- updated to 9.9.2
https://kb.isc.org/article/AA-00798 Security: * A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] * Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] * Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] * A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] * ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-checkds" command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * Adds configuration option "max-rsa-exponent-size <value>;" that can OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=100
This commit is contained in:
Git OBS Bridge
parent
c9d0046524
commit
d3e988aaee
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:18f90727fd9566da037e71569d9b3a4834c96b04d9e75f9899eba0bc88c0868a
|
|
||||||
size 7227655
|
|
||||||
3
bind-9.9.2.tar.gz
Normal file
3
bind-9.9.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48
|
||||||
|
size 7285050
|
||||||
46
bind.changes
46
bind.changes
@ -1,3 +1,49 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 14 10:24:42 UTC 2012 - meissner@suse.com
|
||||||
|
|
||||||
|
- updated to 9.9.2
|
||||||
|
https://kb.isc.org/article/AA-00798
|
||||||
|
|
||||||
|
Security:
|
||||||
|
* A deliberately constructed combination of records could cause
|
||||||
|
named to hang while populating the additional section of a
|
||||||
|
response. [CVE-2012-5166] [RT #31090]
|
||||||
|
* Prevents a named assert (crash) when queried for a record whose
|
||||||
|
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
|
||||||
|
* Prevents a named assert (crash) when validating caused by using "Bad
|
||||||
|
cache" data before it has been initialized. [CVE-2012-3817] [RT #30025]
|
||||||
|
* A condition has been corrected where improper handling of zero-length
|
||||||
|
RDATA could cause undesirable behavior, including termination of the
|
||||||
|
named process. [CVE-2012-1667] [RT #29644]
|
||||||
|
* ISC_QUEUE handling for recursive clients was updated to address a race
|
||||||
|
condition that could cause a memory leak. This rarely occurred with
|
||||||
|
UDP clients, but could be a significant problem for a server handling
|
||||||
|
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
|
||||||
|
|
||||||
|
New Features
|
||||||
|
|
||||||
|
* Elliptic Curve Digital Signature Algorithm keys and signatures in
|
||||||
|
DNSSEC are now supported per RFC 6605. [RT #21918]
|
||||||
|
* Introduces a new tool "dnssec-checkds" command that checks a zone
|
||||||
|
to determine which DS records should be published in the parent zone,
|
||||||
|
or which DLV records should be published in a DLV zone, and queries
|
||||||
|
the DNS to ensure that it exists. (Note: This tool depends on python;
|
||||||
|
it will not be built or installed on systems that do not have a python
|
||||||
|
interpreter.) [RT #28099]
|
||||||
|
* Introduces a new tool "dnssec-verify" that validates a signed zone,
|
||||||
|
checking for the correctness of signatures and NSEC/NSEC3 chains.
|
||||||
|
[RT #23673]
|
||||||
|
* Adds configuration option "max-rsa-exponent-size <value>;" that can
|
||||||
|
be used to specify the maximum rsa exponent size that will be accepted
|
||||||
|
when validating [RT #29228]
|
||||||
|
|
||||||
|
Feature Changes
|
||||||
|
|
||||||
|
* Improves OpenSSL error logging [RT #29932]
|
||||||
|
* nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
|
||||||
|
|
||||||
|
Lots of bugfixes.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 19 12:11:55 UTC 2012 - meissner@suse.com
|
Fri Oct 19 12:11:55 UTC 2012 - meissner@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
|
|
||||||
Name: bind
|
Name: bind
|
||||||
%define pkg_name bind
|
%define pkg_name bind
|
||||||
%define pkg_vers 9.9.1-P4
|
%define pkg_vers 9.9.2
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
BuildRequires: libcap
|
BuildRequires: libcap
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
@ -32,7 +32,7 @@ BuildRequires: update-desktop-files
|
|||||||
Summary: Domain Name System (DNS) Server (named)
|
Summary: Domain Name System (DNS) Server (named)
|
||||||
License: ISC
|
License: ISC
|
||||||
Group: Productivity/Networking/DNS/Servers
|
Group: Productivity/Networking/DNS/Servers
|
||||||
Version: 9.9.1P3
|
Version: 9.9.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Provides: bind8
|
Provides: bind8
|
||||||
Provides: bind9
|
Provides: bind9
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user