diff options
| author | taca <taca@pkgsrc.org> | 2012-10-10 03:07:12 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-10-10 03:07:12 +0000 |
| commit | ad40a0067d0dc95c4cc4d4a208757699b9bbe362 (patch) | |
| tree | 6dcfe43cf116b4f9a96fc2f66800b914faea1958 /net/bind99/PLIST | |
| parent | 6cc4eedcdac4f119b303002ceab5788259131012 (diff) | |
| download | pkgsrc-ad40a0067d0dc95c4cc4d4a208757699b9bbe362.tar.gz | |
Update bind99 to 9.9.2 (BIND 9.9.2).
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.
Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with UDP
clients, but could be a significant problem for a server handling a steady
rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone, or which
DLV records should be published in a DLV zone, and queries the DNS to ensure
that it exists. (Note: This tool depends on python; it will not be built or
installed on systems that do not have a python interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking
for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
to specify the maximum rsa exponent size that will be accepted when
validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
Diffstat (limited to 'net/bind99/PLIST')
| -rw-r--r-- | net/bind99/PLIST | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/bind99/PLIST b/net/bind99/PLIST index 85436fa6f73..30062e8de7b 100644 --- a/net/bind99/PLIST +++ b/net/bind99/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2012/05/22 03:31:07 taca Exp $ +@comment $NetBSD: PLIST,v 1.3 2012/10/10 03:07:12 taca Exp $ bin/dig bin/host bin/isc-config.sh @@ -302,6 +302,7 @@ man/man8/dnssec-keygen.8 man/man8/dnssec-revoke.8 man/man8/dnssec-settime.8 man/man8/dnssec-signzone.8 +man/man8/dnssec-verify.8 man/man8/genrandom.8 man/man8/isc-hmac-fixup.8 man/man8/lwresd.8 @@ -321,6 +322,7 @@ sbin/dnssec-keygen sbin/dnssec-revoke sbin/dnssec-settime sbin/dnssec-signzone +sbin/dnssec-verify sbin/genrandom sbin/isc-hmac-fixup sbin/lwresd @@ -356,6 +358,7 @@ share/doc/bind9/arm/man.dnssec-keygen.html share/doc/bind9/arm/man.dnssec-revoke.html share/doc/bind9/arm/man.dnssec-settime.html share/doc/bind9/arm/man.dnssec-signzone.html +share/doc/bind9/arm/man.dnssec-verify.html share/doc/bind9/arm/man.genrandom.html share/doc/bind9/arm/man.host.html share/doc/bind9/arm/man.isc-hmac-fixup.html |