rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity
882 Commits 7 Branches 51 Tags 4.6 MiB
Commit Graph

100 Commits

Author SHA1 Message Date
Petr Menšík f82859a3a0 Update to 9.11.20 
Fixes CVE-2020-8619 and few more issues
 2020-06-17 22:53:13 +02:00
Petr Menšík f9201b844d Update to 9.11.19 
Includes new CVE fixes
 2020-05-25 12:15:44 +02:00
Petr Menšík 6e3b160e37 Update to BIND 9.11.18 
From Upstream Release notes:

Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]
 2020-04-16 10:53:28 +02:00
Petr Menšík c223e3e275 Update to 9.11.17 
Updated a bit SDB related patches.
 2020-03-31 20:37:08 +02:00
Petr Menšík 23657868e6 Update to 9.11.14 
Includes ThreadSanitizer fixes already included as downstream patches.
Adjusts serve-stale patch, one new statistics.
 2019-12-19 18:43:23 +01:00
Petr Menšík 74b53c3a58 Update to 9.11.13 2019-11-25 21:06:06 +01:00
Petr Menšík d0053ae530 Update to 9.11.12 (#1557762) 2019-10-21 14:26:32 +02:00
Petr Menšík 69b861316f Update to 9.11.11 
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
  cause unexpected results; this has been fixed. [GL #1106]

- named-checkconf now checks DNS64 prefixes
  to ensure bits 64-71 are zero. [GL #1159]

- named-checkconf could crash during configuration
  if configured to use "geoip continent" ACLs with
  legacy GeoIP. [GL #1163]

- named-checkconf now correctly reports missing
  dnstap-output option when
  dnstap is set. [GL #1136

- Handle ETIMEDOUT error on connect() with a non-blocking
  socket. [GL #1133]
 2019-09-25 21:24:23 +02:00
Petr Menšík 72f1dad845 Update to BIND 9.11.10 2019-08-27 21:39:46 +02:00
Petr Menšík afa1fa2af7 Update to 9.11.9 2019-08-08 12:16:51 +02:00
Petr Menšík 16ecf0736f Update to 9.11.8 
Contains:
5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
			that could cause an assertion failure if a
			significant number of incoming packets were
			rejected. (CVE-2019-6471) [GL #942]

5241.	[bug]		Fix Ed448 private and public key ASN.1 prefix blobs.
			[GL #225]

5237.	[bug]		Recurse to find the root server list with 'dig +trace'.
			[GL #1028]
 2019-07-02 11:10:03 +02:00
Petr Menšík 625ca235be Update to BIND 9.11.7 
Fixes trusted-keys and managed-keys using the same filename.

https://downloads.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
 2019-06-10 10:41:28 +02:00
Petr Menšík 4b42a5c162 5200. [security] tcp-clients settings could be exceeded in some cases, 
which could lead to exhaustion of file descriptors.
                        (CVE-2018-5743) [GL #615]
 2019-05-02 14:49:56 +02:00
Petr Menšík 2aa49f0cec Update to 9.11.6 
Update lastest release, patches not yet adepted for it.
 2019-03-05 14:35:50 +01:00
Petr Menšík 321554b987 Update to BIND 9.11.5-P4 
Add also PGP signature as part of repository.
 2019-02-22 19:40:00 +01:00
Petr Menšík 6fee3d63e9 Remove revoked KSK 19164 from trusted root keys 2019-02-15 19:50:20 +01:00
Petr Menšík 13f8f23ec5 Update to 9.11.5-P1 2019-01-28 00:47:11 +01:00
Petr Menšík ad7b3b8f12 Update to 9.11.5 
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
 2018-11-05 18:12:29 +01:00
Petr Menšík 0b3ef49c00 Update to bind-9.11.4-P2 2018-09-20 11:38:06 +02:00
Petr Menšík 35334375ff Update to 9.11.4-P1 
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
 2018-08-09 13:13:02 +02:00
Petr Menšík a38c250807 Update to 9.11.4 
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-07-13 14:14:38 +02:00
Petr Menšík b8176e5eb4 Update named.ca 2018-04-05 16:38:16 +02:00
Petr Menšík 86ff90b834 Rebase to 9.11.3 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-03-21 17:59:41 +01:00
Petr Menšík cb2172301b Rebase to 9.11.3b1 
Remove merged upstream patches

Signed-off-by: Petr Menšík <pemensik@redhat.com>

Update new so names
 2018-02-17 09:29:59 +01:00
Petr Menšík 7556fb076a Fix CVE-2017-3145, rebase to 9.11.2-P1 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-01-16 23:38:29 +01:00
Petr Menšík 5d8eb8cf1d Update named.ca, move named.conf out of config archive 2017-08-16 22:47:09 +02:00
Petr Menšík 7584e54e6c Update to 9.11.2 2017-08-14 12:17:30 +02:00
Petr Menšík 79d28ed32a Update to 9.11.2b1 2017-08-08 17:14:41 +02:00
Petr Menšík e42c700db9 Update to 9.11.1-P3 2017-07-10 10:21:43 +02:00
Petr Menšík 85d0fb613e Update to 9.11.1-P2 2017-06-30 16:06:24 +02:00
Petr Menšík 08bdf0ebe6 Update to 9.11.1-P1 2017-06-15 17:19:36 +02:00
Petr Menšík 09e4b5788e - Update to 9.11.0-P5 
- Use BINDVERSION for upstream version

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-04-18 10:51:38 +02:00
Petr Menšík bbe4229562 Update to 9.11.0-P3 2017-02-10 09:20:33 +01:00
Petr Menšík f696d69809 Update to 9.11.0-P2 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-01-12 16:09:05 +01:00
Michal Ruprich d886cd072d Update to 9.11.0-P1 2016-11-16 08:46:09 +01:00
Petr Menšík e94c66494e Update to 9.10.4-P4 2016-11-08 16:31:48 +01:00
Tomas Hozza 27a8e54aa7 Update to 9.10.4-P3 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-09-29 10:23:55 +02:00
Michal Ruprich 02e0755d17 Update to 9.10.4-P2 
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
 2016-07-20 13:51:14 +02:00
Tomas Hozza 3fed71e579 Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
Tomas Hozza 83466f11b9 Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-03-11 15:02:53 +01:00
Tomas Hozza 4f7493080f Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 (#1300051) 2016-01-21 09:51:24 +01:00
Tomas Hozza 1a8262dde0 Commented out bindkeys-file statement in default configuration (#1223365#c3) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-01-06 14:46:32 +01:00
Tomas Hozza 703982aa78 Update to 9.10.3-P2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-12-16 15:39:32 +01:00
Tomas Hozza caf3603af7 Update to 9.10.3 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-09-17 16:17:35 +02:00
Tomas Hozza a3771cee48 Update to 9.10.3rc1 (#1259690) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-09-04 01:50:26 +02:00
Tomas Hozza d6c0550f5c Update to 9.10.2-P3 to fix CVE-2015-5477 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-29 10:53:07 +02:00
Tomas Hozza 1d29922e18 Update to 9.10.2-P2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-09 12:13:13 +02:00
Tomas Hozza 5196f25446 Update to 9.10.2-P1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-06-19 20:48:19 +02:00
Tomas Hozza 71f9fb4731 Utilize system-wide crypto-policies (#1179925) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-22 19:09:39 +02:00
Tomas Hozza c501776f39 Don't use ISC's DLV by default (#1223365) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-22 17:45:37 +02:00