Overview Repositories Revisions Requests Users Attributes Meta

Revisions of bind

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 319467 from Lars Müller's avatar Lars Müller (lmuelle) (revision 108) 
- Update to version 9.10.2-P3
  Security Fixes
  * A specially crafted query could trigger an assertion failure in message.c.
    This flaw was discovered by Jonathan Foote, and is disclosed in
    CVE-2015-5477. [RT #39795]
  * On servers configured to perform DNSSEC validation, an assertion failure
    could be triggered on answers from a specially configured server.
    This flaw was discovered by Breno Silveira Soares, and is disclosed
    in CVE-2015-4620. [RT #39795]
  Bug Fixes
  * Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  * Several bugs have been fixed in the RPZ implementation:
    + Policy zones that did not specifically require recursion could be treated
      as if they did; consequently, setting qname-wait-recurse no; was
      sometimes ineffective. This has been corrected. In most configurations,
      behavioral changes due to this fix will not be noticeable. [RT #39229]
    + The server could crash if policy zones were updated (e.g. via
      rndc reload or an incoming zone transfer) while RPZ processing
      was still ongoing for an active query. [RT #39415]
    + On servers with one or more policy zones configured as slaves, if a
      policy zone updated during regular operation (rather than at startup)
      using a full zone reload, such as via AXFR, a bug could allow the RPZ
      summary data to fall out of sync, potentially leading to an assertion
      failure in rpz.c when further incremental updates were made to the zone,
      such as via IXFR. [RT #39567]
    + The server could match a shorter prefix than what was
      available in CLIENT-IP policy triggers, and so, an unexpected
      action could be taken. This has been corrected. [RT #39481]
    + The server could crash if a reload of an RPZ zone was initiated while
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 317302 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 107) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 313681 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 106) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 305964 from Lars Müller's avatar Lars Müller (lmuelle) (revision 105) 
- Depend on systemd macros and sysvinit on post-12.3 only.
- Create empty lwresd.conf at build time.
- Reduce file list pre-13.1.

- Update to version 9.10.2
  - Handle timeout in legacy system test. [RT #38573]
  - dns_rdata_freestruct could be called on a uninitialised structure when
    handling a error. [RT #38568]
  - Addressed valgrind warnings. [RT #38549]
  - UDP dispatches could use the wrong pseudorandom
    number generator context. [RT #38578]
  - Fixed several small bugs in automatic trust anchor management, including a
    memory leak and a possible loss of key state information. [RT #38458]
  - 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565]
  - Revoking a managed trust anchor and supplying an untrusted replacement
    could cause named to crash with an assertion failure.
    (CVE-2015-1349) [RT #38344]
  - Fix a leak of query fetchlock. [RT #38454]
  - Fix a leak of pthread_mutexattr_t. [RT #38454]
  - RPZ could send spurious SERVFAILs in response
    to duplicate queries. [RT #38510]
  - CDS and CDNSKEY had the wrong attributes. [RT #38491]
  - adb hash table was not being grown. [RT #38470]
- Update bind.keyring
- Update baselibs.conf due to updates to libdns160 and libisc148

- Enable export libraries to support plugin development.
  Install DNSSEC root key.
  Expose new interface for developing dynamic zone database.
  + dns_dynamic_db.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 285623 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 104) 
- PowerPC can build shared libraries for sure.
  idnkit-powerpc-ltconfig.patch (forwarded request 285468 from k0da)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 282345 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 103) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 264811 from Lars Müller's avatar Lars Müller (lmuelle) (revision 102) 
- Corrections to baselibs.conf

- Update to version 9.10.1-P1
  - A flaw in delegation handling could be exploited to put named into an
    infinite loop.  This has been addressed by placing limits on the number of
    levels of recursion named will allow (default 7), and the number of
    iterative queries that it will send (default 50) before terminating a
    recursive query (CVE-2014-8500); (bnc#908994).
    The recursion depth limit is configured via the "max-recursion-depth"
    option, and the query limit via the "max-recursion-queries" option.
    [RT #37580]
  - When geoip-directory was reconfigured during named run-time, the
    previously loaded GeoIP data could remain, potentially causing wrong ACLs
    to be used or wrong results to be served based on geolocation
    (CVE-2014-8680). [RT #37720]; (bnc#908995).
  - Lookups in GeoIP databases that were not loaded could cause an assertion
    failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
  - The caching of GeoIP lookups did not always handle address families
    correctly, potentially resulting in an assertion failure (CVE-2014-8680).
    [RT #37672]; (bnc#908995).

- Convert some hard PreReq to leaner Requires(pre).
- Typographical and orthographic fixes to description texts.

- Fix bashisms in the createNamedConfInclude script.
- Post scripts: remove '-e' option of 'echo' that may be unsupported
  in some POSIX-compliant shells.

- Add openssl engines to the lwresd chroot.
- Add /etc/lwresd.conf with attribute ghost to the list of files.
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 100) 
Split 13.2 from Factory
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 236023 from Sascha Peilicke's avatar Sascha Peilicke (saschpe) (revision 98) 
add stuff for DNSSEC validation to named.conf (forwarded request 235970 from computersalat)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 233016 from Reinhard Max's avatar Reinhard Max (rmax) (revision 97) 
- use %_rundir macro 
- Remove obsolete patch "workaround-compile-problem.diff"
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 215020 from Reinhard Max's avatar Reinhard Max (rmax) (revision 96) 
- Add the sdb-ldap backend module (fate#313216).
- Details can be found here:
  * http://bind9-ldap.bayour.com/
  * http://bind9-ldap.bayour.com/dnszonehowto.html

- Update to version 9.9.4P2
  * Fixes named crash when handling malformed NSEC3-signed zones
    (CVE-2014-0591, bnc#858639)
  * Obsoletes workaround-compile-problem.diff
- Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now
  supported upstream (--enable-rrl).
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 210487 from Reinhard Max's avatar Reinhard Max (rmax) (revision 95) 
- Fix generation of /etc/named.conf.include
  (bnc#828678, bnc#848777, bnc#814978).
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 94) 
Split 13.1 from Factory
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_factory) accepted request 186266 from Reinhard Max's avatar Reinhard Max (rmax) (revision 93) 
- Systemd doesn't set $TERM, and hence breaks tput (bnc#823175).

- Improve pie_compile.diff (bnc#828874).
- dnssec-checkds and dnssec-coverage need python-base.
- disable rpath in libtool.

- Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899.
  * Incorrect bounds checking on private type 'keydata' can lead
    to a remotely triggerable REQUIRE failure.
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 184213 from Reinhard Max's avatar Reinhard Max (rmax) (revision 92) 
- Remove non-working apparmor profiles (bnc#740327).
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 181326 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 90) 
- Updated to 9.9.3-P1
  Various bugfixes and some feature fixes. (see CHANGES files)
  Security and maintenance issues:
  -	[security]	Caching data from an incompletely signed zone could
			trigger an assertion failure in resolver.c [RT #33690]
  -	[security]	Support NAPTR regular expression validation on
			all platforms without using libregex, which
			can be vulnerable to memory exhaustion attack
			(CVE-2013-2266). [RT #32688]
  -	[security]	RPZ rules to generate A records (but not AAAA records)
			could trigger an assertion failure when used in
			conjunction with DNS64 (CVE-2012-5689). [RT #32141]
  -	[bug]		Fixed several Coverity warnings.
			Note: This change includes a fix for a bug that
			was subsequently determined to be an exploitable
			security vulnerability, CVE-2012-5688: named could
			die on specific queries with dns64 enabled.
			[RT #30996]
  -	[maint]		Added AAAA for D.ROOT-SERVERS.NET.
  -	[maint]		D.ROOT-SERVERS.NET is now 199.7.91.13.
- Updated to current rate limiting + rpz patch from 
  http://ss.vix.su/~vjs/rrlrpz.html
- moved dnssec-* helpers to bind-utils package. bnc#813911
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 174827 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 89) 
- Use updated config.guess/sub in the embedded idnkit sources (forwarded request 174818 from Andreas_Schwab)
Displaying revisions 101 - 120 of 208
openSUSE Build Service is sponsored by
Places