pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2012Q3] pkgsrc/net/bind99

Module Name:    pkgsrc
Committed By:   tron
Date:           Wed Oct 10 13:48:13 UTC 2012

Modified Files:
        pkgsrc/net/bind99 [pkgsrc-2012Q3]: Makefile PLIST distinfo
        pkgsrc/net/bind99/patches [pkgsrc-2012Q3]:

Log Message:
Pullup ticket #3944 - requested by taca
net/bind99: security update

Revisions pulled up:
- net/bind99/Makefile                                           1.12-1.13
- net/bind99/PLIST                                              1.3
- net/bind99/distinfo                                           1.9
- net/bind99/patches/         1.3
- net/bind99/patches/patch-configure                            1.3
- net/bind99/patches/                         1.2

   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Wed Oct  3 21:59:10 UTC 2012

   Modified Files:
        pkgsrc/net/bind99: Makefile

   Log Message:
   Bump all packages that use perl, or depend on a p5-* package, or
   are called p5-*.

   I hope that's all of them.

   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Oct 10 03:07:13 UTC 2012

   Modified Files:
        pkgsrc/net/bind99: Makefile PLIST distinfo

   Log Message:
   Update bind99 to 9.9.2 (BIND 9.9.2).

   Here are change changes from release note.  Note security fixes except
   CVE-2012-5166 should be already fixed in previous version of bind99 package.

   Please refer for list of full bug fixes.

   Security Fixes

   * A deliberately constructed combination of records could cause named to hang
     while populating the additional section of a response. [CVE-2012-5166] [RT
   * Prevents a named assert (crash) when queried for a record whose RDATA
     exceeds 65535 bytes.  [CVE-2012-4244] [RT #30416]
   * Prevents a named assert (crash) when validating caused by using "Bad cache"
     data before it has been initialized. [CVE-2012-3817] [RT #30025]
   * A condition has been corrected where improper handling of zero-length RDATA
     could cause undesirable behavior, including termination of the named
     process. [CVE-2012-1667] [RT #29644]
   * ISC_QUEUE handling for recursive clients was updated to address a race
     condition that could cause a memory leak. This rarely occurred with UDP
     clients, but could be a significant problem for a server handling a steady
     rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]

   New Features

   * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC 
     now supported per RFC 6605. [RT #21918]
   * Introduces a new tool "dnssec-checkds" command that checks a zone to
     determine which DS records should be published in the parent zone, or which
     DLV records should be published in a DLV zone, and queries the DNS to 
     that it exists. (Note: This tool depends on python; it will not be built or
     installed on systems that do not have a python interpreter.)  [RT #28099]
   * Introduces a new tool "dnssec-verify" that validates a signed zone, 
     for the correctness of signatures and NSEC/NSEC3 chains.  [RT #23673]
   * Adds configuration option "max-rsa-exponent-size <value>;" that can be used
     to specify the maximum rsa exponent size that will be accepted when
     validating [RT #29228]

   Feature Changes

   * Improves OpenSSL error logging [RT #29932]
   * nslookup now returns a nonzero exit code when it is unable to get an 
     [RT #29492]

To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.2 -r1.2.4.1 pkgsrc/net/bind99/PLIST
cvs rdiff -u -r1.8 -r1.8.2.1 pkgsrc/net/bind99/distinfo
cvs rdiff -u -r1.2 -r1.2.4.1 \
cvs rdiff -u -r1.2 -r1.2.2.1 pkgsrc/net/bind99/patches/patch-configure
cvs rdiff -u -r1.1 -r1.1.2.1 pkgsrc/net/bind99/patches/

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index