Commit Graph

214 Commits

Author SHA1 Message Date
Petr Menšík
9b329d0dd6 Update to 9.18.10 (#2143258)
https://downloads.isc.org/isc/bind9/9.18.10/doc/arm/html/notes.html#notes-for-bind-9-18-10
2023-01-16 14:32:06 +01:00
Petr Menšík
5e42931b09 Update to 9.18.9 (#2143258)
https://downloads.isc.org/isc/bind9/9.18.9/doc/arm/html/notes.html#notes-for-bind-9-18-9
2022-11-21 12:39:51 +01:00
Petr Menšík
99fd53a106 Update to 9.18.8 (#2136100)
https://downloads.isc.org/isc/bind9/9.18.8/doc/arm/html/notes.html#notes-for-bind-9-18-8
2022-10-22 22:07:38 +02:00
Petr Menšík
bbdbcbc779 Update to 9.18.7 (#2128609)
https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7
2022-09-21 15:54:53 +02:00
Petr Menšík
c0c776f659 Update to 9.18.6 (#2119132)
https://downloads.isc.org/isc/bind9/9.18.6/doc/arm/html/notes.html#notes-for-bind-9-18-6
2022-08-30 20:07:05 +02:00
Petr Menšík
66ddbbdf47 Update to 9.18.5 (#2109170)
https://downloads.isc.org/isc/bind9/9.18.5/doc/arm/html/notes.html#notes-for-bind-9-18-5

Changes NSEC3 default count to zero.
2022-08-03 20:38:49 +02:00
Petr Menšík
8a47aa2c75 Import version from branch v9_18
Uses git checkout 38726e67340b2b60715fa2f342dc800273d3772f -- .

Remove unused patches from distgit.
2022-08-03 20:37:06 +02:00
Petr Menšík
f887e16911 Update to 9.16.30 (#2097312)
https://downloads.isc.org/isc/bind9/9.16.30/doc/arm/html/notes.html#notes-for-bind-9-16-30
2022-06-20 14:21:46 +02:00
Petr Menšík
bb1dcf68da Update to 9.16.29
Previously, CDS and CDNSKEY DELETE records were removed from
the zone when configured with the auto-dnssec maintain; option.
This has been fixed. [GL #2931]

https://downloads.isc.org/isc/bind9/9.16.29/doc/arm/html/notes.html#notes-for-bind-9-16-29

Resolves: rhbz#2087920
2022-05-26 23:14:06 +02:00
Petr Menšík
0cc36e95a3 Update to 9.16.28 (#2076941)
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
2022-04-20 18:07:44 +02:00
Petr Menšík
e52a502150 Upgrade to 9.16.27 (#2055120)
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27

Resolves: CVE-2021-25220 CVE-2022-0396
2022-03-18 11:13:18 +01:00
Petr Menšík
74f70469b1 Update to 9.16.26 (#2055120) 2022-02-17 23:21:17 +01:00
Petr Menšík
11207651f7 Update to 9.16.25 (#2042504)
- Reduced memory usage on machines with many CPU cores.
- Offline ZSK expired signatures would be signed by KSK instead
- Inline signed zone could be saved without serial, causing error after
  restart

https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html#notes-for-bind-9-16-25
2022-01-21 21:56:02 +01:00
Petr Menšík
13da6470e0 Upload new sources 2021-12-20 11:37:38 +01:00
Petr Menšík
f8d4aed3a6 Update 9.16.23
Reloading a catalog zone which referenced a missing/deleted member zone
triggered a runtime check failure, causing named to exit prematurely.
This has been fixed. [GL #2308]

https://downloads.isc.org/isc/bind9/9.16.23/doc/arm/html/notes.html#notes-for-bind-9-16-23
2021-11-19 18:42:55 +01:00
Petr Menšík
5a12a8cddc Update to 9.16.22 2021-10-27 20:13:32 +02:00
Petr Menšík
59865beb68 Update to 9.16.21
- Support for HTTPS and SVCB

https://downloads.isc.org/isc/bind9/9.16.21/doc/arm/html/notes.html#notes-for-bind-9-16-21
2021-09-15 12:26:45 +02:00
Petr Menšík
9d509c6973 Update to 9.16.20 (#1995289) 2021-08-19 12:50:40 +02:00
Petr Menšík
3bd7080e53 Update to 9.16.19
Remove support for PREVER and PATCHVER, since upstream no longer
releases them. Simplifies a bit versioning.

Resolves: rhbz#1984627
2021-07-21 22:10:55 +02:00
Petr Menšík
48d8c90e0d Update to 9.16.18
Fixup release after bugs released in 9.16.17.

https://downloads.isc.org/isc/bind9/9.16.18/doc/arm/html/notes.html#notes-for-bind-9-16-18
2021-06-18 16:38:18 +02:00
Petr Menšík
83399543c1 Update to 9.16.17 2021-06-17 16:33:32 +02:00
Petr Menšík
9c54517d6f Update to 9.16.16 (#1954827)
https://downloads.isc.org/isc/bind9/9.16.16/doc/arm/html/notes.html#notes-for-bind-9-16-16
2021-05-21 10:39:29 +02:00
Petr Menšík
f8cb93d57c Update to 9.16.15
Resolves CVE-2021-25215 and CVE-2021-25214.
Removes disable-isc-spnego flag, because custom isc spnego code were
removed with also this flag. It is default (and the only) option now.
2021-04-29 18:13:33 +02:00
Petr Menšík
76074cd59a Update to 9.16.13
Reworked custom redhat version. Complete version is now part of library
names. Libraries are not recommended for any third party application.
They are still required for bind-dyndb-ldap only.

Version of named changed, only suffix -RH is appended to upstream
version. Therefore dig would not contain version
9.6.11-RedHat-9.6.11-1.fc34, but only 9.6.13-RH. Version of fedora build
have to be obtained from rpm -q bind.

Version is now part of library names, bind-libs-lite was merged to
bind-libs. bind-dyndb-ldap needs whole bind, no point to offer smaller
library set just for its dependencies.

Updated also named(8) manual page to match current state of SELinux.
2021-03-25 22:23:27 +01:00
Petr Menšík
f3d54bbf18 Update to 9.16.11 (#1827602)
https://downloads.isc.org/isc/bind9/9.16.11/RELEASE-NOTES-bind-9.16.11.html
2021-01-21 11:34:02 +01:00
Petr Menšík
ddf24a90e3 Update to 9.16.10
Enhancement and bugfix update.

Changes documented at upstream release note:
https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10
2021-01-05 15:16:21 +01:00
Petr Menšík
1f381a9469 Update to 9.16.9
Changes solib version, requires rebuild of dependent packages.

Upstream release notes:
https://downloads.isc.org/isc/bind9/9.16.9/doc/arm/html/notes.html#notes-for-bind-9-16-9
2020-11-26 15:17:59 +01:00
Petr Menšík
b4711541c2 Update to 9.16.8
DNS Flag Day 2020 - reduced default EDNS buffer to 1232.
New rndc dnssec -rollover command.

https://downloads.isc.org/isc/bind9/9.16.8/doc/arm/html/notes.html#notes-for-bind-9-16-8
2020-10-23 20:30:49 +02:00
Petr Menšík
9e7477b3c4 Update to 9.16.7
Bugfix release.

https://downloads.isc.org/isc/bind9/9.16.7/doc/arm/html/notes.html#notes-for-bind-9-16-7
2020-09-17 12:11:10 +02:00
Petr Menšík
cb3f3691e4 Update to 9.16.6
Release notes:
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
2020-08-22 11:44:09 +02:00
Petr Menšík
23ca292909 Update to 9.16.5
Modifies API of libraries, needs rebuild of dependent packages.
2020-07-15 22:39:37 +02:00
Petr Menšík
2a2d2faeae fixup! Update to 9.16.4 2020-06-18 14:07:00 +02:00
Petr Menšík
1b133224fc Update to 9.16.2
Notes for BIND 9.16.2
Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]

Feature Changes

    The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179]

Bug Fixes

    When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447]

    When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706]
2020-04-16 12:38:00 +02:00
Petr Menšík
b626a2bfa5 Compilable 9.16.1 package
Updated from 9.14 to 9.16.1.
Disabled SIGCHASE, since it no longer exists.
Disabled PKCS11 native build for now
Disabled EXPORT_LIBS

No longer ships isc-config.sh, missing it.
2020-03-27 11:28:11 +01:00
Petr Menšík
2dbb099871 Update to 9.14.4
Current latest version fixes unit tests.
2020-03-27 11:20:45 +01:00
Petr Menšík
23657868e6 Update to 9.11.14
Includes ThreadSanitizer fixes already included as downstream patches.
Adjusts serve-stale patch, one new statistics.
2019-12-19 18:43:23 +01:00
Petr Menšík
74b53c3a58 Update to 9.11.13 2019-11-25 21:06:06 +01:00
Petr Menšík
86712fc834 Remove config archive with zone files
Few configuration and zone files were moved into tarball by commit
55b04de09a. It makes tracking of changes difficult, hardens rebases,
makes difficult building without proper lookaside cache. Those files are
tiny, no need to hold them inside compressed binary archive. Move them
out.

Replaces also few places with proper directory macros.
2019-11-04 21:45:08 +01:00
Petr Menšík
d0053ae530 Update to 9.11.12 (#1557762) 2019-10-21 14:26:32 +02:00
Petr Menšík
69b861316f Update to 9.11.11
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
  cause unexpected results; this has been fixed. [GL #1106]

- named-checkconf now checks DNS64 prefixes
  to ensure bits 64-71 are zero. [GL #1159]

- named-checkconf could crash during configuration
  if configured to use "geoip continent" ACLs with
  legacy GeoIP. [GL #1163]

- named-checkconf now correctly reports missing
  dnstap-output option when
  dnstap is set. [GL #1136

- Handle ETIMEDOUT error on connect() with a non-blocking
  socket. [GL #1133]
2019-09-25 21:24:23 +02:00
Petr Menšík
72f1dad845 Update to BIND 9.11.10 2019-08-27 21:39:46 +02:00
Petr Menšík
afa1fa2af7 Update to 9.11.9 2019-08-08 12:16:51 +02:00
Petr Menšík
16ecf0736f Update to 9.11.8
Contains:
5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
			that could cause an assertion failure if a
			significant number of incoming packets were
			rejected. (CVE-2019-6471) [GL #942]

5241.	[bug]		Fix Ed448 private and public key ASN.1 prefix blobs.
			[GL #225]

5237.	[bug]		Recurse to find the root server list with 'dig +trace'.
			[GL #1028]
2019-07-02 11:10:03 +02:00
Petr Menšík
625ca235be Update to BIND 9.11.7
Fixes trusted-keys and managed-keys using the same filename.

https://downloads.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
2019-06-10 10:41:28 +02:00
Petr Menšík
4b42a5c162 5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
                        (CVE-2018-5743) [GL #615]
2019-05-02 14:49:56 +02:00
Petr Menšík
2aa49f0cec Update to 9.11.6
Update lastest release, patches not yet adepted for it.
2019-03-05 14:35:50 +01:00
Petr Menšík
321554b987 Update to BIND 9.11.5-P4
Add also PGP signature as part of repository.
2019-02-22 19:40:00 +01:00
Petr Menšík
6fee3d63e9 Remove revoked KSK 19164 from trusted root keys 2019-02-15 19:50:20 +01:00
Petr Menšík
13f8f23ec5 Update to 9.11.5-P1 2019-01-28 00:47:11 +01:00
Petr Menšík
ad7b3b8f12 Update to 9.11.5
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00