Commit Graph

136 Commits

Author SHA256 Message Date
7f803cee73 - Updated to current rate limiting + rpz patch from
http://ss.vix.su/~vjs/rrlrpz.html

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=118
2013-06-26 12:27:48 +00:00
306b1609e0 Security and maintenance issues:
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=117
2013-06-26 10:51:54 +00:00
7dbe78dc6a - Use updated config.guess/sub in the embedded idnkit sources
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=116
2013-06-26 10:50:57 +00:00
8591e27de2 - Updated to 9.9.3-P1
Various bugfixes and some feature fixes. (see CHANGES files)
  Security and maintenance issues: 
  -	[security]	Caching data from an incompletely signed zone could
			trigger an assertion failure in resolver.c [RT #33690]
  -	[security]	Support NAPTR regular expression validation on
			all platforms without using libregex, which
			can be vulnerable to memory exhaustion attack
			(CVE-2013-2266). [RT #32688]
  -	[security]	RPZ rules to generate A records (but not AAAA records)
			could trigger an assertion failure when used in
			conjunction with DNS64 (CVE-2012-5689). [RT #32141]
  -	[bug]		Fixed several Coverity warnings.
			Note: This change includes a fix for a bug that
			was subsequently determined to be an exploitable
			security vulnerability, CVE-2012-5688: named could
			die on specific queries with dns64 enabled.
			[RT #30996]
  -	[maint]		Added AAAA for D.ROOT-SERVERS.NET.
  -	[maint]		D.ROOT-SERVERS.NET is now 199.7.91.13.

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=115
2013-06-26 10:50:27 +00:00
e2db8fe61f Accepting request 174818 from devel:ARM:AArch64:Factory
- Use updated config.guess/sub in the embedded idnkit sources

OBS-URL: https://build.opensuse.org/request/show/174818
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=113
2013-05-08 13:45:12 +00:00
eec4a4f40d - Updated to 9.9.2-P2 (bnc#811876)
Fix for: https://kb.isc.org/article/AA-00871 CVE-2013-2266
  * Security Fixes
    Removed the check for regex.h in configure in order to disable regex
    syntax checking, as it exposes BIND to a critical flaw in libregex
    on some platforms. [RT #32688]
- added gpg key source verification

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=111
2013-03-27 12:36:47 +00:00
4d43181a2f OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=109 2012-12-06 15:46:53 +00:00
d414c6c46e OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=108 2012-12-06 15:46:13 +00:00
636c118d37 - Updated to 9.9.2-P1 (bnc#792926)
https://kb.isc.org/article/AA-00828
  * Security Fixes
    Prevents named from aborting with a require assertion failure on
    servers with DNS64 enabled.  These crashes might occur as a result of
    specific queries that are received.  (Note that this fix is a subset
    of a series of updates that will be included in full in BIND 9.8.5
    and 9.9.3 as change #3388, RT #30996).  [CVE-2012-5688] [RT #30792]
    A deliberately constructed combination of records could cause
    named to hang while populating the additional section of a
    response. [CVE-2012-5166] [RT #31090]
    Prevents a named assert (crash) when queried for a record whose
    RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
    Prevents a named assert (crash) when validating caused by using
    "Bad cache" data before it has been initialized. [CVE-2012-3817]
    [RT #30025]
    A condition has been corrected where improper handling of zero-length
    RDATA could cause undesirable behavior, including termination of
    the named process. [CVE-2012-1667]  [RT #29644]
    ISC_QUEUE handling for recursive clients was updated to address a race
    condition that could cause a memory leak. This rarely occurred with
    UDP clients, but could be a significant problem for a server handling
    a steady rate of TCP queries. [CVE-2012-3868]  [RT #29539 & #30233]
New Features
    Elliptic Curve Digital Signature Algorithm keys and signatures in
    DNSSEC are now supported per RFC 6605. [RT #21918]
    Introduces a new tool "dnssec-checkds" command that checks a zone to
    determine which DS records should be published in the parent zone,
    or which DLV records should be published in a DLV zone, and queries
    the DNS to ensure that it exists. (Note: This tool depends on python;

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=107
2012-12-06 08:05:49 +00:00
4161728e00 - added a ratelimiting (draft RFC) patch from Paul Vixie.
see http://www.redbarn.org/dns/ratelimits
  suggested by Stefan Schaefer <stefan@invis-server.org>

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=105
2012-11-18 18:12:17 +00:00
720e0417f1 - unfuzzed patches:
perl-path.diff
  pie_compile.diff
  workaround-compile-problem.diff

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=103
2012-11-15 09:54:51 +00:00
d0bcf798bc Accepting request 141301 from home:msmeissn:branches:network
OBS-URL: https://build.opensuse.org/request/show/141301
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=102
2012-11-14 14:01:06 +00:00
96ef1056ef freshed patches
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=101
2012-11-14 10:31:31 +00:00
d3e988aaee - updated to 9.9.2
https://kb.isc.org/article/AA-00798
  Security:
  * A deliberately constructed combination of records could cause
    named to hang while populating the additional section of a
    response. [CVE-2012-5166] [RT #31090]
  * Prevents a named assert (crash) when queried for a record whose
    RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
  * Prevents a named assert (crash) when validating caused by using "Bad
    cache" data before it has been initialized. [CVE-2012-3817]  [RT #30025]
  * A condition has been corrected where improper handling of zero-length
    RDATA could cause undesirable behavior, including termination of the
    named process. [CVE-2012-1667]  [RT #29644]
  * ISC_QUEUE handling for recursive clients was updated to address a race
    condition that could cause a memory leak. This rarely occurred with
    UDP clients, but could be a significant problem for a server handling
    a steady rate of TCP queries. [CVE-2012-3868]  [RT #29539 & #30233]
  New Features
  * Elliptic Curve Digital Signature Algorithm keys and signatures in
    DNSSEC are now supported per RFC 6605. [RT #21918]
  * Introduces a new tool "dnssec-checkds" command that checks a zone
    to determine which DS records should be published in the parent zone,
    or which DLV records should be published in a DLV zone, and queries
    the DNS to ensure that it exists. (Note: This tool depends on python;
    it will not be built or installed on systems that do not have a python
    interpreter.)  [RT #28099]
  * Introduces a new tool "dnssec-verify" that validates a signed zone,
    checking for the correctness of signatures and NSEC/NSEC3 chains.
    [RT #23673]
  * Adds configuration option "max-rsa-exponent-size <value>;" that can

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=100
2012-11-14 10:25:52 +00:00
c9d0046524 - Specially crafted DNS data can cause a lockup in named.
CVE-2012-5166, bnc#784602.
- 9.9.1-P4

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=98
2012-10-19 12:14:00 +00:00
a16486cc98 - Named could die on specially crafted record.
[RT #30416] (bnc#780157) CVE-2012-4244
- 9.9.1-P3
- updated dnszone-schema.txt from upstream.

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=96
2012-09-15 16:23:25 +00:00
Uwe Gansert
9d3afd5a9e security fix
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=94
2012-07-26 09:55:26 +00:00
Uwe Gansert
9aea24ec0b Accepting request 127699 from home:babelworx:ldig:branches:network
license update: ISC
ISC is generally seen as the correct license for bind

OBS-URL: https://build.opensuse.org/request/show/127699
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=93
2012-07-12 07:46:55 +00:00
Uwe Gansert
d65e10ef0f updates ldap schema
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=91
2012-06-05 14:30:53 +00:00
Uwe Gansert
878d773563 changes file was broken
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=90
2012-06-04 15:26:56 +00:00
Uwe Gansert
6b1a93e719 VUL-0: bind remote DoS via zero length rdata field
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=89
2012-06-04 15:26:08 +00:00
Uwe Gansert
8a196b5476 version 9.9.1
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=87
2012-05-22 08:08:00 +00:00
Uwe Gansert
766b6fb925 assertion failure fix added
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=85
2012-05-10 11:45:20 +00:00
Uwe Gansert
91f038d7f6 version 9.9.0
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=83
2012-05-04 15:07:18 +00:00
Uwe Gansert
a40cfc49bd Accepting request 104301 from devel:openSUSE:Factory:patch-license
patch license to follow spdx.org standard

OBS-URL: https://build.opensuse.org/request/show/104301
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=81
2012-02-13 13:54:04 +00:00
Uwe Gansert
a3097226b3 Accepting request 98618 from home:lmuelle:branches:network
- Ensure to create the required dir or sym link in /var/run; (bnc#738156).
- Cache lookup could return RRSIG data associated with nonexistent
  records, leading to an assertion failure. CVE-2011-4313; (bnc#730995).

OBS-URL: https://build.opensuse.org/request/show/98618
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=80
2012-01-03 15:16:12 +00:00
Uwe Gansert
e15a83c164 root.hint updated
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=79
2011-12-05 15:49:16 +00:00
Uwe Gansert
7fa43cec68 added managed-keys-directory to named.conf
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=78
2011-12-05 11:55:53 +00:00
Uwe Gansert
e0cc3ad3e3 fixed apparmor profile for lib and lib64 in chroot
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=77
2011-11-22 10:38:06 +00:00
Uwe Gansert
d4710ab62f Accepting request 91958 from home:fteodori:branches:network
OBS-URL: https://build.opensuse.org/request/show/91958
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=76
2011-11-17 13:46:40 +00:00
Uwe Gansert
a0157c5696 reverted last changes
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=75
2011-10-27 11:22:47 +00:00
Uwe Gansert
10e1739870 Accepting request 89487 from home:varkoly:branches:network
- bnc#656509 - don't use --bind on /var/lib/ntp/proc

OBS-URL: https://build.opensuse.org/request/show/89487
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=74
2011-10-27 09:28:17 +00:00
Uwe Gansert
f8aa6fe93d bnc#716745
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=71
2011-10-26 09:15:48 +00:00
Pavol Rusnak
5d9eec831c Accepting request 85954 from home:coolo:removelibtool
add libtool as buildrequires so we no longer rely on libtool in the project config of factory - it's only needed by <10% of all packages

OBS-URL: https://build.opensuse.org/request/show/85954
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=69
2011-10-03 11:38:53 +00:00
Lars Vogdt
68b70aa623 Accepting request 82899 from home:jengelh:bl-b
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

OBS-URL: https://build.opensuse.org/request/show/82899
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=68
2011-10-02 00:09:30 +00:00
Uwe Gansert
60deb7c4d8 bnc#718441
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=65
2011-09-16 13:48:57 +00:00
Uwe Gansert
fe71b72655 SSL in chroot fixed
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=63
2011-09-05 09:42:44 +00:00
Uwe Gansert
2c942a86bd 9.8.1
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=62
2011-09-05 08:24:07 +00:00
OBS User buildservice-autocommit
ecc7b8fc2d Updating link to change in openSUSE:Factory/bind revision 69.0
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=6b0160c50b5a7e6bd5d52b0d08e13023
2011-09-01 14:59:03 +00:00
Ralf Haferkamp
184ce3adff Accepting request 80345 from home:rhafer:branches:network
bnc#710430

OBS-URL: https://build.opensuse.org/request/show/80345
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=60
2011-09-01 09:58:02 +00:00
OBS User buildservice-autocommit
c61a563321 Updating link to change in openSUSE:Factory/bind revision 67.0
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=20b08d2f06a5b3973a78780597820b73
2011-08-03 14:09:08 +00:00
Uwe Gansert
2aaf0b182b version 9.8.0-P4
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=58
2011-07-05 14:12:05 +00:00
Uwe Gansert
8748c87af2 fixed SLE10 build
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=57
2011-06-10 14:09:53 +00:00
Uwe Gansert
8253ee2640 version to 9.8.0-P2
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=56
2011-06-07 14:38:49 +00:00
OBS User buildservice-autocommit
32d56c34f2 Updating link to change in openSUSE:Factory/bind revision 65.0
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=01f79c1cc7a94bd86f871022b16673b2
2011-05-26 08:22:01 +00:00
Pavol Rusnak
53283310fb Accepting request 71091 from home:elvigia:branches:network
- Build with -DNO_VERSION_DATE to avoid timestamps in binaries.

OBS-URL: https://build.opensuse.org/request/show/71091
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=54
2011-05-24 15:52:01 +00:00
Pavol Rusnak
c233137225 Accepting request 70688 from home:msmeissn:branches:network
add update-desktop-utils to buildrequires for desktop file

OBS-URL: https://build.opensuse.org/request/show/70688
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=52
2011-05-20 13:34:53 +00:00
Uwe Gansert
9472436310 version to 9.8.0
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=51
2011-05-05 15:02:32 +00:00
Uwe Gansert
87ef585a4f bind-chrootenv requires bind now
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=50
2011-04-15 11:24:35 +00:00
Uwe Gansert
119c0b9548 fixed rcnamed status for missing config files
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=49
2011-04-15 08:57:56 +00:00