summaryrefslogtreecommitdiffstats
path: root/package/bind/bind.hash
Commit message (Collapse)AuthorAgeFilesLines
* bind: security bump to version 9.11.0-P3Peter Korsgaard2017-02-131-2/+2
| | | | | | | | Fixes CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash: https://kb.isc.org/article/AA-01453 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.11.0-P2Peter Korsgaard2017-01-131-2/+2
| | | | | | | | | | | | | | | | | | Bugfixes: - CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion - CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure - CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure - CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.11.0-P1Gustavo Zacarias2016-11-021-2/+2
| | | | | | | | | | Fixes: CVE-2016-8864 - denial-of-service vector which can potentially be exploited against BIND 9 servers. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> [Thomas: fix hash URL in .hash file, noticed by Vicente.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump version to 9.11.0Vicente Olivert Riera2016-10-151-2/+2
| | | | | | | | | | | | | | | | | - With the release of BIND 9.11.0, ISC is changing the open source license for BIND from the ISC license to the Mozilla Public License (MPL 2.0). See release notes: http://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html - Explicitly enable/disable zlib support, otherwise the configure script will fail like this: checking for zlib library... yes checking for library containing deflate... no configure: error: found zlib include but not library. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump version to 9.10.4-P3Vicente Olivert Riera2016-09-281-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump version to 9.10.4-P2Vicente Olivert Riera2016-07-191-2/+2
| | | | | | | Security fixes: CVE-2016-2775 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.10.4Gustavo Zacarias2016-05-041-2/+2
| | | | | | | | | | | Fixes: CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could trigger an assertion failure. Drop libressl support patch since it's upstream now. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.10.3-P4Gustavo Zacarias2016-03-101-2/+2
| | | | | | | | | | | | | Fixes: CVE-2016-1285 - An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1286 - A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c CVE-2016-2088 - A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.10.3-P3Gustavo Zacarias2016-01-261-2/+2
| | | | | | | | | | | | | | | | | | Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump to version 9.10.3-P2Gustavo Zacarias2015-12-301-2/+2
| | | | | | | | | | | | | Leave the LTS series for the latest stable version for libressl compatibility. Unfortunately this means threads are now required, but this shouldn't be a problem for a fully-featured resolver. Drop 0001-disable-tests.patch since it's no longer required, genrandom isn't run unless the tests are called upon. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.9.8-P2Gustavo Zacarias2015-12-171-2/+2
| | | | | | | | | | | | | | | | | Fixes: Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. CVE-2015-8461 - Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. CVE-2015-8000 - Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump to version 9.9.8Gustavo Zacarias2015-10-091-2/+2
| | | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.9.7-P3Gustavo Zacarias2015-09-041-2/+2
| | | | | | | | | | | | | | | Fixes: CVE-2015-5722 - denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. CVE-2015-5986 - denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.9.7-P2Gustavo Zacarias2015-07-291-2/+2
| | | | | | | | Fixes CVE-2015-5477 - An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.9.7-P1Gustavo Zacarias2015-07-081-2/+2
| | | | | | | | | | Fixes: CVE-2015-4620 - On servers configured to perform DNSSEC validation an assertion failure could be triggered on answers from a specially configured server. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump to version 9.9.7Gustavo Zacarias2015-03-031-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.9.6-P2Gustavo Zacarias2015-02-191-2/+2
| | | | | | | | | Fixes CVE-2015-1349 - Revoking a managed trust anchor and supplying an untrusted replacement could cause namedto crash with an assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.9.6-P1Gustavo Zacarias2014-12-091-2/+2
| | | | | | | | | Fixes CVE-2014-8500 - A flaw in delegation handling could be exploited to put named into an infinite loop, in which each lookup of a name server triggered additional lookups of more name servers. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump to version 9.9.6Gustavo Zacarias2014-10-011-0/+2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud