SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for bind-utils-9.8.1P1-4.5.test.1.x86_64.rpm :

* Tue Nov 22 2011 ugAATTsuse.de- fixed apparmor profile for lib and lib64 in chroot (bnc#716745)
* Thu Nov 17 2011 fteodoriAATTsuse.de- Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. (bnc#730995)
* Wed Oct 26 2011 ugAATTsuse.de- on a 64bit system a chrooted bind failed to start if 32bit libs were installed (bnc#716745)
* Fri Sep 30 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Sat Sep 17 2011 jengelhAATTmedozas.de- Remove redundant tags/sections from specfile- Use %_smp_mflags for parallel build
* Fri Sep 16 2011 ugAATTsuse.de- very first restart can create broken chroot (bnc#718441)
* Mon Sep 05 2011 ugAATTsuse.de
* fixed SSL in chroot environment (bnc#715881)
* Mon Sep 05 2011 ugAATTsuse.de
* Added a new include file with function typedefs for the DLZ \"dlopen\" driver. [RT #23629]
* Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096]
* The root key is now provided in the file bind.keys allowing DNSSEC validation to be switched on at start up by adding \"dnssec-validation auto;\" to named.conf. If the root key provided has expired, named will log the expiration and validation will not work. More information and the most current copy of bind.keys can be found at http://www.isc.org/bind-keys.
*Please note this feature was actually added in 9.8.0 but was not included in the 9.8.0 release notes. [RT #21727]
* If named is configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280]
* named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715]
* Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766]
* Change #2912 populated the message section in replies to UPDATE requests, which some Windows clients wanted. This exposed a latent bug that allowed the response message to crash named. With this fix, change 2912 has been reduced to copy only the zone section to the reply. A more complete fix for the latent bug will be released later. [RT #24777]
* many bugfixes (see CHANGELOG)
* 9.8.1
* Wed Aug 31 2011 rhaferAATTsuse.de- Fixed the ldapdump tool to also respect the \"uri\" setting in /etc/openldap/ldap.conf (bnc#710430)
* Tue Jul 05 2011 ugAATTsuse.de
* Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766]
* If named is configured to be both authoritative and resursive and receives a recursive query for a CNAME in a zone that it is authoritative for, if that CNAME also points to a zone the server is authoritative for, the recursive part of name will not follow the CNAME change and the response will not be a complete CNAME chain. [RT #24455]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715] [CVE-2011-1907]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
* 9.8.0-P4
* Tue Jun 07 2011 ugAATTsuse.de- A large RRSET from a remote authoritative server that results in the recursive resolver trying to negatively cache the response can hit an off by one code error in named, resulting in named crashing. [RT #24650] [CVE-2011-1910]- Zones that have a DS record in the parent zone but are also listed in a DLV and won\'t validate without DLV could fail to validate. [RT [#24631]]
* Mon May 23 2011 crrodriguezAATTopensuse.org- Build with -DNO_VERSION_DATE to avoid timestamps in binaries.
* Thu May 19 2011 meissnerAATTsuse.de- buildreq update-desktop-files for newer rpms
* Thu May 05 2011 ugAATTsuse.de- The ADB hash table stores informations about which authoritative servers to query about particular domains- BIND now supports a new zone type, static-stub- BIND now supports Response Policy Zones- BIND 9.8.0 now has DNS64 support- Dynamically Loadable Zones (DLZ) now support dynamic updates.- Added a \"dlopen\" DLZ driver, allowing the creation of external DLZ drivers that can be loaded as shared objects at runtime rather than having to be linked with named- named now retains GSS-TSIG keys across restarts- There is a new update-policy match type \"external\".- bugfixes- version to 9.8.0
* Thu Feb 24 2011 ugAATTsuse.de- fixed security issue VUL-0: bind: IXFR or DDNS update combined with high query rate DoS vulnerability (CVE-2011-0414 bnc#674431)- version to 9.7.3
* Wed Jan 05 2011 meissnerAATTsuse.de- ifdef the sysvinit specific prereqs for openSUSE 11.4 and later
* Thu Dec 09 2010 mvyskocilAATTsuse.cz- fix bnc#656509 - direct mount of /proc in chroot
* Tue Dec 07 2010 cooloAATTnovell.com- prereq init scripts syslog and network
* Thu Dec 02 2010 ugAATTsuse.de- fixed VUL-0: bind: Key algorithm rollover bug bnc#657102, CVE-2010-3614- fixed VUL-0: bind: allow-query processed incorrectly bnc#657120, CVE-2010-3615- fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type bnc#657129, CVE-2010-3613
* Tue Nov 23 2010 ugAATTsuse.de- fixed return code of \"rcnamed status\"- added gssapi support
* Tue Oct 12 2010 ugAATTsuse.de- Zones may be dynamically added and removed with the \"rndc addzone\" and \"rndc delzone\" commands. These dynamically added zones are written to a per-view configuration file. Do not rely on the configuration file name nor contents as this will change in a future release. This is an experimental feature at this time.- Added new \"filter-aaaa-on-v4\" access control list to select which IPv4 clients have AAAA record filtering applied.- A new command \"rndc secroots\" was added to dump a combined summary of the currently managed keys combined with statically configured trust anchors.- Added support to load new keys into managed zones without signing immediately with \"rndc loadkeys\". Added support to link keys with \"dnssec-keygen -S\" and \"dnssec-settime -S\".- Documentation improvements- ORCHID prefixes were removed from the automatic empty zone list.- Improved handling of GSSAPI security contexts. Specifically, better memory management of cached contexts, limited lifetime of a context to 1 hour, and added a \"realm\" command to nsupdate to allow selection of a non-default realm name.- The contributed tool \"ztk\" was updated to version 1.0.- version 9.7.1 to 9.7.2-P2
* Mon Jul 26 2010 ugAATTsuse.de- chrooted bind failed to start (bnc#625019)
* Mon Jun 21 2010 ugAATTsuse.de- genrandom: add support for the generation of multiple files.- Update empty-zones list to match draft-ietf-dnsop-default-local-zones-13.- Incrementally write the master file after performing a AXFR.- Add AAAA address for L.ROOT-SERVERS.NET.- around 50 bugs fixed (see CHANGELOG for details)- version 9.7.1
* Thu May 20 2010 ugAATTsuse.de- Handle broken DNSSEC trust chains better. [RT #15619]- Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131- version 9.7.0-P2
* Sat May 01 2010 ajAATTsuse.de- Handle /var/run on tmpfs.- do not use run_ldconfig.
* Wed Feb 24 2010 jengelhAATTmedozas.de- Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch
* Wed Feb 17 2010 ugAATTsuse.de- Fully automatic signing of zones by \"named\".- Simplified configuration of DNSSEC Lookaside Validation (DLV).- Simplified configuration of Dynamic DNS, using the \"ddns-confgen\" command line tool or the \"local\" update-policy option. (As a side effect, this also makes it easier to configure automatic zone re-signing.)- New named option \"attach-cache\" that allows multiple views to share a single cache.- DNS rebinding attack prevention.- New default values for dnssec-keygen parameters.- Support for RFC 5011 automated trust anchor maintenance- Smart signing: simplified tools for zone signing and key maintenance.- The \"statistics-channels\" option is now available on Windows.- A new DNSSEC-aware libdns API for use by non-BIND9 applications- On some platforms, named and other binaries can now print out a stack backtrace on assertion failure, to aid in debugging.- A \"tools only\" installation mode on Windows, which only installs dig, host, nslookup and nsupdate.- Improved PKCS#11 support, including Keyper support and explicit OpenSSL engine selection.- version 9.7.0
* Wed Jan 20 2010 ugAATTsuse.de- [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819]- [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737]- [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]- version 9.6.1-P3
* Mon Jan 04 2010 ugAATTsuse.de- removed the syntax check for include files (bnc#567593)
* Tue Dec 15 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- enable parallel building- add baselibs for SPARC- package documentation as noarch
* Wed Nov 25 2009 ugAATTsuse.de- Security fix When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] CVE-2009-4022 bnc#558260- update from P1 to P2
* Fri Nov 20 2009 ugAATTsuse.de- added localhost for ipv6 to default config (bnc#539529)
* Wed Nov 18 2009 ugAATTsuse.de- fixed apparmor profile (bnc#544181)
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Wed Sep 30 2009 ugAATTsuse.de- using start_daemon instead of startproc (bnc#539532)
* Mon Aug 10 2009 ugAATTsuse.de- version update to 9.6.1-P1 (security fix CVE-2009-0696) bnc#526185
* Tue Jun 30 2009 ugAATTsuse.de- enabled MySQL DLZ (Dynamically Loadable Zones)
* Tue Jun 16 2009 ugAATTsuse.de- around 50 bugfixes against 9.6.0p1 See changelog for details- version 9.6.1
* Thu Apr 09 2009 ugAATTsuse.de- not all include files were copied into chroot (bnc#466800)
* Tue Mar 03 2009 ugAATTsuse.de- /etc/named.conf does not include /etc/named.d/forwarders.conf by default (bnc#480334)
  
ICM