA1 (bind-9.9.0.tar.gz) = 6be77c75c8649088b0ae7124d819b5f412bb0094 RMD160 (bind-9.9.0.tar.gz) = 5fda36a3aa84062f7936978cb540e8ad3f1c4e08 Size (bind-9.9.0.tar.gz) = 7114050 bytes d7 1 a7 1 SHA1 (patch-bin_tests_system_Makefile.in) = 70fafa764752881f8367222b0a77cdae83c2e0f9 a12 1 SHA1 (patch-lib_dns_resolver.c) = 48f17278af67ea8f5a282b1194281c36959a046e @ 1.2 log @net/bind99: Fix undefined reference to `main' DragonFly build was broken during the linking of driver.so ---- libtool: link: cc -o driver.so .libs/driver.o -L/wrkobjdir/net/bind99/work/.buildlink/lib /usr/lib/crt1.o: In function `_start': crt1.c:(.text+0x149): undefined reference to `main' *** Error code 1 ---- This has been seen on other platforms: Fedora: http://lists.fedoraproject.org/pipermail/scm-commits/2011-November/683368.html Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=406399 Not building dlzexternal is the solution the worked in the above reports. It works for DragonFly as well, and the PLIST is not affected. @ text @d1 1 a1 1 $NetBSD$ d13 1 @ 1.2.2.1 log @Pullup ticket #3762 - requested by taca net/bind99: security patch Revisions pulled up: - net/bind99/Makefile 1.2 - net/bind99/distinfo 1.3 - net/bind99/patches/patch-lib_dns_resolver.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue May 1 02:47:52 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile distinfo Added Files: pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c Log Message: Add fix to a race condition in the resolver code that can cause a recursive nameserver: . Bump PKGREVISION. @ text @a12 1 SHA1 (patch-lib_dns_resolver.c) = 48f17278af67ea8f5a282b1194281c36959a046e @ 1.2.2.2 log @Pullup ticket #3797 - requested by taca net/bind99/: security update Revisions pulled up: - net/bind99/Makefile 1.3-1.4 - net/bind99/PLIST 1.2 - net/bind99/distinfo 1.4 - net/bind99/files/named9.sh 1.2 - net/bind99/patches/patch-bin_tests_system_Makefile.in 1.2 - net/bind99/patches/patch-lib_dns_resolver.c deleted --- Module Name: pkgsrc Committed By: marino Date: Sun May 20 12:00:15 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile pkgsrc/net/bind99/files: named9.sh Log Message: PR#45780 net/bind99: Fix chroot operation DNSSEC related, bind99 needs same fix as bind98 --- Module Name: pkgsrc Committed By: taca Date: Tue May 22 03:31:07 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile PLIST distinfo pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in Removed Files: pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c Log Message: Update biind99 package to 9.9.1. pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in. Changes from release announce: Security Fixes * Windows binary packages distributed by ISC are now built and linked against OpenSSL 1.0.0i New Features * None Feature Changes * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] * A note will be added to the README in future releases to explain that the improved scalability provided by using multiple threads to listen for and process queries (change 3137, RT #22992) does not provide any performance benefit when running BIND on versions of the linux kernel that do not include the 'lockless UDP transmit path' changes that were incorporated in 2.6.39. (Some linux distributors may have provided this functionality under their own version numbering systems). Bug Fixes * The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi-threaded environment. (Note that this may not provide a measurable improvement over previous versions of BIND, but it corrects the performance impact of change 3309 / RT #27995) [RT #29239] * Addresses a race condition that can cause named to to crash when the masters list for a zone is updated via rndc reload/reconfig [RT #26732] * named-checkconf now correctly validates dns64 clients acl definitions. [RT #27631] * Fixes a race condition in zone.c that can cause named to crash during the processing of rndc delzone [RT #29028] * Prevents a named segfault from resolver.c due to procedure fctx_finddone() not being thread-safe. [RT #27995] * Improves DNS64 reverse zone performance. [RT #28563] * Adds wire format lookup method to sdb. [RT #28563] * Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering an assertion when flushing cache data. [RT #28571] * Prevents intermittent named crashes following an rndc reload [RT #28606] * Resolves inconsistencies in locating DNSSEC keys where zone names contain characters that require special mappings [RT #28600] * A new flag -R has been added to queryperf for running tests using non-recursive queries. It also now builds correctly on MacOS version 10.7 (darwin) [RT #28565] * Named no longer crashes if gssapi is enabled in named.conf but was not compiled into the binary [RT #28338] * SDB now handles unexpected errors from back-end database drivers gracefully instead of exiting on an assert. [RT #28534] * Prevents named crashes as a result of dereferencing a NULL pointer in zmgr_start_xfrin_ifquota if the zone was being removed while there were zone transfers still pending [RT #28419] * Corrects a parser bug that could cause named to crash while reading a malformed zone file. [RT #28467] * Ensures that when a client recurses its status fields are consistently set so that named doesn't fail on an INSIST in client.c:exit_check. [RT #28346] * Fixed a problem preventing proper use of 64 bit time values in libbind. [RT # 26542] * isccc/cc.c:table_fromwire could fail to free an allocated object on error, leading to a possible memory leak condition. [RT #28265] * Fixed a build error on systems without ENOTSUP. [RT #28200] * The header file isc/hmacsha.h is now installed when building BIND. [RT #28169] * AAAA responses will no longer be returned in the additional section when filter-aaaa-on-v4 is in use. (Prior to this change, they would be returned for some query types). [RT #27292] @ text @d3 3 a5 3 SHA1 (bind-9.9.1.tar.gz) = c963de85ba6f55d7615471b29b356efe6c844e9c RMD160 (bind-9.9.1.tar.gz) = f128445b25de7ac8508ecdb9d78165b9dcf169a0 Size (bind-9.9.1.tar.gz) = 7092357 bytes d7 1 a7 1 SHA1 (patch-bin_tests_system_Makefile.in) = 3224a66b7d29f6f17d02de1663c61b5e57b91d20 d13 1 @ 1.2.2.3 log @Pullup ticket #3817 - requested by taca net/bind99 security update Revisions pulled up: - net/bind99/Makefile 1.5 - net/bind99/distinfo 1.5 --- Module Name: pkgsrc Committed By: taca Date: Mon Jun 4 13:24:28 UTC 2012 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.1pl1 (BIND 9.9.1-P1). Security release for CVE-2012-1667. --- 9.9.1-P1 released --- 3331. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644] @ text @d3 3 a5 3 SHA1 (bind-9.9.1-P1.tar.gz) = a2263b96ccd8a143ea54b39958142c542bf605a8 RMD160 (bind-9.9.1-P1.tar.gz) = 5ba6adbfeab5872582095b213e95b97eda59d044 Size (bind-9.9.1-P1.tar.gz) = 7223197 bytes @ 1.1 log @Initial revision @ text @d7 1 @ 1.1.1.1 log @Importing BIND 9.9.0 as pkgsrc/net/bind99. Introduction BIND 9.9.0 is the first production release of BIND 9.9. This document summarizes changes from BIND 9.8 to BIND 9.9. Please see the CHANGES file in the source code release for a complete list of all changes. New Features * The new "inline-signing" option * NXDOMAIN redirection * "rndc flushtree " command * "rndc sync" command * The new "rndc signing" command * "auto-dnssec" zones * Improves the startup time And more. @ text @@