SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for bind-utils-9.7.4P1-0.27.6.x86_64.rpm :
Thu Nov 17 13:00:00 2011 ugAATTsuse.de
- Cache lookup could return RRSIG data associated with nonexistent
records, leading to an assertion failure. (bnc#730995)
CVE-2011-4313

Tue Jul 5 14:00:00 2011 ugAATTsuse.de
- Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. This was fixed by disambiguating internal database
representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
(bnc#703907)

Tue May 31 14:00:00 2011 meissnerAATTsuse.de
- Security update to 9.7.3-P1
- fixed a denial of service in RRSIG (CVE-2011-1910 / bnc#696585)
- Updated named.root from internic

Thu Feb 24 13:00:00 2011 ugAATTsuse.de
- fixed security issue
VUL-0: bind: IXFR or DDNS update combined with high query rate
DoS vulnerability (CVE-2011-0414 bnc#674431)
- version to 9.7.3

Wed Jan 5 13:00:00 2011 meissnerAATTsuse.de
- ifdef the sysvinit specific prereqs for openSUSE 11.4 and later

Thu Dec 9 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#656509 - direct mount of /proc in chroot

Tue Dec 7 13:00:00 2010 cooloAATTnovell.com
- prereq init scripts syslog and network

Thu Dec 2 13:00:00 2010 ugAATTsuse.de
- fixed VUL-0: bind: Key algorithm rollover bug
bnc#657102, CVE-2010-3614
- fixed VUL-0: bind: allow-query processed incorrectly
bnc#657120, CVE-2010-3615
- fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type
bnc#657129, CVE-2010-3613

Tue Nov 23 13:00:00 2010 ugAATTsuse.de
- fixed return code of \"rcnamed status\"
- added gssapi support

Tue Oct 12 14:00:00 2010 ugAATTsuse.de
- Zones may be dynamically added and removed with the \"rndc addzone\"
and \"rndc delzone\" commands. These dynamically added zones are
written to a per-view configuration file. Do not rely on the
configuration file name nor contents as this will change in a
future release. This is an experimental feature at this time.
- Added new \"filter-aaaa-on-v4\" access control list to select which
IPv4 clients have AAAA record filtering applied.
- A new command \"rndc secroots\" was added to dump a combined summary
of the currently managed keys combined with statically configured
trust anchors.
- Added support to load new keys into managed zones without signing
immediately with \"rndc loadkeys\". Added support to link keys with
\"dnssec-keygen -S\" and \"dnssec-settime -S\".
- Documentation improvements
- ORCHID prefixes were removed from the automatic empty zone list.
- Improved handling of GSSAPI security contexts. Specifically, better
memory management of cached contexts, limited lifetime of a context
to 1 hour, and added a \"realm\" command to nsupdate to allow
selection of a non-default realm name.
- The contributed tool \"ztk\" was updated to version 1.0.
- version 9.7.1 to 9.7.2-P2

Mon Jul 26 14:00:00 2010 ugAATTsuse.de
- chrooted bind failed to start (bnc#625019)

Mon Jun 21 14:00:00 2010 ugAATTsuse.de
- genrandom: add support for the generation of multiple
files.
- Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13.
- Incrementally write the master file after performing
a AXFR.
- Add AAAA address for L.ROOT-SERVERS.NET.
- around 50 bugs fixed (see CHANGELOG for details)
- version 9.7.1

Thu May 20 14:00:00 2010 ugAATTsuse.de
- Handle broken DNSSEC trust chains better. [RT #15619]
- Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131
- version 9.7.0-P2

Sat May 1 14:00:00 2010 ajAATTsuse.de
- Handle /var/run on tmpfs.
- do not use run_ldconfig.

Wed Feb 24 13:00:00 2010 jengelhAATTmedozas.de
- Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch

Wed Feb 17 13:00:00 2010 ugAATTsuse.de
- Fully automatic signing of zones by \"named\".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the \"ddns-confgen\"
command line tool or the \"local\" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option \"attach-cache\" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The \"statistics-channels\" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A \"tools only\" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
- version 9.7.0

Wed Jan 20 13:00:00 2010 ugAATTsuse.de
- [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
- [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
- [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
- version 9.6.1-P3

Mon Jan 4 13:00:00 2010 ugAATTsuse.de
- removed the syntax check for include files (bnc#567593)

Tue Dec 15 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- enable parallel building
- add baselibs for SPARC
- package documentation as noarch

Wed Nov 25 13:00:00 2009 ugAATTsuse.de
- Security fix
When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
CVE-2009-4022
bnc#558260
- update from P1 to P2

Fri Nov 20 13:00:00 2009 ugAATTsuse.de
- added localhost for ipv6 to default config (bnc#539529)

Wed Nov 18 13:00:00 2009 ugAATTsuse.de
- fixed apparmor profile (bnc#544181)

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Wed Sep 30 14:00:00 2009 ugAATTsuse.de
- using start_daemon instead of startproc (bnc#539532)

Mon Aug 10 14:00:00 2009 ugAATTsuse.de
- version update to 9.6.1-P1
(security fix CVE-2009-0696)
bnc#526185

Tue Jun 30 14:00:00 2009 ugAATTsuse.de
- enabled MySQL DLZ (Dynamically Loadable Zones)

Tue Jun 16 14:00:00 2009 ugAATTsuse.de
- around 50 bugfixes against 9.6.0p1
See changelog for details
- version 9.6.1

Thu Apr 9 14:00:00 2009 ugAATTsuse.de
- not all include files were copied into chroot (bnc#466800)

Tue Mar 3 13:00:00 2009 ugAATTsuse.de
- /etc/named.conf does not include /etc/named.d/forwarders.conf
by default (bnc#480334)


 
ICM