| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Sponsored by: Absolight
Notes:
svn path=/head/; revision=343206
|
|
|
|
|
|
|
|
| |
Many thanks to: Vernon Schryver
Sponsored by: Absolight
Notes:
svn path=/head/; revision=343204
|
|
|
|
|
|
|
| |
Sponsored by: Absolight
Notes:
svn path=/head/; revision=341969
|
|
|
|
|
|
|
|
| |
Changes: https://lists.isc.org/pipermail/bind-announce/2014-January/000895.html
Sponsored by: Absolight
Notes:
svn path=/head/; revision=341951
|
|
|
|
| |
Notes:
svn path=/head/; revision=341417
|
|
|
|
|
|
|
| |
Approved by: mat@ (maintainer)
Notes:
svn path=/head/; revision=341073
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://kb.isc.org/article/AA-01078/74/
9.9.4 -> 9.9.4-P2
9.8.6 -> 9.8.6-P2
9.6-ESV-R10 -> 9.6-ESV-R10-P2
Security: CVE-2014-0591 Remote DOS
Notes:
svn path=/head/; revision=339612
|
|
|
|
|
|
|
| |
Spotted by: antoine
Notes:
svn path=/head/; revision=339186
|
|
|
|
|
|
|
|
|
|
| |
check for it, and espcially not for a wrong value.
Noticed by: Stefan Bethke <stb@lassitu.de>
Approved by: mat (maintainer)
Notes:
svn path=/head/; revision=338989
|
|
|
|
|
|
|
|
| |
This time, it seems all of REPLACE_BASE, not REPLACE_BASE and post Bind removal
from base seem to work consistently.
Notes:
svn path=/head/; revision=338952
|
|
|
|
| |
Notes:
svn path=/head/; revision=338943
|
|
|
|
| |
Notes:
svn path=/head/; revision=338877
|
|
|
|
| |
Notes:
svn path=/head/; revision=338674
|
|
|
|
| |
Notes:
svn path=/head/; revision=338442
|
|
|
|
|
|
|
|
| |
PR: 184560
Submitted by: Dewayne <dewayne@heuristicsystems.com.au>
Notes:
svn path=/head/; revision=336054
|
|
|
|
|
|
|
|
|
| |
OSVERSION is platform-specific and must be used with OPSYS.
Approved by: maintainer (erwin)
Notes:
svn path=/head/; revision=335933
|
|
|
|
|
|
|
|
|
|
| |
adjust OSVERSION evaluation in ports that specifically use '100050N'.
Approved by: affected maintainers (implicit)
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=335824
|
|
|
|
|
|
|
|
| |
Bullet hole in foot: joeld
Pointy hat: erwin
Notes:
svn path=/head/; revision=335667
|
|
|
|
|
|
|
| |
Submitted by: sunpoet
Notes:
svn path=/head/; revision=335618
|
|
|
|
|
|
|
|
|
| |
PR: 184159 [1]
Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com> [1],
Trond Endrestoel <Trond.Endrestol@ximalas.info> (private email)
Notes:
svn path=/head/; revision=334593
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.
LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.
Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
An UPDATING entry will follow after bind96 and bind99 are fixed
as well.
Notes:
svn path=/head/; revision=333546
|
|
|
|
|
|
|
| |
there's nothing to replace.
Notes:
svn path=/head/; revision=332693
|
|
|
|
|
|
|
| |
Submitted by: "Felix J. Ogris" <fjo@ogris.de>
Notes:
svn path=/head/; revision=332348
|
|
|
|
| |
Notes:
svn path=/head/; revision=328564
|
|
|
|
|
|
|
| |
Submitted by: Matej Gregr <matej.gregr@gmail.com>
Notes:
svn path=/head/; revision=327967
|
|
|
|
|
|
|
| |
dns)
Notes:
svn path=/head/; revision=327719
|
|
|
|
|
|
|
|
| |
PR: 182122
Submitted by: Uwe Doering <gemini@geminix.org>
Notes:
svn path=/head/; revision=327469
|
|
|
|
|
|
|
|
|
|
|
| |
"--with-libiconv=${LOCALBASE}" at systems pre OSVERSION 100043 and "" (null)
otherwise;
. convert all ports which has CONFIGURE_ARGS=--with-libiconv=${LOCALBASE}.
Approved by: portmgr (bapt, implicit)
Notes:
svn path=/head/; revision=326444
|
|
|
|
|
|
|
| |
Approved by: erwin
Notes:
svn path=/head/; revision=323808
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://kb.isc.org/article/AA-01015/0
9.9.3-p1 -> 9.9.3-P2
9.8.5-p1 -> 9.8.5-P2
9.6.x is not affected, neither is 10.x.
Security: CVE-2013-4854 Remote DOS
Notes:
svn path=/head/; revision=323757
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. (CVE-2012-5166) [RT #31090]
Now supports NAPTR regular expression validation on all platforms,
and avoids memory exhaustion compiling pathological regular
expressions. (CVE-2013-2266) [RT #32688]
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received. (CVE-2012-5688)
[RT #30792 / #30996]
Prevents an assertion failure in named when RPZ and DNS64 are
used together. (CVE-2012-5689) [RT #32141]
See release notes for further features and bug fixes:
https://kb.isc.org/article/AA-00969/0/BIND-9.8.5-P1-Release-Notes.html
Security: CVE-2013-3919
CVE-2012-5166
CVE-2013-2266
CVE-2012-5688
CVE-2012-5689
Notes:
svn path=/head/; revision=319983
|
|
|
|
| |
Notes:
svn path=/head/; revision=319472
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- address the issue raised by Bob Harold. RRL on recursive servers
applies rate limits after waiting for recursion except on
sub-domains of domains for which the server is authoritative.
- fix the bug reported by Roy Arends in which "slipped" NXDOMAIN
responses had rcode values of 0 (NoError) instead of 3 (NXDOMAIN).
- move reports of RRL drop and slip actions from the "queries"
log category to the "query-errors" category. Because they are not
in the "queres" category, enabling or disabling query logging no
longer affects them.
Notes:
svn path=/head/; revision=319468
|
|
|
|
|
|
|
|
| |
ports and not include the one from the deprecated bind97 port, which is
to be removed.
Notes:
svn path=/head/; revision=316321
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change makes "slip 1;" send only truncated (TC=1) responses.
Without the change, "slip 1;" is the same as the default of "slip 2;".
That default, which alternates truncated with dropped responses
when the rate limit is exceeded, is better for authoritative DNS
servers, because it further reduces the amplification of an attack
from about 1X to about 0.5X.
DNS RRL is not recommended for recursive servers.
Feature safe: yes
Notes:
svn path=/head/; revision=315942
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed the check for regex.h in configure in order
to disable regex syntax checking, as it exposes
BIND to a critical flaw in libregex on some
platforms. [RT #32688]
Security: CVE-2013-2266
Notes:
svn path=/head/; revision=315355
|
|
|
|
|
|
|
|
|
|
|
| |
working files that should not have been in the patches[1]
Also move to a versioned filename for the patches[2]
Submitted by: Robert Sargent <robtsgt@gmail.com> [1],
Vernon Schryver <vjs@rhyolite.com> [2]
Notes:
svn path=/head/; revision=314294
|
|
|
|
|
|
|
|
|
| |
avoid problems with the older dialog(1) on FreeBSD 8.x
Noticed by: Terry Kennedy <terry@tmk.com>
Notes:
svn path=/head/; revision=310175
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
released version of January 5, 2013.
This also includes performance patches to the BIND9
Response Policy Zones (DNS RPZ), Single Zone Response
Policy Zone (RPZ) Speed Improvement, in the same
patch.
More information: http://ss.vix.su/~vjs/rrlrpz.html
Notes:
svn path=/head/; revision=310131
|
|
|
|
| |
Notes:
svn path=/head/; revision=309925
|
|
|
|
| |
Notes:
svn path=/head/; revision=309924
|
|
|
|
|
|
|
|
|
|
|
| |
- This also allows more than one DLZ option
to be set.[2]
Submitted by: bapt [1] (as RADIO)
Suggested by: az [2] (thus GROUP instead)
Notes:
svn path=/head/; revision=308897
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes
Notes:
svn path=/head/; revision=308317
|
|
|
|
|
|
|
|
| |
Submitted by: Kazunori Fujiwara <fujiwara@jprs.co.jp>
Feature safe: yes
Notes:
svn path=/head/; revision=308136
|
|
|
|
|
|
|
|
|
| |
provide any additional security.
Feature safe: yes
Notes:
svn path=/head/; revision=308135
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix a typo in the OPTIONSNG conversion
- Add FIXED_RRSET option
- Add RPZ options (9.8 and 9.8 only)
PR: 172586
Submitted by: Craig Leres <leres@ee.lbl.gov>
Feature safe: yes
Notes:
svn path=/head/; revision=307830
|
|
|
|
|
|
|
|
|
|
| |
avoid problems with the older dialog(1) on FreeBSD 8.x
Noticed by: Terry Kennedy <terry@tmk.com>
Feature safe: yes
Notes:
svn path=/head/; revision=306427
|
|
|
|
|
|
|
|
|
| |
- Turn on IPv6 support by default
Feature safe: yes
Notes:
svn path=/head/; revision=306379
|
|
|
|
|
|
|
| |
Feature safe: yes
Notes:
svn path=/head/; revision=306112
|
|
|
|
|
|
|
|
|
|
| |
A deliberately constructed combination of records could cause named
to hang while populating the additional section of a response.
Security: http://www.vuxml.org/freebsd/57a700f9-12c0-11e2-9f86-001d923933b6.html
Notes:
svn path=/head/; revision=305645
|