8b99b04f2a
- Remove the start/stop dependency of named and lwresd on remote-fs to break a service dependency cycle (bsc#947483, bsc#963971). - Make /var/lib/named owned by the named user (bsc#908850, bsc#875691). - Call systemd service macros with the full service name. - Security update 9.10.3-P4:
Reinhard Max2016-06-16 12:00:45 +00:00
2d8afe69b8
- Security update 9.10.3-P3: * CVE-2016-1285, bsc#970072: assert failure on input parsing can cause premature exit. * CVE-2016-1286, bsc#970073: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. * CVE-2016-2088, bsc#970074: a deliberately misconstructed packet containing multiple cookie options to cause named to terminate with an assertion failure.
Reinhard Max2016-03-11 13:59:03 +00:00
abbe73be65
- Security update 9.10.3-P3 fixes two assertion failures that can lead to remote DoS: * CVE-2016-1285, bsc#970072 * CVE-2016-1286, bsc#970073
Reinhard Max2016-03-11 13:55:29 +00:00
c7dc2ebf4f
- Security update 9.10.3-P3: * Specific APL data could trigger an INSIST (CVE-2015-8704, bsc#962189). * Certain errors that could be encountered when printing out or logging an OPT record containing a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure (CVE-2015-8705, bsc#962190). * Authoritative servers that were marked as bogus (e.g. blackholed in configuration or with invalid addresses) were being queried anyway.
Reinhard Max2016-01-20 11:04:34 +00:00
5f956be5fc
- Update to version 9.10.3-P2 to fix a remote denial of service by misparsing incoming responses (CVE-2015-8000, bsc#958861).
Reinhard Max2015-12-21 17:12:31 +00:00
f94eebf621
- Update to version 9.10.2-P3 Security Fixes * A specially crafted query could trigger an assertion failure in message.c. This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477. [RT #39795] * On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server. This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795] Bug Fixes * Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573] * Several bugs have been fixed in the RPZ implementation: + Policy zones that did not specifically require recursion could be treated as if they did; consequently, setting qname-wait-recurse no; was sometimes ineffective. This has been corrected. In most configurations, behavioral changes due to this fix will not be noticeable. [RT #39229] + The server could crash if policy zones were updated (e.g. via rndc reload or an incoming zone transfer) while RPZ processing was still ongoing for an active query. [RT #39415] + On servers with one or more policy zones configured as slaves, if a policy zone updated during regular operation (rather than at startup) using a full zone reload, such as via AXFR, a bug could allow the RPZ summary data to fall out of sync, potentially leading to an assertion failure in rpz.c when further incremental updates were made to the zone, such as via IXFR. [RT #39567] + The server could match a shorter prefix than what was available in CLIENT-IP policy triggers, and so, an unexpected action could be taken. This has been corrected. [RT #39481] + The server could crash if a reload of an RPZ zone was initiated while
Lars Müller
2015-07-29 19:36:46 +00:00
523ac751e6
Accepting request 317302 from network
Stephan Kulow
2015-07-21 11:26:38 +00:00
5693887a0c
- Update to version 9.10.2-P2 - An uninitialized value in validator.c could result in an assertion failure. (CVE-2015-4620) [RT #39795] - Update to version 9.10.2-P1 - Include client-ip rules when logging the number of RPZ rules of each type. [RT #39670] - Addressed further problems with reloading RPZ zones. [RT #39649] - Addressed a regression introduced in change #4121. [RT #39611] - The server could match a shorter prefix than what was available in CLIENT-IP policy triggers, and so, an unexpected action could be taken. This has been corrected. [RT #39481] - On servers with one or more policy zones configured as slaves, if a policy zone updated during regular operation (rather than at startup) using a full zone reload, such as via AXFR, a bug could allow the RPZ summary data to fall out of sync, potentially leading to an assertion failure in rpz.c when further incremental updates were made to the zone, such as via IXFR. [RT #39567] - A bug in RPZ could cause the server to crash if policy zones were updated while recursion was pending for RPZ processing of an active query. [RT #39415] - Fix a bug in RPZ that could cause some policy zones that did not specifically require recursion to be treated as if they did; consequently, setting qname-wait-recurse no; was sometimes ineffective. [RT #39229] - Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573] - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't result in a bug during operation. If the read failed, named could segfault. [RT #38559]
Lars Müller
2015-07-10 20:54:40 +00:00
c76dd164ae
Accepting request 313681 from network
Stephan Kulow
2015-07-05 15:58:14 +00:00
2d26a35729
Change log line wrapping.
Lars Müller
2015-06-18 13:14:58 +00:00
755db9e738
Accepting request 311393 from home:guohouzuo:freeipa
Marcus Meissner2015-06-18 12:30:16 +00:00
78c996f2f3
Accepting request 305964 from network
Stephan Kulow
2015-05-10 08:56:58 +00:00
1ea9273bb0
This change set makes bind build again for SLE 11 too.
Lars Müller
2015-05-08 18:11:21 +00:00
44ffc351bb
- Update to version 9.10.2 - Handle timeout in legacy system test. [RT #38573] - dns_rdata_freestruct could be called on a uninitialised structure when handling a error. [RT #38568] - Addressed valgrind warnings. [RT #38549] - UDP dispatches could use the wrong pseudorandom number generator context. [RT #38578] - Fixed several small bugs in automatic trust anchor management, including a memory leak and a possible loss of key state information. [RT #38458] - 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565] - Revoking a managed trust anchor and supplying an untrusted replacement could cause named to crash with an assertion failure. (CVE-2015-1349) [RT #38344] - Fix a leak of query fetchlock. [RT #38454] - Fix a leak of pthread_mutexattr_t. [RT #38454] - RPZ could send spurious SERVFAILs in response to duplicate queries. [RT #38510] - CDS and CDNSKEY had the wrong attributes. [RT #38491] - adb hash table was not being grown. [RT #38470] - Update bind.keyring - Update baselibs.conf due to updates to libdns160 and libisc148
Lars Müller
2015-05-08 15:44:01 +00:00
fa2687cc7a
Accepting request 305950 from home:guohouzuo:freeipa
Lars Müller
2015-05-08 14:24:45 +00:00
2280b862ef
- Update to version 9.9.4P2 * Fixes named crash when handling malformed NSEC3-signed zones (CVE-2014-0591, bnc#858639) * Obsoletes workaround-compile-problem.diff - Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now supported upstream (--enable-rrl).
Reinhard Max2014-01-21 17:09:17 +00:00
d26e1590d4
Accepting request 210487 from network
Stephan Kulow
2013-12-13 12:01:42 +00:00
c13e4cf96e
Fix creation of /etc/named.conf.include .
Reinhard Max2013-12-09 12:23:41 +00:00
82e8a1d0eb
Accepting request 186266 from network
Tomáš Chvátal
2013-08-10 16:28:25 +00:00
e0efd1bf47
- Systemd doesn't set $TERM, and hence breaks tput (bnc#823175).
Reinhard Max2013-08-07 15:23:09 +00:00
b255a507e5
- Systemd doesn't set $TERM, and hence breaks tput.
Reinhard Max2013-08-07 15:21:50 +00:00
ef9b332868
- Improve pie_compile.diff (bnc#828874). - dnssec-checkds and dnssec-coverage need python-base. - disable rpath in libtool.
Reinhard Max2013-08-06 13:06:41 +00:00
2e7cad6b7d
dnssec-checkds and dnssec-coverage need python-base for building.
Reinhard Max2013-08-06 09:11:23 +00:00
28ef07b698
- Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899. * Incorrect bounds checking on private type 'keydata' can lead to a remotely triggerable REQUIRE failure.
Reinhard Max2013-08-05 14:51:21 +00:00
b557cafc2b
Accepting request 184213 from network
Stephan Kulow
2013-07-24 21:30:38 +00:00
OBS User mrdocs
Dominique Leuenberger
Marcus Meissner
Dirk Mueller
Yuchen Lin
Navin Kukreja
Ismail Dönmez
Reinhard Max
Rusmir Duško
Lars Müller
Stephan Kulow
Andrey Karepin
Tomáš Chvátal
Michael Schröder