Petr Menšík
782e6f0ca5
Update to 9.18.18 ( #2232346 )
...
https://downloads.isc.org/isc/bind9/9.18.18/doc/arm/html/notes.html#notes-for-bind-9-18-18
2023-09-06 20:06:06 +02:00
Petr Menšík
fc196eb713
Update to 9.18.17 ( #2223913 )
...
https://downloads.isc.org/isc/bind9/9.18.17/doc/arm/html/notes.html#notes-for-bind-9-18-17
2023-07-19 23:47:02 +02:00
Petr Menšík
7ee174a831
Update to 9.18.16 ( #2216462 )
...
https://downloads.isc.org/isc/bind9/9.18.16/doc/arm/html/notes.html#notes-for-bind-9-18-16
Resolves: CVE-2023-2828 CVE-2023-2911
2023-06-22 00:34:42 +02:00
Petr Menšík
9678d7855f
Update to 9.18.15 ( #2207908 )
2023-05-17 18:59:49 +02:00
Petr Menšík
15dc7fb16a
Update to 9.18.14 ( #2187996 )
...
https://downloads.isc.org/isc/bind9/9.18.14/doc/arm/html/notes.html#notes-for-bind-9-18-14
2023-04-21 22:18:36 +02:00
Petr Menšík
13b1bcc0f0
Update to 9.18.3 ( #2178717 )
...
https://downloads.isc.org/isc/bind9/9.18.13/doc/arm/html/notes.html#notes-for-bind-9-18-13
2023-03-22 17:57:33 +01:00
Petr Menšík
10cb7fcdc5
Update to 9.18.12 ( #2170096 )
...
https://downloads.isc.org/isc/bind9/9.18.12/doc/arm/html/notes.html#notes-for-bind-9-18-12
2023-02-16 02:43:32 +01:00
Petr Menšík
6db5408538
Update to 9.18.11 ( #2164395 )
...
Resolves: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924
https://downloads.isc.org/isc/bind9/9.18.11/doc/arm/html/notes.html#notes-for-bind-9-18-11
2023-01-27 17:25:00 +01:00
Petr Menšík
9b329d0dd6
Update to 9.18.10 ( #2143258 )
...
https://downloads.isc.org/isc/bind9/9.18.10/doc/arm/html/notes.html#notes-for-bind-9-18-10
2023-01-16 14:32:06 +01:00
Petr Menšík
5e42931b09
Update to 9.18.9 ( #2143258 )
...
https://downloads.isc.org/isc/bind9/9.18.9/doc/arm/html/notes.html#notes-for-bind-9-18-9
2022-11-21 12:39:51 +01:00
Petr Menšík
99fd53a106
Update to 9.18.8 ( #2136100 )
...
https://downloads.isc.org/isc/bind9/9.18.8/doc/arm/html/notes.html#notes-for-bind-9-18-8
2022-10-22 22:07:38 +02:00
Petr Menšík
bbdbcbc779
Update to 9.18.7 ( #2128609 )
...
https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7
2022-09-21 15:54:53 +02:00
Petr Menšík
c0c776f659
Update to 9.18.6 ( #2119132 )
...
https://downloads.isc.org/isc/bind9/9.18.6/doc/arm/html/notes.html#notes-for-bind-9-18-6
2022-08-30 20:07:05 +02:00
Petr Menšík
66ddbbdf47
Update to 9.18.5 ( #2109170 )
...
https://downloads.isc.org/isc/bind9/9.18.5/doc/arm/html/notes.html#notes-for-bind-9-18-5
Changes NSEC3 default count to zero.
2022-08-03 20:38:49 +02:00
Petr Menšík
8a47aa2c75
Import version from branch v9_18
...
Uses git checkout 38726e67340b2b60715fa2f342dc800273d3772f -- .
Remove unused patches from distgit.
2022-08-03 20:37:06 +02:00
Petr Menšík
f887e16911
Update to 9.16.30 ( #2097312 )
...
https://downloads.isc.org/isc/bind9/9.16.30/doc/arm/html/notes.html#notes-for-bind-9-16-30
2022-06-20 14:21:46 +02:00
Petr Menšík
bb1dcf68da
Update to 9.16.29
...
Previously, CDS and CDNSKEY DELETE records were removed from
the zone when configured with the auto-dnssec maintain; option.
This has been fixed. [GL #2931 ]
https://downloads.isc.org/isc/bind9/9.16.29/doc/arm/html/notes.html#notes-for-bind-9-16-29
Resolves: rhbz#2087920
2022-05-26 23:14:06 +02:00
Petr Menšík
0cc36e95a3
Update to 9.16.28 ( #2076941 )
...
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
2022-04-20 18:07:44 +02:00
Petr Menšík
e52a502150
Upgrade to 9.16.27 ( #2055120 )
...
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27
Resolves: CVE-2021-25220 CVE-2022-0396
2022-03-18 11:13:18 +01:00
Petr Menšík
74f70469b1
Update to 9.16.26 ( #2055120 )
2022-02-17 23:21:17 +01:00
Petr Menšík
11207651f7
Update to 9.16.25 ( #2042504 )
...
- Reduced memory usage on machines with many CPU cores.
- Offline ZSK expired signatures would be signed by KSK instead
- Inline signed zone could be saved without serial, causing error after
restart
https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html#notes-for-bind-9-16-25
2022-01-21 21:56:02 +01:00
Petr Menšík
13da6470e0
Upload new sources
2021-12-20 11:37:38 +01:00
Petr Menšík
f8d4aed3a6
Update 9.16.23
...
Reloading a catalog zone which referenced a missing/deleted member zone
triggered a runtime check failure, causing named to exit prematurely.
This has been fixed. [GL #2308 ]
https://downloads.isc.org/isc/bind9/9.16.23/doc/arm/html/notes.html#notes-for-bind-9-16-23
2021-11-19 18:42:55 +01:00
Petr Menšík
5a12a8cddc
Update to 9.16.22
2021-10-27 20:13:32 +02:00
Petr Menšík
59865beb68
Update to 9.16.21
...
- Support for HTTPS and SVCB
https://downloads.isc.org/isc/bind9/9.16.21/doc/arm/html/notes.html#notes-for-bind-9-16-21
2021-09-15 12:26:45 +02:00
Petr Menšík
9d509c6973
Update to 9.16.20 ( #1995289 )
2021-08-19 12:50:40 +02:00
Petr Menšík
3bd7080e53
Update to 9.16.19
...
Remove support for PREVER and PATCHVER, since upstream no longer
releases them. Simplifies a bit versioning.
Resolves: rhbz#1984627
2021-07-21 22:10:55 +02:00
Petr Menšík
48d8c90e0d
Update to 9.16.18
...
Fixup release after bugs released in 9.16.17.
https://downloads.isc.org/isc/bind9/9.16.18/doc/arm/html/notes.html#notes-for-bind-9-16-18
2021-06-18 16:38:18 +02:00
Petr Menšík
83399543c1
Update to 9.16.17
2021-06-17 16:33:32 +02:00
Petr Menšík
9c54517d6f
Update to 9.16.16 ( #1954827 )
...
https://downloads.isc.org/isc/bind9/9.16.16/doc/arm/html/notes.html#notes-for-bind-9-16-16
2021-05-21 10:39:29 +02:00
Petr Menšík
f8cb93d57c
Update to 9.16.15
...
Resolves CVE-2021-25215 and CVE-2021-25214.
Removes disable-isc-spnego flag, because custom isc spnego code were
removed with also this flag. It is default (and the only) option now.
2021-04-29 18:13:33 +02:00
Petr Menšík
76074cd59a
Update to 9.16.13
...
Reworked custom redhat version. Complete version is now part of library
names. Libraries are not recommended for any third party application.
They are still required for bind-dyndb-ldap only.
Version of named changed, only suffix -RH is appended to upstream
version. Therefore dig would not contain version
9.6.11-RedHat-9.6.11-1.fc34, but only 9.6.13-RH. Version of fedora build
have to be obtained from rpm -q bind.
Version is now part of library names, bind-libs-lite was merged to
bind-libs. bind-dyndb-ldap needs whole bind, no point to offer smaller
library set just for its dependencies.
Updated also named(8) manual page to match current state of SELinux.
2021-03-25 22:23:27 +01:00
Petr Menšík
f3d54bbf18
Update to 9.16.11 ( #1827602 )
...
https://downloads.isc.org/isc/bind9/9.16.11/RELEASE-NOTES-bind-9.16.11.html
2021-01-21 11:34:02 +01:00
Petr Menšík
7c5d77a6ce
Merge branch 'v9_16'
...
https://fedoraproject.org/wiki/Changes/BIND9.16
2021-01-14 23:21:23 +01:00
Petr Menšík
ddf24a90e3
Update to 9.16.10
...
Enhancement and bugfix update.
Changes documented at upstream release note:
https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10
2021-01-05 15:16:21 +01:00
Petr Menšík
118269cb8c
Update to 9.11.26
...
Bugfix release, just tweaks in few default values.
https://downloads.isc.org/isc/bind9/9.11.26/RELEASE-NOTES-bind-9.11.26.html
2021-01-04 12:53:08 +01:00
Petr Menšík
1f381a9469
Update to 9.16.9
...
Changes solib version, requires rebuild of dependent packages.
Upstream release notes:
https://downloads.isc.org/isc/bind9/9.16.9/doc/arm/html/notes.html#notes-for-bind-9-16-9
2020-11-26 15:17:59 +01:00
Petr Menšík
ad33c6c095
Update to BIND 9.11.25
...
Moved Red Hat specific changes from generated named.8 file to docbook.
It is regenerated to named.8 during the build.
Release notes: https://downloads.isc.org/isc/bind9/9.11.25/RELEASE-NOTES-bind-9.11.25.html
2020-11-26 13:21:59 +01:00
Petr Menšík
b4711541c2
Update to 9.16.8
...
DNS Flag Day 2020 - reduced default EDNS buffer to 1232.
New rndc dnssec -rollover command.
https://downloads.isc.org/isc/bind9/9.16.8/doc/arm/html/notes.html#notes-for-bind-9-16-8
2020-10-23 20:30:49 +02:00
Petr Menšík
01c5de480b
Update to 9.11.24
...
DNS Flag Day 2020 - default ENDS buffer size changed to 1232.
https://downloads.isc.org/isc/bind9/9.11.24/RELEASE-NOTES-bind-9.11.24.html
2020-10-23 17:20:10 +02:00
Petr Menšík
1d47d2b5c9
Update to 9.11.23
...
Only bugs fixed.
- LOC records parsing fixed
- nonsecurity fixes from fuzzing
upstream release notes:
https://downloads.isc.org/isc/bind9/9.11.23/RELEASE-NOTES-bind-9.11.23.html
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-09-17 23:02:38 +02:00
Petr Menšík
9e7477b3c4
Update to 9.16.7
...
Bugfix release.
https://downloads.isc.org/isc/bind9/9.16.7/doc/arm/html/notes.html#notes-for-bind-9-16-7
2020-09-17 12:11:10 +02:00
Petr Menšík
cb3f3691e4
Update to 9.16.6
...
Release notes:
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
2020-08-22 11:44:09 +02:00
Petr Menšík
745f43ac05
Update to 9.11.22
...
https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html
2020-08-21 10:29:56 +02:00
Petr Menšík
23ca292909
Update to 9.16.5
...
Modifies API of libraries, needs rebuild of dependent packages.
2020-07-15 22:39:37 +02:00
Petr Menšík
146cab7989
Update to 9.11.21
...
Only bugfix release without significant changes.
Release notes at:
https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html
2020-07-15 22:15:32 +02:00
Petr Menšík
2a2d2faeae
fixup! Update to 9.16.4
2020-06-18 14:07:00 +02:00
Petr Menšík
f82859a3a0
Update to 9.11.20
...
Fixes CVE-2020-8619 and few more issues
2020-06-17 22:53:13 +02:00
Petr Menšík
f9201b844d
Update to 9.11.19
...
Includes new CVE fixes
2020-05-25 12:15:44 +02:00
Petr Menšík
1b133224fc
Update to 9.16.2
...
Notes for BIND 9.16.2
Security Fixes
DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574 ]
Known Issues
We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685 ]
Feature Changes
The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179 ]
Bug Fixes
When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447 ]
When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706 ]
2020-04-16 12:38:00 +02:00