ports/dns/bind95, branch main FreeBSD ports tree Remove dns/bind95 which entered EOL 2010-09 2011-01-01T00:38:44+00:00 Doug Barton dougb@FreeBSD.org 2011-01-01T00:38:44+00:00 cdac3d6e78037aabd9f155623d338335a3f7d1ac 






Continue BIND cleanup:
2010-12-18T01:34:07+00:00

Doug Barton
dougb@FreeBSD.org

2010-12-18T01:34:07+00:00

31a9b93c1fdec64538bda1f4d027bb9238e638de

DEPRECATED=             Past EOL
EXPIRATION_DATE=        2011-01-01

While I'm here, update CONFLICTS for bind98.





DEPRECATED=             Past EOL
EXPIRATION_DATE=        2011-01-01

While I'm here, update CONFLICTS for bind98.







Actually remove the MD5, oops
2010-12-03T23:02:42+00:00

Doug Barton
dougb@FreeBSD.org

2010-12-03T23:02:42+00:00

0030fdbc6f7e500c6eb30be5d610fd127ffe765d












For the port:
2010-12-03T23:01:37+00:00

Doug Barton
dougb@FreeBSD.org

2010-12-03T23:01:37+00:00

2a271253ff49509ae28420db8b778be21d84eb96

1. Add CONFLICT for the ../bind-tools port
2. Remove CONFLICT for the removed ../bind9 port
3. Remove OPTION for threads on < RELENG_7
4. Remove MD5 from distinfo
5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
   requested in [1]

PR:		ports/151635 [1]
Submitted by:	Benjamin Lee <ben@b1c1l1.com> [1]





1. Add CONFLICT for the ../bind-tools port
2. Remove CONFLICT for the removed ../bind9 port
3. Remove OPTION for threads on < RELENG_7
4. Remove MD5 from distinfo
5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
   requested in [1]

PR:		ports/151635 [1]
Submitted by:	Benjamin Lee <ben@b1c1l1.com> [1]







Update to the latest patch set from ISC, which addresses the following:
2010-05-20T06:34:15+00:00

Doug Barton
dougb@FreeBSD.org

2010-05-20T06:34:15+00:00

7509c01a81c81cd460d2ea1e6ef3bae0db484d5d

   Named could return SERVFAIL for negative responses
   from unsigned zones.





   Named could return SERVFAIL for negative responses
   from unsigned zones.







Update to the latest patchfix releases to deal with the problems
2010-03-17T05:35:03+00:00

Doug Barton
dougb@FreeBSD.org

2010-03-17T05:35:03+00:00

e0bc892a0e99733a1869a57540f7ba4a78c55732

related to the handling of broken DNSSEC trust chains.

This fix is only necessary for those who have DNSSEC validation
enabled and configure trust anchors from third parties, either
manually, or through a system like DLV.





related to the handling of broken DNSSEC trust chains.

This fix is only necessary for those who have DNSSEC validation
enabled and configure trust anchors from third parties, either
manually, or through a system like DLV.







Upgrade to BIND 9.4.3-P5, 9.5.2-P2, and 9.6.1-P3. These versions address
2010-01-25T00:25:08+00:00

Doug Barton
dougb@FreeBSD.org

2010-01-25T00:25:08+00:00

9b77b5a94274fd5adc704c1a800954fe17a1cc25

the following vulnerabilities:

BIND 9 Cache Update from Additional Section
https://www.isc.org/advisories/CVE-2009-4022v6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
A nameserver with DNSSEC validation enabled may incorrectly add
unauthenticated records to its cache that are received during the
resolution of a recursive client query

BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records
proven by NSEC or NSEC3 to exist) to be cached as if they had validated
correctly

These issues only affect systems with DNSSEC validation enabled.





the following vulnerabilities:

BIND 9 Cache Update from Additional Section
https://www.isc.org/advisories/CVE-2009-4022v6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
A nameserver with DNSSEC validation enabled may incorrectly add
unauthenticated records to its cache that are received during the
resolution of a recursive client query

BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records
proven by NSEC or NSEC3 to exist) to be cached as if they had validated
correctly

These issues only affect systems with DNSSEC validation enabled.







Update CONFLICTS for bind97
2009-12-14T06:29:30+00:00

Doug Barton
dougb@FreeBSD.org

2009-12-14T06:29:30+00:00

cbdc7d619f1340b1a041ca8bf5be3b9e63f69459












Update to the latest patchlevels for BINDs 9.[456]. The vulnerability
2009-11-30T02:46:12+00:00

Doug Barton
dougb@FreeBSD.org

2009-11-30T02:46:12+00:00

7e9b2460defcfed6afdfceda73d4845589882d56

this is designed to fix is related to DNSSEC validation on a resolving
name server that allows access to untrusted users. If your system does
not fall into all 3 of these categories you do not need to update
immediately.





this is designed to fix is related to DNSSEC validation on a resolving
name server that allows access to untrusted users. If your system does
not fall into all 3 of these categories you do not need to update
immediately.







Wrap some query socket handling in dig with a socket != NULL bow
2009-11-07T19:23:17+00:00

Doug Barton
dougb@FreeBSD.org

2009-11-07T19:23:17+00:00

02cadbab0bf0b1887efa1c621d10b3fba39f62a2

This patch or something similar will likely be included in a future
BIND release.

PR:		bin/138061
Submitted by:	Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by:	Volker <volker@vwsoft.com>
Patch reviewed and tweaked by:	ISC





This patch or something similar will likely be included in a future
BIND release.

PR:		bin/138061
Submitted by:	Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by:	Volker <volker@vwsoft.com>
Patch reviewed and tweaked by:	ISC