FreeBSD source tree https://cgit-dev.freebsd.org/src-test/atom?h=releng%2F9.2 2013-03-28T05:39:45Z 2013-03-28T05:39:45Z Xin LI delphij@FreeBSD.org 2013-03-28T05:39:45Z urn:sha1:d7a5162abdecd3bdb816480ee092fe86cd16df72 Update BIND to 9.8.4-P2 Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] 2013-01-08T09:05:09Z Erwin Lansing erwin@FreeBSD.org 2013-01-08T09:05:09Z urn:sha1:bb4df1c0b48860b488548a6bd1bdf67c2261bc55 Update to 9.8.4-P1. New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] Feature Changes * Improves OpenSSL error logging [RT #29932] * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Other critical bug fixes are included. Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S 2012-04-08T01:43:41Z Doug Barton dougb@FreeBSD.org 2012-04-08T01:43:41Z urn:sha1:cb5afc8e11ab515ed21ab994a2130cd434ae693f Add Bv9ARM.pdf to the list of docs to install. MFV/MFC r233914: Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes. 2011-09-03T07:13:45Z Doug Barton dougb@FreeBSD.org 2011-09-03T07:13:45Z urn:sha1:6fae67da247296c5844ea54a5fc238184ed50046 https://deepthought.isc.org/article/AA-00446/81/ or /usr/src/contrib/bind9/ Approved by: re (kib) 2011-07-16T11:20:54Z Doug Barton dougb@FreeBSD.org 2011-07-16T11:20:54Z urn:sha1:25630ba729c2d175add02aae3bf5bc66a89d2e3e This includes a structural change regarding atomic ops. Previously they were enabled on all platforms unless we had knowledge that they did not work. However both work performed by marius@ on sparc64 and the fact that the 9.8.x branch is fussier in this area has demonstrated that this is not a safe approach. So I've modified a patch provided by marius to enable them for i386, amd64, and ia64 only. 2011-02-06T22:46:07Z Doug Barton dougb@FreeBSD.org 2011-02-06T22:46:07Z urn:sha1:5143adb5490e2ce9f3b7d74307c8f70197df2afe All 9.6 users with DNSSEC validation enabled should upgrade to this version, or the latest version in the 9.7 branch, prior to 2011-03-31 in order to avoid validation failures for names in .COM as described here: https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record In addition the fixes for this and other bugs, there are also the following: * Various fixes to kerberos support, including GSS-TSIG * Various fixes to avoid leaking memory, and to problems that could prevent a clean shutdown of named 2010-10-31T04:45:25Z Doug Barton dougb@FreeBSD.org 2010-10-31T04:45:25Z urn:sha1:031f70f09fe6ab44525dc332810447918f9e7029 2010-03-18T19:00:35Z Doug Barton dougb@FreeBSD.org 2010-03-18T19:00:35Z urn:sha1:b8743b3ba53f8c1f9f6a78f82683a4cbb4a47ca3 the problems related to the handling of broken DNSSEC trust chains. This fix is only relevant for those who have DNSSEC validation enabled and configure trust anchors from third parties, either manually, or through a system like DLV. 2010-03-03T05:45:24Z Doug Barton dougb@FreeBSD.org 2010-03-03T05:45:24Z urn:sha1:eda14e83f216771932ca56c65bc62d994af63706 security patches to the 9.6.1 version, as well as many other bug fixes. This version also incorporates a different fix for the problem we had patched in contrib/bind9/bin/dig/dighost.c, so that file is now back to being the same as the vendor version. Due to the fact that the DNSSEC algorithm that will be used to sign the root zone is only included in this version and in 9.7.x those who wish to do validation MUST upgrade to one of these prior to July 2010. 2009-11-30T03:38:34Z Doug Barton dougb@FreeBSD.org 2009-11-30T03:38:34Z urn:sha1:9748b72412c6df8ce6d600fb449232fafcf047d5 related to DNSSEC validation on a resolving name server that allows access to untrusted users. If your system does not fall into all 3 of these categories you do not need to update immediately.