Petr Menšík
146cab7989
Update to 9.11.21
...
Only bugfix release without significant changes.
Release notes at:
https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html
2020-07-15 22:15:32 +02:00
Petr Menšík
f82859a3a0
Update to 9.11.20
...
Fixes CVE-2020-8619 and few more issues
2020-06-17 22:53:13 +02:00
Petr Menšík
f9201b844d
Update to 9.11.19
...
Includes new CVE fixes
2020-05-25 12:15:44 +02:00
Petr Menšík
6e3b160e37
Update to BIND 9.11.18
...
From Upstream Release notes:
Security Fixes
DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574 ]
Known Issues
We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685 ]
2020-04-16 10:53:28 +02:00
Petr Menšík
c223e3e275
Update to 9.11.17
...
Updated a bit SDB related patches.
2020-03-31 20:37:08 +02:00
Petr Menšík
23657868e6
Update to 9.11.14
...
Includes ThreadSanitizer fixes already included as downstream patches.
Adjusts serve-stale patch, one new statistics.
2019-12-19 18:43:23 +01:00
Petr Menšík
74b53c3a58
Update to 9.11.13
2019-11-25 21:06:06 +01:00
Petr Menšík
d0053ae530
Update to 9.11.12 ( #1557762 )
2019-10-21 14:26:32 +02:00
Petr Menšík
69b861316f
Update to 9.11.11
...
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
cause unexpected results; this has been fixed. [GL #1106 ]
- named-checkconf now checks DNS64 prefixes
to ensure bits 64-71 are zero. [GL #1159 ]
- named-checkconf could crash during configuration
if configured to use "geoip continent" ACLs with
legacy GeoIP. [GL #1163 ]
- named-checkconf now correctly reports missing
dnstap-output option when
dnstap is set. [GL #1136
- Handle ETIMEDOUT error on connect() with a non-blocking
socket. [GL #1133 ]
2019-09-25 21:24:23 +02:00
Petr Menšík
72f1dad845
Update to BIND 9.11.10
2019-08-27 21:39:46 +02:00
Petr Menšík
afa1fa2af7
Update to 9.11.9
2019-08-08 12:16:51 +02:00
Petr Menšík
16ecf0736f
Update to 9.11.8
...
Contains:
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942 ]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225 ]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028 ]
2019-07-02 11:10:03 +02:00
Petr Menšík
625ca235be
Update to BIND 9.11.7
...
Fixes trusted-keys and managed-keys using the same filename.
https://downloads.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
2019-06-10 10:41:28 +02:00
Petr Menšík
4b42a5c162
5200. [security] tcp-clients settings could be exceeded in some cases,
...
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615 ]
2019-05-02 14:49:56 +02:00
Petr Menšík
2aa49f0cec
Update to 9.11.6
...
Update lastest release, patches not yet adepted for it.
2019-03-05 14:35:50 +01:00
Petr Menšík
321554b987
Update to BIND 9.11.5-P4
...
Add also PGP signature as part of repository.
2019-02-22 19:40:00 +01:00
Petr Menšík
6fee3d63e9
Remove revoked KSK 19164 from trusted root keys
2019-02-15 19:50:20 +01:00
Petr Menšík
13f8f23ec5
Update to 9.11.5-P1
2019-01-28 00:47:11 +01:00
Petr Menšík
ad7b3b8f12
Update to 9.11.5
...
Bump to higher version, update sources.
More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00
Petr Menšík
0b3ef49c00
Update to bind-9.11.4-P2
2018-09-20 11:38:06 +02:00
Petr Menšík
35334375ff
Update to 9.11.4-P1
...
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
Petr Menšík
a38c250807
Update to 9.11.4
...
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
Petr Menšík
b8176e5eb4
Update named.ca
2018-04-05 16:38:16 +02:00
Petr Menšík
86ff90b834
Rebase to 9.11.3
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
Petr Menšík
cb2172301b
Rebase to 9.11.3b1
...
Remove merged upstream patches
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Update new so names
2018-02-17 09:29:59 +01:00
Petr Menšík
7556fb076a
Fix CVE-2017-3145, rebase to 9.11.2-P1
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-16 23:38:29 +01:00
Petr Menšík
5d8eb8cf1d
Update named.ca, move named.conf out of config archive
2017-08-16 22:47:09 +02:00
Petr Menšík
7584e54e6c
Update to 9.11.2
2017-08-14 12:17:30 +02:00
Petr Menšík
79d28ed32a
Update to 9.11.2b1
2017-08-08 17:14:41 +02:00
Petr Menšík
e42c700db9
Update to 9.11.1-P3
2017-07-10 10:21:43 +02:00
Petr Menšík
85d0fb613e
Update to 9.11.1-P2
2017-06-30 16:06:24 +02:00
Petr Menšík
08bdf0ebe6
Update to 9.11.1-P1
2017-06-15 17:19:36 +02:00
Petr Menšík
09e4b5788e
- Update to 9.11.0-P5
...
- Use BINDVERSION for upstream version
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-04-18 10:51:38 +02:00
Petr Menšík
bbe4229562
Update to 9.11.0-P3
2017-02-10 09:20:33 +01:00
Petr Menšík
f696d69809
Update to 9.11.0-P2
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-12 16:09:05 +01:00
Michal Ruprich
d886cd072d
Update to 9.11.0-P1
2016-11-16 08:46:09 +01:00
Petr Menšík
e94c66494e
Update to 9.10.4-P4
2016-11-08 16:31:48 +01:00
Tomas Hozza
27a8e54aa7
Update to 9.10.4-P3
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-09-29 10:23:55 +02:00
Michal Ruprich
02e0755d17
Update to 9.10.4-P2
...
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
2016-07-20 13:51:14 +02:00
Tomas Hozza
3fed71e579
Update to 9.10.4-P1
2016-05-26 17:23:15 +02:00
Tomas Hozza
83466f11b9
Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-11 15:02:53 +01:00
Tomas Hozza
4f7493080f
Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 ( #1300051 )
2016-01-21 09:51:24 +01:00
Tomas Hozza
1a8262dde0
Commented out bindkeys-file statement in default configuration (#1223365#c3)
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:46:32 +01:00
Tomas Hozza
703982aa78
Update to 9.10.3-P2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-12-16 15:39:32 +01:00
Tomas Hozza
caf3603af7
Update to 9.10.3 stable
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-17 16:17:35 +02:00
Tomas Hozza
a3771cee48
Update to 9.10.3rc1 ( #1259690 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-04 01:50:26 +02:00
Tomas Hozza
d6c0550f5c
Update to 9.10.2-P3 to fix CVE-2015-5477
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-29 10:53:07 +02:00
Tomas Hozza
1d29922e18
Update to 9.10.2-P2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-09 12:13:13 +02:00
Tomas Hozza
5196f25446
Update to 9.10.2-P1
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-19 20:48:19 +02:00
Tomas Hozza
71f9fb4731
Utilize system-wide crypto-policies ( #1179925 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 19:09:39 +02:00