pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2012Q3] pkgsrc/net/bind99
Module Name: pkgsrc
Committed By: tron
Date: Wed Oct 10 13:48:13 UTC 2012
Modified Files:
pkgsrc/net/bind99 [pkgsrc-2012Q3]: Makefile PLIST distinfo
pkgsrc/net/bind99/patches [pkgsrc-2012Q3]:
patch-bin_tests_system_Makefile.in patch-configure
patch-configure.in
Log Message:
Pullup ticket #3944 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.12-1.13
- net/bind99/PLIST 1.3
- net/bind99/distinfo 1.9
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.3
- net/bind99/patches/patch-configure 1.3
- net/bind99/patches/patch-configure.in 1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 3 21:59:10 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
Log Message:
Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.
I hope that's all of them.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Oct 10 03:07:13 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
patch-configure patch-configure.in
Log Message:
Update bind99 to 9.9.2 (BIND 9.9.2).
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.
Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with UDP
clients, but could be a significant problem for a server handling a steady
rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC
are
now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone, or which
DLV records should be published in a DLV zone, and queries the DNS to
ensure
that it exists. (Note: This tool depends on python; it will not be built or
installed on systems that do not have a python interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking
for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
to specify the maximum rsa exponent size that will be accepted when
validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an
answer.
[RT #29492]
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.2 -r1.2.4.1 pkgsrc/net/bind99/PLIST
cvs rdiff -u -r1.8 -r1.8.2.1 pkgsrc/net/bind99/distinfo
cvs rdiff -u -r1.2 -r1.2.4.1 \
pkgsrc/net/bind99/patches/patch-bin_tests_system_Makefile.in
cvs rdiff -u -r1.2 -r1.2.2.1 pkgsrc/net/bind99/patches/patch-configure
cvs rdiff -u -r1.1 -r1.1.2.1 pkgsrc/net/bind99/patches/patch-configure.in
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index