Commit Graph

225 Commits

Author SHA1 Message Date
Petr Menšík
69b861316f Update to 9.11.11
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
  cause unexpected results; this has been fixed. [GL #1106]

- named-checkconf now checks DNS64 prefixes
  to ensure bits 64-71 are zero. [GL #1159]

- named-checkconf could crash during configuration
  if configured to use "geoip continent" ACLs with
  legacy GeoIP. [GL #1163]

- named-checkconf now correctly reports missing
  dnstap-output option when
  dnstap is set. [GL #1136

- Handle ETIMEDOUT error on connect() with a non-blocking
  socket. [GL #1133]
2019-09-25 21:24:23 +02:00
Petr Menšík
72f1dad845 Update to BIND 9.11.10 2019-08-27 21:39:46 +02:00
Petr Menšík
afa1fa2af7 Update to 9.11.9 2019-08-08 12:16:51 +02:00
Petr Menšík
16ecf0736f Update to 9.11.8
Contains:
5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
			that could cause an assertion failure if a
			significant number of incoming packets were
			rejected. (CVE-2019-6471) [GL #942]

5241.	[bug]		Fix Ed448 private and public key ASN.1 prefix blobs.
			[GL #225]

5237.	[bug]		Recurse to find the root server list with 'dig +trace'.
			[GL #1028]
2019-07-02 11:10:03 +02:00
Petr Menšík
625ca235be Update to BIND 9.11.7
Fixes trusted-keys and managed-keys using the same filename.

https://downloads.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
2019-06-10 10:41:28 +02:00
Petr Menšík
4b42a5c162 5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
                        (CVE-2018-5743) [GL #615]
2019-05-02 14:49:56 +02:00
Petr Menšík
2aa49f0cec Update to 9.11.6
Update lastest release, patches not yet adepted for it.
2019-03-05 14:35:50 +01:00
Petr Menšík
321554b987 Update to BIND 9.11.5-P4
Add also PGP signature as part of repository.
2019-02-22 19:40:00 +01:00
Petr Menšík
6fee3d63e9 Remove revoked KSK 19164 from trusted root keys 2019-02-15 19:50:20 +01:00
Petr Menšík
13f8f23ec5 Update to 9.11.5-P1 2019-01-28 00:47:11 +01:00
Petr Menšík
ad7b3b8f12 Update to 9.11.5
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00
Petr Menšík
0b3ef49c00 Update to bind-9.11.4-P2 2018-09-20 11:38:06 +02:00
Petr Menšík
35334375ff Update to 9.11.4-P1
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
Petr Menšík
a38c250807 Update to 9.11.4
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
Petr Menšík
b8176e5eb4 Update named.ca 2018-04-05 16:38:16 +02:00
Petr Menšík
86ff90b834 Rebase to 9.11.3
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
Petr Menšík
cb2172301b Rebase to 9.11.3b1
Remove merged upstream patches

Signed-off-by: Petr Menšík <pemensik@redhat.com>

Update new so names
2018-02-17 09:29:59 +01:00
Petr Menšík
7556fb076a Fix CVE-2017-3145, rebase to 9.11.2-P1
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-16 23:38:29 +01:00
Petr Menšík
5d8eb8cf1d Update named.ca, move named.conf out of config archive 2017-08-16 22:47:09 +02:00
Petr Menšík
7584e54e6c Update to 9.11.2 2017-08-14 12:17:30 +02:00
Petr Menšík
79d28ed32a Update to 9.11.2b1 2017-08-08 17:14:41 +02:00
Petr Menšík
e42c700db9 Update to 9.11.1-P3 2017-07-10 10:21:43 +02:00
Petr Menšík
85d0fb613e Update to 9.11.1-P2 2017-06-30 16:06:24 +02:00
Petr Menšík
08bdf0ebe6 Update to 9.11.1-P1 2017-06-15 17:19:36 +02:00
Petr Menšík
09e4b5788e - Update to 9.11.0-P5
- Use BINDVERSION for upstream version

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-04-18 10:51:38 +02:00
Petr Menšík
bbe4229562 Update to 9.11.0-P3 2017-02-10 09:20:33 +01:00
Petr Menšík
f696d69809 Update to 9.11.0-P2
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-12 16:09:05 +01:00
Michal Ruprich
d886cd072d Update to 9.11.0-P1 2016-11-16 08:46:09 +01:00
Petr Menšík
e94c66494e Update to 9.10.4-P4 2016-11-08 16:31:48 +01:00
Tomas Hozza
27a8e54aa7 Update to 9.10.4-P3
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-09-29 10:23:55 +02:00
Michal Ruprich
02e0755d17 Update to 9.10.4-P2
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
2016-07-20 13:51:14 +02:00
Tomas Hozza
3fed71e579 Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
Tomas Hozza
83466f11b9 Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-11 15:02:53 +01:00
Tomas Hozza
4f7493080f Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 (#1300051) 2016-01-21 09:51:24 +01:00
Tomas Hozza
1a8262dde0 Commented out bindkeys-file statement in default configuration (#1223365#c3)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:46:32 +01:00
Tomas Hozza
703982aa78 Update to 9.10.3-P2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-12-16 15:39:32 +01:00
Tomas Hozza
caf3603af7 Update to 9.10.3 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-17 16:17:35 +02:00
Tomas Hozza
a3771cee48 Update to 9.10.3rc1 (#1259690)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-04 01:50:26 +02:00
Tomas Hozza
d6c0550f5c Update to 9.10.2-P3 to fix CVE-2015-5477
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-29 10:53:07 +02:00
Tomas Hozza
1d29922e18 Update to 9.10.2-P2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-09 12:13:13 +02:00
Tomas Hozza
5196f25446 Update to 9.10.2-P1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-19 20:48:19 +02:00
Tomas Hozza
71f9fb4731 Utilize system-wide crypto-policies (#1179925)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 19:09:39 +02:00
Tomas Hozza
c501776f39 Don't use ISC's DLV by default (#1223365)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 17:45:37 +02:00
Tomas Hozza
be760938ec update to 9.10.2 stable
- remove parallel-build patch after discussion with upstream [ISC-Bugs #38739]

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-03-05 13:01:25 +01:00
Tomas Hozza
f3967f6469 update to 9.10.2rc2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 09:59:32 +01:00
Tomas Hozza
a1f249d671 Add the config-12.tar.bz2 to sources
Was removed by fedpkg new-sources

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-02 12:50:00 +01:00
Tomas Hozza
4e2098e221 update to 9.10.2rc1
- fix nsupdate server auto-detection (#1184151)
- drop merged patch bind99-rh985918.patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-02 12:39:57 +01:00
Tomas Hozza
4fa9972d29 Update to 9.10.1-P1 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-14 12:47:51 +01:00
Tomas Hozza
460bee9b36 Update to 9.9.6-P1 (CVE-2014-8500)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-12-09 19:01:49 +01:00
Tomas Hozza
b746061914 Update to 9.9.6
- drop merged patches and rebase some of existing patches

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:38 +02:00
Tomas Hozza
7809ef4347 Update to 9.9.5-P1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:05:32 +02:00
Tomas Hozza
7ebf9a3e72 Update to 9.9.5 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-02-13 09:31:31 +01:00
Tomas Hozza
fb62390fbb update to 9.9.5rc2
- merged patches dropped
- some patches rebased to the new version

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-24 13:08:12 +01:00
Tomas Hozza
abe4be5502 Update to bind-9.9.5b1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-06 15:06:20 +01:00
Tomas Hozza
93a69bb161 Added session-keyfile statement into default named.conf since we use /run/named
Since we don't use default /var/run/named path for PID file, we should not
use it also for Dynamic DNS session key.

Therefore the following line was added into the named.conf:
session-keyfile "/run/named/session.key";

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:45:06 +01:00
Tomas Hozza
55d3302131 Update to bind-9.9.4 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-23 09:26:20 +02:00
Tomas Hozza
d010f7191d update to bind-9.9.4rc2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-09 12:35:04 +02:00
Tomas Hozza
65cc9d95ad update to bind-9.9.4rc1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-05 15:28:53 +02:00
Tomas Hozza
37d1c73624 update to bind-9.9.4b1
- drop merged RRL patch
- drop merged stat.h patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-15 13:58:12 +02:00
Tomas Hozza
0c054b2ac8 update to 9.9.3-P1 (fix for CVE-2013-3919)
- update RRL patch to 9.9.3-P1-rl.156.01

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-05 09:52:49 +02:00
Tomas Hozza
1bf060007d update to 9.9.3
- install dns/update.h header

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 09:47:13 +02:00
Tomas Hozza
60039a5407 update to 9.9.3rc2
- part of bind97-exportlib.patch not needed any more
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
- bind99-opts.patch merged

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-13 12:50:46 +02:00
Tomas Hozza
d0fda06135 Include recursion Warning in named.conf and named.conf.sample (#740894)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-03 12:50:12 +02:00
Adam Tkac
c9b9417fb2 Update to 9.9.3rc1
- bind-96-libtool2.patch has been merged
- fix bind tmpfiles.d for named.pid /run migration (#920713)

Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-04-16 15:42:36 +02:00
Tomas Hozza
31f953d106 New upstream patch version fixing CVE-2013-2266 (#928032)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-03-27 12:57:26 +01:00
Adam Tkac
2043f0c3c9 Move pidfile to /run/named/named.pid
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-19 16:03:18 +01:00
Tomas Hozza
619831eeff Corrected IP addresses in named.ca (#901741)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-01-28 16:12:15 +01:00
Tomas Hozza
e73262808d update to bind-9.9.2-P1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2012-12-05 09:30:24 +01:00
Adam Tkac
d6323c1def Update to 9.9.2
- bind97-rh714049.patch has been dropped
- patches merged
  - bind98-rh816164.patch

Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-10-11 13:34:19 +02:00
Adam Tkac
51e3f36892 Update to bind-9.9.1-P3
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-09-13 17:16:08 +02:00
Adam Tkac
06bfaa4fef Update to 9.9.1-P2
Signed-off-by: Adam Tkac <vonsch@gmail.com>
2012-07-26 13:55:23 +02:00
Adam Tkac
cf5dc7323a Update to 9.9.1-P1 (CVE-2012-1667)
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-06-04 15:59:21 +02:00
Adam Tkac
475645f00d Update to 9.9.1
- bind99-coverity.patch merged
- bind-9.5-overflow.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-05-24 14:50:55 +02:00
Adam Tkac
dabddcf2c7 Update to 9.9.0
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-03-05 13:50:52 +01:00
Adam Tkac
124c3fc2f1 Update to 9.9.0rc2
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-02-01 12:22:27 +01:00
Adam Tkac
c7d6bc15c0 Update to 9.9.0rc1
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-01-12 11:31:27 +01:00
Adam Tkac
8e38086c4b Update to 9.9.0b2 (CVE-2011-4313)
Patches merged
- bind97-rh700097.patch
- bind99-cinfo.patch

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-11-22 13:57:57 +01:00
Adam Tkac
928d804219 Upload 9.9.0b1 tarball.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-11-14 11:11:50 +01:00
Adam Tkac
771823363d Update to 9.8.1 and fix some bugs
- ship /etc/trusted-key.key (needed by dig)
- use select instead of epoll in export libs (#735103)

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-09-07 19:09:25 +02:00
Adam Tkac
86c080f6b6 Rebase to 9.8.1rc1 and update patches.
bind97-cleanup.patch, bind97-rh674334.patch and bind98-includes.patch were
merged.

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-08-31 15:00:04 +02:00
Adam Tkac
796ae3f199 Update to 9.8.0-P4
- bind98-libdns-export.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-07-05 21:00:37 +02:00
Adam Tkac
136022b9f3 Update to 9.8.0-P2 (CVE-2011-1910)
Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-05-27 10:24:33 +02:00
Adam Tkac
a3e9bb8bda Update to 9.8.0-P1 (CVE-2011-1907).
Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-05-06 11:18:17 +02:00
Adam Tkac
8bf97dc309 Update to 9.8.0.
- bind97-rh665971.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-03-03 13:36:09 +01:00
Adam Tkac
5bc2b4b996 Update to 9.8.0rc1.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-02-21 17:34:54 +01:00
Adam Tkac
9dbbf53ecc Update to 9.7.3 + minor fixes.
- fix dig +trace on dualstack systems (#674334)
- fix linkage order when building on system with older BIND (#665971)
- reduce number of gcc warnings

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-02-18 15:41:12 +01:00
Adam Tkac
2ccdf60e3a Update to 9.7.3rc1.
- bind97-krb5-self.patch merged

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-01-25 11:18:27 +01:00
Adam Tkac
bd297885de Update to 9.7.3b1.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-01-05 14:05:48 +01:00
Adam Tkac
3afaba74d9 Update to 9.7.2-P3.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2010-12-02 10:02:35 +01:00
Adam Tkac
5751312c59 Update to 9.7.2-P2.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2010-09-29 09:43:30 +02:00
Adam Tkac
9e44db5563 Re-add config-8.tar.bz2 into sources.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2010-09-16 11:24:53 +02:00
Adam Tkac
85ba863cb7 Update to 9.7.2.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2010-09-16 10:59:29 +02:00
Adam Tkac
be7323a92d Update to 9.7.2rc1.
Signed-off-by: Adam Tkac <atkac@redhat.com>
2010-08-27 10:48:01 +02:00
Adam Tkac
62ad4d6446 - update to 9.7.2b1
- patches merged
  - bind97-rh507429.patch
2010-08-03 15:00:08 +02:00
Adam Tkac
f9d514a29a - supply root zone DNSKEY in default configuration 2010-07-19 14:24:14 +00:00
Adam Tkac
0ebd48a0e0 - update to 9.7.1-P2 (CVE-2010-0213) 2010-07-19 07:46:45 +00:00
Adam Tkac
6f55351f41 - update to 9.7.1-P1 2010-07-09 10:51:48 +00:00
Adam Tkac
de6201fdf2 - update to 9.7.1
- improve the "dnssec-conf" trigger
2010-06-28 11:23:34 +00:00
Adam Tkac
24bc8d6871 - upload the 9.7.1rc1 tarball and update sources and .cvsignore files
appropriately
2010-06-09 10:32:54 +00:00
Adam Tkac
5a5b2a1167 - update to 9.7.1b1
- make /var/named/dynamic as a default directory for managed DNSSEC keys
- add patch to get "managed-keys-directory" option working
- patches merged
- bind97-managed-keyfile.patch
- bind97-rh554316.patch
2010-05-31 16:51:40 +00:00