rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity
1,098 Commits 7 Branches 58 Tags 5.5 MiB
782e6f0ca5
Commit Graph

150 Commits

Author SHA1 Message Date
Petr Menšík
6e3b160e37 Update to BIND 9.11.18 
From Upstream Release notes:

Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]
 2020-04-16 10:53:28 +02:00
Petr Menšík
c223e3e275 Update to 9.11.17 
Updated a bit SDB related patches.
 2020-03-31 20:37:08 +02:00
Petr Menšík
b626a2bfa5 Compilable 9.16.1 package 
Updated from 9.14 to 9.16.1.
Disabled SIGCHASE, since it no longer exists.
Disabled PKCS11 native build for now
Disabled EXPORT_LIBS

No longer ships isc-config.sh, missing it.
 2020-03-27 11:28:11 +01:00
Petr Menšík
2dbb099871 Update to 9.14.4 
Current latest version fixes unit tests.
 2020-03-27 11:20:45 +01:00
Petr Menšík
23657868e6 Update to 9.11.14 
Includes ThreadSanitizer fixes already included as downstream patches.
Adjusts serve-stale patch, one new statistics.
 2019-12-19 18:43:23 +01:00
Petr Menšík
74b53c3a58 Update to 9.11.13 2019-11-25 21:06:06 +01:00
Petr Menšík
d0053ae530 Update to 9.11.12 (#1557762) 2019-10-21 14:26:32 +02:00
Petr Menšík
69b861316f Update to 9.11.11 
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
  cause unexpected results; this has been fixed. [GL #1106]

- named-checkconf now checks DNS64 prefixes
  to ensure bits 64-71 are zero. [GL #1159]

- named-checkconf could crash during configuration
  if configured to use "geoip continent" ACLs with
  legacy GeoIP. [GL #1163]

- named-checkconf now correctly reports missing
  dnstap-output option when
  dnstap is set. [GL #1136

- Handle ETIMEDOUT error on connect() with a non-blocking
  socket. [GL #1133]
 2019-09-25 21:24:23 +02:00
Petr Menšík
72f1dad845 Update to BIND 9.11.10 2019-08-27 21:39:46 +02:00
Petr Menšík
afa1fa2af7 Update to 9.11.9 2019-08-08 12:16:51 +02:00
Petr Menšík
16ecf0736f Update to 9.11.8 
Contains:
5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
			that could cause an assertion failure if a
			significant number of incoming packets were
			rejected. (CVE-2019-6471) [GL #942]

5241.	[bug]		Fix Ed448 private and public key ASN.1 prefix blobs.
			[GL #225]

5237.	[bug]		Recurse to find the root server list with 'dig +trace'.
			[GL #1028]
 2019-07-02 11:10:03 +02:00
Petr Menšík
625ca235be Update to BIND 9.11.7 
Fixes trusted-keys and managed-keys using the same filename.

https://downloads.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
 2019-06-10 10:41:28 +02:00
Petr Menšík
4b42a5c162 5200. [security] tcp-clients settings could be exceeded in some cases, 
which could lead to exhaustion of file descriptors.
                        (CVE-2018-5743) [GL #615]
 2019-05-02 14:49:56 +02:00
Petr Menšík
2aa49f0cec Update to 9.11.6 
Update lastest release, patches not yet adepted for it.
 2019-03-05 14:35:50 +01:00
Petr Menšík
321554b987 Update to BIND 9.11.5-P4 
Add also PGP signature as part of repository.
 2019-02-22 19:40:00 +01:00
Petr Menšík
6fee3d63e9 Remove revoked KSK 19164 from trusted root keys 2019-02-15 19:50:20 +01:00
Petr Menšík
13f8f23ec5 Update to 9.11.5-P1 2019-01-28 00:47:11 +01:00
Petr Menšík
ad7b3b8f12 Update to 9.11.5 
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
 2018-11-05 18:12:29 +01:00
Petr Menšík
0b3ef49c00 Update to bind-9.11.4-P2 2018-09-20 11:38:06 +02:00
Petr Menšík
35334375ff Update to 9.11.4-P1 
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
 2018-08-09 13:13:02 +02:00
Petr Menšík
a38c250807 Update to 9.11.4 
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-07-13 14:14:38 +02:00
Petr Menšík
b8176e5eb4 Update named.ca 2018-04-05 16:38:16 +02:00
Petr Menšík
86ff90b834 Rebase to 9.11.3 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-03-21 17:59:41 +01:00
Petr Menšík
cb2172301b Rebase to 9.11.3b1 
Remove merged upstream patches

Signed-off-by: Petr Menšík <pemensik@redhat.com>

Update new so names
 2018-02-17 09:29:59 +01:00
Petr Menšík
7556fb076a Fix CVE-2017-3145, rebase to 9.11.2-P1 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-01-16 23:38:29 +01:00
Petr Menšík
5d8eb8cf1d Update named.ca, move named.conf out of config archive 2017-08-16 22:47:09 +02:00
Petr Menšík
7584e54e6c Update to 9.11.2 2017-08-14 12:17:30 +02:00
Petr Menšík
79d28ed32a Update to 9.11.2b1 2017-08-08 17:14:41 +02:00
Petr Menšík
e42c700db9 Update to 9.11.1-P3 2017-07-10 10:21:43 +02:00
Petr Menšík
85d0fb613e Update to 9.11.1-P2 2017-06-30 16:06:24 +02:00
Petr Menšík
08bdf0ebe6 Update to 9.11.1-P1 2017-06-15 17:19:36 +02:00
Petr Menšík
09e4b5788e - Update to 9.11.0-P5 
- Use BINDVERSION for upstream version

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-04-18 10:51:38 +02:00
Petr Menšík
bbe4229562 Update to 9.11.0-P3 2017-02-10 09:20:33 +01:00
Petr Menšík
f696d69809 Update to 9.11.0-P2 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-01-12 16:09:05 +01:00
Michal Ruprich
d886cd072d Update to 9.11.0-P1 2016-11-16 08:46:09 +01:00
Petr Menšík
e94c66494e Update to 9.10.4-P4 2016-11-08 16:31:48 +01:00
Tomas Hozza
27a8e54aa7 Update to 9.10.4-P3 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-09-29 10:23:55 +02:00
Michal Ruprich
02e0755d17 Update to 9.10.4-P2 
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
 2016-07-20 13:51:14 +02:00
Tomas Hozza
3fed71e579 Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
Tomas Hozza
83466f11b9 Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-03-11 15:02:53 +01:00
Tomas Hozza
4f7493080f Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 (#1300051) 2016-01-21 09:51:24 +01:00
Tomas Hozza
1a8262dde0 Commented out bindkeys-file statement in default configuration (#1223365#c3) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-01-06 14:46:32 +01:00
Tomas Hozza
703982aa78 Update to 9.10.3-P2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-12-16 15:39:32 +01:00
Tomas Hozza
caf3603af7 Update to 9.10.3 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-09-17 16:17:35 +02:00
Tomas Hozza
a3771cee48 Update to 9.10.3rc1 (#1259690) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-09-04 01:50:26 +02:00
Tomas Hozza
d6c0550f5c Update to 9.10.2-P3 to fix CVE-2015-5477 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-29 10:53:07 +02:00
Tomas Hozza
1d29922e18 Update to 9.10.2-P2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-09 12:13:13 +02:00
Tomas Hozza
5196f25446 Update to 9.10.2-P1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-06-19 20:48:19 +02:00
Tomas Hozza
71f9fb4731 Utilize system-wide crypto-policies (#1179925) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-22 19:09:39 +02:00
Tomas Hozza
c501776f39 Don't use ISC's DLV by default (#1223365) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-22 17:45:37 +02:00
Tomas Hozza
be760938ec update to 9.10.2 stable 
- remove parallel-build patch after discussion with upstream [ISC-Bugs #38739]

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-03-05 13:01:25 +01:00
Tomas Hozza
f3967f6469 update to 9.10.2rc2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-02-23 09:59:32 +01:00
Tomas Hozza
4e2098e221 update to 9.10.2rc1 
- fix nsupdate server auto-detection (#1184151)
- drop merged patch bind99-rh985918.patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-02-02 12:39:57 +01:00
Tomas Hozza
4fa9972d29 Update to 9.10.1-P1 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-01-14 12:47:51 +01:00
Tomas Hozza
460bee9b36 Update to 9.9.6-P1 (CVE-2014-8500) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-12-09 19:01:49 +01:00
Tomas Hozza
b746061914 Update to 9.9.6 
- drop merged patches and rebase some of existing patches

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-10-03 11:21:38 +02:00
Tomas Hozza
7809ef4347 Update to 9.9.5-P1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-06-12 16:05:32 +02:00
Tomas Hozza
7ebf9a3e72 Update to 9.9.5 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-02-13 09:31:31 +01:00
Tomas Hozza
fb62390fbb update to 9.9.5rc2 
- merged patches dropped
- some patches rebased to the new version

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-01-24 13:08:12 +01:00
Tomas Hozza
abe4be5502 Update to bind-9.9.5b1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-01-06 15:06:20 +01:00
Tomas Hozza
93a69bb161 Added session-keyfile statement into default named.conf since we use /run/named 
Since we don't use default /var/run/named path for PID file, we should not
use it also for Dynamic DNS session key.

Therefore the following line was added into the named.conf:
session-keyfile "/run/named/session.key";

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-10-30 12:45:06 +01:00
Tomas Hozza
55d3302131 Update to bind-9.9.4 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-09-23 09:26:20 +02:00
Tomas Hozza
d010f7191d update to bind-9.9.4rc2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-09-09 12:35:04 +02:00
Tomas Hozza
65cc9d95ad update to bind-9.9.4rc1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-08-05 15:28:53 +02:00
Tomas Hozza
37d1c73624 update to bind-9.9.4b1 
- drop merged RRL patch
- drop merged stat.h patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-07-15 13:58:12 +02:00
Tomas Hozza
0c054b2ac8 update to 9.9.3-P1 (fix for CVE-2013-3919) 
- update RRL patch to 9.9.3-P1-rl.156.01

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-06-05 09:52:49 +02:00
Tomas Hozza
1bf060007d update to 9.9.3 
- install dns/update.h header

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-06-03 09:47:13 +02:00
Tomas Hozza
60039a5407 update to 9.9.3rc2 
- part of bind97-exportlib.patch not needed any more
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
- bind99-opts.patch merged

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-05-13 12:50:46 +02:00
Tomas Hozza
d0fda06135 Include recursion Warning in named.conf and named.conf.sample (#740894) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-05-03 12:50:12 +02:00
Adam Tkac
c9b9417fb2 Update to 9.9.3rc1 
- bind-96-libtool2.patch has been merged
- fix bind tmpfiles.d for named.pid /run migration (#920713)

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2013-04-16 15:42:36 +02:00
Tomas Hozza
31f953d106 New upstream patch version fixing CVE-2013-2266 (#928032) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-03-27 12:57:26 +01:00
Adam Tkac
2043f0c3c9 Move pidfile to /run/named/named.pid 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2013-03-19 16:03:18 +01:00
Tomas Hozza
619831eeff Corrected IP addresses in named.ca (#901741) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-01-28 16:12:15 +01:00
Tomas Hozza
e73262808d update to bind-9.9.2-P1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2012-12-05 09:30:24 +01:00
Adam Tkac
d6323c1def Update to 9.9.2 
- bind97-rh714049.patch has been dropped
- patches merged
  - bind98-rh816164.patch

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-10-11 13:34:19 +02:00
Adam Tkac
51e3f36892 Update to bind-9.9.1-P3 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-09-13 17:16:08 +02:00
Adam Tkac
06bfaa4fef Update to 9.9.1-P2 
Signed-off-by: Adam Tkac <vonsch@gmail.com>
 2012-07-26 13:55:23 +02:00
Adam Tkac
cf5dc7323a Update to 9.9.1-P1 (CVE-2012-1667) 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-06-04 15:59:21 +02:00
Adam Tkac
475645f00d Update to 9.9.1 
- bind99-coverity.patch merged
- bind-9.5-overflow.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-05-24 14:50:55 +02:00
Adam Tkac
dabddcf2c7 Update to 9.9.0 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-03-05 13:50:52 +01:00
Adam Tkac
124c3fc2f1 Update to 9.9.0rc2 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-02-01 12:22:27 +01:00
Adam Tkac
c7d6bc15c0 Update to 9.9.0rc1 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2012-01-12 11:31:27 +01:00
Adam Tkac
8e38086c4b Update to 9.9.0b2 (CVE-2011-4313) 
Patches merged
- bind97-rh700097.patch
- bind99-cinfo.patch

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-11-22 13:57:57 +01:00
Adam Tkac
928d804219 Upload 9.9.0b1 tarball. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-11-14 11:11:50 +01:00
Adam Tkac
771823363d Update to 9.8.1 and fix some bugs 
- ship /etc/trusted-key.key (needed by dig)
- use select instead of epoll in export libs (#735103)

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-09-07 19:09:25 +02:00
Adam Tkac
86c080f6b6 Rebase to 9.8.1rc1 and update patches. 
bind97-cleanup.patch, bind97-rh674334.patch and bind98-includes.patch were
merged.

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-08-31 15:00:04 +02:00
Adam Tkac
796ae3f199 Update to 9.8.0-P4 
- bind98-libdns-export.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-07-05 21:00:37 +02:00
Adam Tkac
136022b9f3 Update to 9.8.0-P2 (CVE-2011-1910) 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-05-27 10:24:33 +02:00
Adam Tkac
a3e9bb8bda Update to 9.8.0-P1 (CVE-2011-1907). 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-05-06 11:18:17 +02:00
Adam Tkac
8bf97dc309 Update to 9.8.0. 
- bind97-rh665971.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-03-03 13:36:09 +01:00
Adam Tkac
5bc2b4b996 Update to 9.8.0rc1. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-02-21 17:34:54 +01:00
Adam Tkac
9dbbf53ecc Update to 9.7.3 + minor fixes. 
- fix dig +trace on dualstack systems (#674334)
- fix linkage order when building on system with older BIND (#665971)
- reduce number of gcc warnings

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-02-18 15:41:12 +01:00
Adam Tkac
2ccdf60e3a Update to 9.7.3rc1. 
- bind97-krb5-self.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-01-25 11:18:27 +01:00
Adam Tkac
bd297885de Update to 9.7.3b1. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2011-01-05 14:05:48 +01:00
Adam Tkac
3afaba74d9 Update to 9.7.2-P3. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2010-12-02 10:02:35 +01:00
Adam Tkac
5751312c59 Update to 9.7.2-P2. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2010-09-29 09:43:30 +02:00
Adam Tkac
85ba863cb7 Update to 9.7.2. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2010-09-16 10:59:29 +02:00
Adam Tkac
be7323a92d Update to 9.7.2rc1. 
Signed-off-by: Adam Tkac <atkac@redhat.com>
 2010-08-27 10:48:01 +02:00
Adam Tkac
62ad4d6446 - update to 9.7.2b1 
- patches merged
  - bind97-rh507429.patch
 2010-08-03 15:00:08 +02:00
Fedora Release Engineering
fcc67a64f4 dist-git conversion 2010-07-28 10:58:17 +00:00