The FreeBSD Ports Archive
FreeBSD dns  : bind9
Completely new version of the BIND DNS suite with updated DNSSEC
BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND
architecture. Some of the important features of BIND 9 are:
DNS Security
DNSSEC (signed zones)
TSIG (signed DNS requests)
IP version 6
Answers DNS queries on IPv6 sockets
IPv6 resource records (AAAA)
Experimental IPv6 Resolver Library
DNS Protocol Enhancements
IXFR, DDNS, Notify, EDNS0
Improved standards conformance
Views
One server process can provide multiple "views" of
the DNS namespace, e.g. an "inside" view to certain
clients, and an "outside" view to others.
Multiprocessor Support
Improved Portability Architecture
http://www.isc.org/index.pl?/sw/bind/bind9.3.php
|
bind9 history
v. 1.79
date: 2007/12/03 09:43:43; author: dougb; state: Exp; lines: +1 -1
ISC recently announced that BIND 8 has been End-of-Life'd:
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
Therefore, per the previous announcement, remove the ports for BIND 8.
This includes the chinese/bind8 slave port, and mail/smc-milter which
has a dependency on libbind_r.a from BIND 8.x. The latter has been
unmaintained since 2005, and is 3 versions behind.
Approved by: portmgr (linimon)
v. 1.78
date: 2007/07/24 22:00:03; author: dougb; state: Exp; lines: +2 -2
Update to 9.3.4-P1, which fixes the following:
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
v. 1.77
date: 2007/07/23 09:35:46; author: rafan; state: Exp; lines: +1 -2
- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
v. 1.76
date: 2007/06/10 00:27:17; author: dougb; state: Exp; lines: +1 -1
Add a CONFLICTS to bind 9.4.
v. 1.75
date: 2007/01/25 01:57:42; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.4, the latest from ISC, which addresses the
following security issues. All users of BIND are encouraged to upgrade
to this version.
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to 65537.
[RT #16391]
2066. [security] Handle SIG queries gracefully. [RT #16300]
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
v. 1.74
date: 2006/12/21 08:49:20; author: dougb; state: Exp; lines: +8 -0
Apply the markup fixes from the base to the nsupdate.8 and
nslookup.1 man pages.
v. 1.73
date: 2006/12/09 22:20:38; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.3, the latest from ISC. This is
a maintenance release, with the usual round of bug and
security fixes.
All users of BIND 9 are encouraged to upgrade to this
version.
v. 1.72
date: 2006/11/03 07:47:21; author: dougb; state: Exp; lines: +2 -2
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
v. 1.71
date: 2006/09/06 18:42:40; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.2-P1, which addresses the following security
vulnerabilities:
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066. [security] Handle SIG queries gracefully. [RT #16300]
http://www.kb.cert.org/vuls/id/697164
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
All users of BIND 9 are encouraged to upgrade to this version.
v. 1.70
date: 2006/08/28 06:03:13; author: dougb; state: Exp; lines: +10 -16
Add OPTIONS to the rest of my ports that need them.
Add CONFLICTS to the bind* ports.
v. 1.69
date: 2005/12/28 01:07:22; author: dougb; state: Exp; lines: +2 -2
Update to 9.3.2, the latest from ISC
v. 1.68
date: 2005/12/06 09:36:48; author: dougb; state: Exp; lines: +3 -3
Move the verify target after pre-fetch.
v. 1.67
date: 2005/11/27 01:11:31; author: dougb; state: Exp; lines: +1 -1
Committed the wrong version ... s#/usr/local#${LOCALBASE}#
v. 1.66
date: 2005/11/27 01:03:06; author: dougb; state: Exp; lines: +7 -1
Fix a long-standing problem that appears when users install
openssl from ports, and do not use the option to have the port
version overwrite the base version.
Several folks have mentioned this problem in the past, but a
good workaround (and more importantly, solid testing) were
provided by the submitter.
Submitted by: Uffe Vedenbrant
v. 1.65
date: 2005/10/29 07:13:27; author: dougb; state: Exp; lines: +5 -1
For the ports that I maintain, do the following as appropriate:
1. Add myself as a backup master site (Sourceforge and CPAN ports
already have good enough coverage, so skip them).
2. For all ports that have them, download the PGP signature files.
3. For ports in 2, add a verify target to the Makefile
4. For ports where I was already providing a master site, update the URL.
5. Pet portlint in a couple of places.
v. 1.64
date: 2005/06/29 08:10:25; author: dougb; state: Exp; lines: +3 -1
ISC staff has informed me that in BIND 9.3.x, threads are always a
bad idea, so disable them in all cases unless the user has
affirmatively requested this through the define.
v. 1.63
date: 2005/03/17 07:07:51; author: dougb; state: Exp; lines: +2 -4
1. The OPTIONS stuff isn't working the way it should according to reports,
so rip it out until I have a chance to debug it.
2. Improve the comment about deprecating an old knob.
v. 1.62
date: 2005/03/13 10:52:52; author: dougb; state: Exp; lines: +19 -14
Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.
All users of BIND 9 are highly encouraged to upgrade to this version.
Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
FreeBSD.
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
v. 1.61
date: 2005/01/28 20:47:44; author: dougb; state: Exp; lines: +9 -1
Include a patch from ISC to deal with the following vulnerability:
Name: BIND: Self Check Failing [Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.
Workarounds:
Turn off dnssec validation (off by default) at the options/view level.
dnssec-enable no;
Active Exploits: None known
Bump PORTREVISION accordingly.
It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
v. 1.60
date: 2004/09/27 04:43:55; author: dougb; state: Exp; lines: +1 -1
The parens around the OSVERSION test were fatal for < 4.9, and did not
provide anything useful for newer systems, so remove them.
PR: ports/72118
Submitted by: Michel Lavondes
Approved by: portmgr (eik)
v. 1.59
date: 2004/09/24 04:03:31; author: dougb; state: Exp; lines: +23 -14
Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).
Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current
There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.
Approved by: portmgr (marcus)
v. 1.58
date: 2004/04/04 06:19:46; author: dougb; state: Exp; lines: +1 -2
The ringserver sites don't have the latest BIND 9.
Submitted by: fenner's distfile survey
v. 1.57
date: 2004/03/14 23:06:52; author: dougb; state: Exp; lines: +1 -2
DISTNAME is a slightly less painful way of dealing with wacky
version numbers.
v. 1.56
date: 2003/10/28 11:54:41; author: dougb; state: Exp; lines: +0 -1
I specifically stated that I did not want to bump portepoch for this port.
I realize that my error in version numbering previously caused some confusion
about 9.2.3 being a more up to date version than 9.2.3.4, but this will quickly
be resolved with the next version, and affected only a few users who installed
the release candidate. The portepoch change is permanent, and perpetuates a
silly kludge for no good reason.
Please do not change this again without discussing it with me.
v. 1.55
date: 2003/10/28 09:15:03; author: edwin; state: Exp; lines: +1 -0
Fix removal of the last digit in the version number issue.
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3
>
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3,1
<
v. 1.54
date: 2003/10/24 23:10:57; author: dougb; state: Exp; lines: +2 -2
Upgrade to the 9.2.3 release version
v. 1.53
date: 2003/10/02 19:18:54; author: dougb; state: Exp; lines: +2 -7
Unbreak(?) USE_OPENSSL support for people that don't have it in the base
Submitted by: A cast of thousands
v. 1.52
date: 2003/09/25 05:08:39; author: dougb; state: Exp; lines: +3 -3
Upgrade to version 9.2.3rc4.
The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.
The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.
v. 1.51
date: 2003/09/05 07:33:47; author: edwin; state: Exp; lines: +1 -1
Chase repocopies towards ports/dns
PR: ports/56020
Submitted by: Kimura Fuyuki
Approved by: portmgr
v. 1.50
date: 2003/09/05 04:54:32; author: edwin; state: Exp; lines: +1 -1
Massive repo-copies request: net->dns (partly devel->dns)
PR: ports/56020
Submitted by: Kimura Fuyuki
Approved by: portmgr
v. 1.49
date: 2003/06/07 22:56:34; author: dougb; state: Exp; lines: +2 -0
Display the new pkg-message after port build.
v. 1.48
date: 2003/03/04 09:44:15; author: dougb; state: Exp; lines: +3 -2
* Update to version 9.2.2, the latest from ISC. This version contains no
new features compared to 9.2.1, only bug fixes. Users of BIND 9 are
highly encouraged to upgrade.
* Switch to Makefile COMMENT
v. 1.47
date: 2003/01/26 08:42:01; author: dougb; state: Exp; lines: +25 -21
Upgrade to 9.2.2rc1. This version has been available for several months, and
is widely considered to be more stable than 9.2.1. I would have preferred
a -REL version, but better is better.
* Clean up the Makefile a little
* Just say no to threads
* Add the PORT_REPLACES_BASE magic, similar to the bind8 port
v. 1.46
date: 2002/08/01 09:23:06; author: ijliao; state: Exp; lines: +1 -1
typo
Submitted by: Kimura Fuyuki
v. 1.45
date: 2002/08/01 07:35:52; author: ijliao; state: Exp; lines: +2 -4
add MASTER_SITE_ISC (1) and apply them
PR: 41218
Submitted by: Kimura Fuyuki (1)
v. 1.44
date: 2002/05/22 05:22:31; author: dougb; state: Exp; lines: +3 -3
Update to the latest release version
v. 1.43
date: 2002/04/08 08:32:47; author: dougb; state: Exp; lines: +3 -3
Upgrade to 9.2.1rc2, the latest from ISC. Numerous bugs were fixed,
see /usr/local/share/doc/bind9/CHANGES after installation for details.
v. 1.42
date: 2002/03/17 19:09:09; author: dougb; state: Exp; lines: +9 -7
Fix PORTVERSION so that wacky things don't happen down the road.
In my previous commit I forgot to mention that 'pkg_add -r bind' is
only half the rationale for changing PORTNAME. The other half is so
that people who really want to can 'pkg_add -r bind9'.
v. 1.41
date: 2002/03/17 06:47:25; author: dougb; state: Exp; lines: +64 -26
Upgrade to the latest release candidate, 9.2.1rc1. Numerous 9.x bugs
are fixed in this version, however BIND 9 is still recommended only
for early adopters, and those that have time to closely monitor
their name service.
* Change PORTNAME to bind9 so that 'pkg_add -r bind' does the right thing
* Use the local version of openssl, and disable threads on all but
the most recent -current. Thread support is still considered experimental.
v. 1.40
date: 2001/08/15 00:03:13; author: dougb; state: Exp; lines: +3 -1
Add some mirrors
v. 1.39
date: 2001/07/24 18:10:31; author: dougb; state: Exp; lines: +8 -2
Update port version to ISC's latest stable release
v. 1.38
date: 2001/05/28 08:27:10; author: dougb; state: Exp; lines: +2 -2
Upgrade to 9.1.3rc1, whose most significant change is a fix for
some IXFR problems.
v. 1.37
date: 2001/05/09 06:32:42; author: dougb; state: Exp; lines: +2 -2
Upgrade to BIND 9.1.2-Release. There is no newe functionality, but
it is highly recommended that all users of BIND 9 upgrade to this
maintenance release.
v. 1.36
date: 2001/04/03 07:37:00; author: dougb; state: Exp; lines: +2 -2
Update to the actual release version of 9.1.1. If you're using
bind 9, upgrade to this version.
v. 1.35
date: 2001/03/27 08:45:23; author: dougb; state: Exp; lines: +2 -2
Latest bug fixes, FOR GREAT JUSTICE !!
v. 1.34
date: 2001/03/23 14:37:41; author: dougb; state: Exp; lines: +2 -2
Latest bug fixes and documentation updates.
v. 1.33
date: 2001/03/19 09:11:31; author: dougb; state: Exp; lines: +2 -2
Latest bug fixes, no features added.
v. 1.32
date: 2001/03/10 20:56:44; author: dougb; state: Exp; lines: +2 -2
Upgrade to ISC's latest. No new features, but a few useful bug fixes.
v. 1.31
date: 2001/03/02 07:28:36; author: kuriyama; state: Exp; lines: +3 -2
Add more master sites.
Approved by: maintainer
v. 1.30
date: 2001/02/27 08:08:59; author: dougb; state: Exp; lines: +2 -2
Update to ISC's latest
v. 1.29
date: 2001/02/13 07:33:34; author: dougb; state: Exp; lines: +2 -2
Latest update from ISC. Truly just bugfixes.
v. 1.28
date: 2001/02/08 08:35:42; author: dougb; state: Exp; lines: +2 -3
Update to ISC's bug fix release. For those who wish to (or need to)
use BIND 9 this upgrade is highly recommended.
v. 1.27
date: 2001/02/07 20:34:50; author: dougb; state: Exp; lines: +2 -1
I knew I forgot something... the patch is reported to substantially
improve the resistance to DOS, so this is worth a portv. bump.
v. 1.26
date: 2001/02/07 12:36:19; author: dougb; state: Exp; lines: +32 -5
Major overhaul, including an updated man/plist, patching the man pages
to make the location of etc/ files prefix-safe. Install a sample
rndc.conf file. Since rndc won't start without one the user should have
an example to work from. Add the installation of various docs wrapped
in a NOPORTDOCS test.
Last but not least, add a patch that turns off the debugging code ISC
left on by default. This should help solve the problems with
misbehaving assert's, related to nmap and other causes.
v. 1.25
date: 2001/01/31 07:21:26; author: dougb; state: Exp; lines: +2 -2
Take over maintainership of the BIND's. This is something I use every day,
so I'm on top of the security advisories, etc.
v. 1.24
date: 2001/01/21 00:42:48; author: will; state: Exp; lines: +5 -3
Update to 9.1.0; replace Makefile.in patch with perl regex.
Requested by: Joong Hyun Kim
v. 1.23
date: 2000/12/01 23:42:12; author: ade; state: Exp; lines: +3 -2
Add CONFIGURE_ARGS so that named/lwresd put their pid files
in the "right" place (/var/run), as opposed to ${PREFIX}/var/run
v. 1.22
date: 2000/11/19 19:21:02; author: dougb; state: Exp; lines: +3 -3
Update to 9.0.1
PR: ports/22941
Submitted by: Leif Neland, leifn@neland.dk
v. 1.21
date: 2000/11/03 17:25:13; author: sumikawa; state: Exp; lines: +2 -1
Bump PORTREVISION for the previous commiting.
v. 1.20
date: 2000/11/03 16:06:24; author: sumikawa; state: Exp; lines: +2 -2
Add 'ipv6' on CATEGORIES. bind9 supports queries via IPv6.
v. 1.19
date: 2000/10/29 04:45:17; author: will; state: Exp; lines: +16 -23
Update to BIND version 9.0.0, now with better DNSSEC support among lots
of other neat things like that. Sorry for the delay.
Repo-copy by: asami
v. 1.18
date: 2000/10/21 21:05:58; author: asami; state: dead; lines: +1 -1
Temporarily remove bind9, it is a repo-copy from bind8 not updated.
The history is safe, so just "cvs add" the files back when bind9 is
ready to be committed.
v. 1.17
date: 2000/04/09 18:10:15; author: cpiazza; state: Exp; lines: +3 -3
Update with the new PORTNAME/PORTVERSION variables
v. 1.16
date: 1999/11/15 01:03:41; author: jseger; state: Exp; lines: +4 -7
Upgrade to 8.2.2 patch 5
v. 1.15
date: 1999/11/12 06:40:36; author: jseger; state: Exp; lines: +10 -6
Upgrade to bind-8.2.2.p3 + patch4. Fixes some security issues.
Many people submitted patches for this one, and a combination of them
were used.
v. 1.14
date: 1999/08/30 14:22:09; author: peter; state: Exp; lines: +1 -1
$Id$ -> $FreeBSD$
v. 1.13
date: 1999/08/08 18:03:44; author: jseger; state: Exp; lines: +5 -7
Upgrade to bind 8.2.1
Submitted by: ust@cert.siemens.de
PR: ports/12875
v. 1.12
date: 1999/06/28 21:25:07; author: billf; state: Exp; lines: +0 -0
Bring back bind8, even -CURRENT only has 8.1.2, this port is more up-to-date.
Requested By: a bazillion people both on mailing lists and #FreeBSD.
v. 1.11
date: 1999/06/25 20:21:49; author: jseger; state: dead; lines: +1 -1
Nuke bind8, it's been in the base system for a while now.
v. 1.10
date: 1999/05/31 17:36:25; author: jseger; state: Exp; lines: +5 -2
Use latest patches from ISC.
PR: ports/11784
v. 1.9
date: 1999/04/04 14:28:37; author: jseger; state: Exp; lines: +8 -8
Upgrade to bind 8.2
Submitted by: Brad Hendrickse
PR: ports/10861
v. 1.8
date: 1999/01/13 03:37:27; author: scrappy; state: Exp; lines: +3 -1
Add a couple more Y2K links...
v. 1.7
date: 1998/12/10 02:59:27; author: jseger; state: Exp; lines: +3 -1
Install HTML documentation in ${PREFIX}/share/doc/bind8
PR: 7750
v. 1.6
date: 1998/07/19 05:11:59; author: gpalmer; state: Exp; lines: +2 -2
Update comment to match reality
v. 1.5
date: 1998/05/21 00:42:19; author: jseger; state: Exp; lines: +6 -11
Upgrade to version 8.1.2.
Submitted by: Studded@dal.net
v. 1.4
date: 1998/04/14 21:44:27; author: jseger; state: Exp; lines: +1 -16
Make this build under current again.
v. 1.3
date: 1998/02/04 16:23:28; author: wollman; state: Exp; lines: +7 -1
Take markm out of his misery... The patch belongs to the port's
makefile, not bind's.
v. 1.2
date: 1998/01/12 19:17:22; author: markm; state: Exp; lines: +2 -2
Install the raw (roff) man pages, not the formatted ones.
v. 1.1
date: 1997/11/26 00:24:18; author: jseger; state: Exp;
branches: 1.1.1;
Initial revision
v. 1.1.1.1
date: 1997/11/26 00:24:18; author: jseger; state: Exp; lines: +0 -0
Import of bind 8.1.1 port.
PR: ports/4118
=============================================================================
v. 1.79
date: 2007/12/03 09:43:43; author: dougb; state: Exp; lines: +1 -1
ISC recently announced that BIND 8 has been End-of-Life'd:
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
Therefore, per the previous announcement, remove the ports for BIND 8.
This includes the chinese/bind8 slave port, and mail/smc-milter which
has a dependency on libbind_r.a from BIND 8.x. The latter has been
unmaintained since 2005, and is 3 versions behind.
Approved by: portmgr (linimon)
v. 1.78
date: 2007/07/24 22:00:03; author: dougb; state: Exp; lines: +2 -2
Update to 9.3.4-P1, which fixes the following:
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
v. 1.77
date: 2007/07/23 09:35:46; author: rafan; state: Exp; lines: +1 -2
- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
v. 1.76
date: 2007/06/10 00:27:17; author: dougb; state: Exp; lines: +1 -1
Add a CONFLICTS to bind 9.4.
v. 1.75
date: 2007/01/25 01:57:42; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.4, the latest from ISC, which addresses the
following security issues. All users of BIND are encouraged to upgrade
to this version.
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to 65537.
[RT #16391]
2066. [security] Handle SIG queries gracefully. [RT #16300]
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
v. 1.74
date: 2006/12/21 08:49:20; author: dougb; state: Exp; lines: +8 -0
Apply the markup fixes from the base to the nsupdate.8 and
nslookup.1 man pages.
v. 1.73
date: 2006/12/09 22:20:38; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.3, the latest from ISC. This is
a maintenance release, with the usual round of bug and
security fixes.
All users of BIND 9 are encouraged to upgrade to this
version.
v. 1.72
date: 2006/11/03 07:47:21; author: dougb; state: Exp; lines: +2 -2
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
v. 1.71
date: 2006/09/06 18:42:40; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.2-P1, which addresses the following security
vulnerabilities:
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066. [security] Handle SIG queries gracefully. [RT #16300]
http://www.kb.cert.org/vuls/id/697164
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
All users of BIND 9 are encouraged to upgrade to this version.
v. 1.70
date: 2006/08/28 06:03:13; author: dougb; state: Exp; lines: +10 -16
Add OPTIONS to the rest of my ports that need them.
Add CONFLICTS to the bind* ports.
v. 1.69
date: 2005/12/28 01:07:22; author: dougb; state: Exp; lines: +2 -2
Update to 9.3.2, the latest from ISC
v. 1.68
date: 2005/12/06 09:36:48; author: dougb; state: Exp; lines: +3 -3
Move the verify target after pre-fetch.
v. 1.67
date: 2005/11/27 01:11:31; author: dougb; state: Exp; lines: +1 -1
Committed the wrong version ... s#/usr/local#${LOCALBASE}#
v. 1.66
date: 2005/11/27 01:03:06; author: dougb; state: Exp; lines: +7 -1
Fix a long-standing problem that appears when users install
openssl from ports, and do not use the option to have the port
version overwrite the base version.
Several folks have mentioned this problem in the past, but a
good workaround (and more importantly, solid testing) were
provided by the submitter.
Submitted by: Uffe Vedenbrant
v. 1.65
date: 2005/10/29 07:13:27; author: dougb; state: Exp; lines: +5 -1
For the ports that I maintain, do the following as appropriate:
1. Add myself as a backup master site (Sourceforge and CPAN ports
already have good enough coverage, so skip them).
2. For all ports that have them, download the PGP signature files.
3. For ports in 2, add a verify target to the Makefile
4. For ports where I was already providing a master site, update the URL.
5. Pet portlint in a couple of places.
v. 1.64
date: 2005/06/29 08:10:25; author: dougb; state: Exp; lines: +3 -1
ISC staff has informed me that in BIND 9.3.x, threads are always a
bad idea, so disable them in all cases unless the user has
affirmatively requested this through the define.
v. 1.63
date: 2005/03/17 07:07:51; author: dougb; state: Exp; lines: +2 -4
1. The OPTIONS stuff isn't working the way it should according to reports,
so rip it out until I have a chance to debug it.
2. Improve the comment about deprecating an old knob.
v. 1.62
date: 2005/03/13 10:52:52; author: dougb; state: Exp; lines: +19 -14
Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.
All users of BIND 9 are highly encouraged to upgrade to this version.
Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
FreeBSD.
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
v. 1.61
date: 2005/01/28 20:47:44; author: dougb; state: Exp; lines: +9 -1
Include a patch from ISC to deal with the following vulnerability:
Name: BIND: Self Check Failing [Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.
Workarounds:
Turn off dnssec validation (off by default) at the options/view level.
dnssec-enable no;
Active Exploits: None known
Bump PORTREVISION accordingly.
It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
v. 1.60
date: 2004/09/27 04:43:55; author: dougb; state: Exp; lines: +1 -1
The parens around the OSVERSION test were fatal for < 4.9, and did not
provide anything useful for newer systems, so remove them.
PR: ports/72118
Submitted by: Michel Lavondes
Approved by: portmgr (eik)
v. 1.59
date: 2004/09/24 04:03:31; author: dougb; state: Exp; lines: +23 -14
Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).
Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current
There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.
Approved by: portmgr (marcus)
v. 1.58
date: 2004/04/04 06:19:46; author: dougb; state: Exp; lines: +1 -2
The ringserver sites don't have the latest BIND 9.
Submitted by: fenner's distfile survey
v. 1.57
date: 2004/03/14 23:06:52; author: dougb; state: Exp; lines: +1 -2
DISTNAME is a slightly less painful way of dealing with wacky
version numbers.
v. 1.56
date: 2003/10/28 11:54:41; author: dougb; state: Exp; lines: +0 -1
I specifically stated that I did not want to bump portepoch for this port.
I realize that my error in version numbering previously caused some confusion
about 9.2.3 being a more up to date version than 9.2.3.4, but this will quickly
be resolved with the next version, and affected only a few users who installed
the release candidate. The portepoch change is permanent, and perpetuates a
silly kludge for no good reason.
Please do not change this again without discussing it with me.
v. 1.55
date: 2003/10/28 09:15:03; author: edwin; state: Exp; lines: +1 -0
Fix removal of the last digit in the version number issue.
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3
>
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3,1
<
v. 1.54
date: 2003/10/24 23:10:57; author: dougb; state: Exp; lines: +2 -2
Upgrade to the 9.2.3 release version
v. 1.53
date: 2003/10/02 19:18:54; author: dougb; state: Exp; lines: +2 -7
Unbreak(?) USE_OPENSSL support for people that don't have it in the base
Submitted by: A cast of thousands
v. 1.52
date: 2003/09/25 05:08:39; author: dougb; state: Exp; lines: +3 -3
Upgrade to version 9.2.3rc4.
The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.
The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.
v. 1.51
date: 2003/09/05 07:33:47; author: edwin; state: Exp; lines: +1 -1
Chase repocopies towards ports/dns
PR: ports/56020
Submitted by: Kimura Fuyuki
Approved by: portmgr
v. 1.50
date: 2003/09/05 04:54:32; author: edwin; state: Exp; lines: +1 -1
Massive repo-copies request: net->dns (partly devel->dns)
PR: ports/56020
Submitted by: Kimura Fuyuki
Approved by: portmgr
v. 1.49
date: 2003/06/07 22:56:34; author: dougb; state: Exp; lines: +2 -0
Display the new pkg-message after port build.
v. 1.48
date: 2003/03/04 09:44:15; author: dougb; state: Exp; lines: +3 -2
* Update to version 9.2.2, the latest from ISC. This version contains no
new features compared to 9.2.1, only bug fixes. Users of BIND 9 are
highly encouraged to upgrade.
* Switch to Makefile COMMENT
v. 1.47
date: 2003/01/26 08:42:01; author: dougb; state: Exp; lines: +25 -21
Upgrade to 9.2.2rc1. This version has been available for several months, and
is widely considered to be more stable than 9.2.1. I would have preferred
a -REL version, but better is better.
* Clean up the Makefile a little
* Just say no to threads
* Add the PORT_REPLACES_BASE magic, similar to the bind8 port
v. 1.46
date: 2002/08/01 09:23:06; author: ijliao; state: Exp; lines: +1 -1
typo
Submitted by: Kimura Fuyuki
v. 1.45
date: 2002/08/01 07:35:52; author: ijliao; state: Exp; lines: +2 -4
add MASTER_SITE_ISC (1) and apply them
PR: 41218
Submitted by: Kimura Fuyuki (1)
v. 1.44
date: 2002/05/22 05:22:31; author: dougb; state: Exp; lines: +3 -3
Update to the latest release version
v. 1.43
date: 2002/04/08 08:32:47; author: dougb; state: Exp; lines: +3 -3
Upgrade to 9.2.1rc2, the latest from ISC. Numerous bugs were fixed,
see /usr/local/share/doc/bind9/CHANGES after installation for details.
v. 1.42
date: 2002/03/17 19:09:09; author: dougb; state: Exp; lines: +9 -7
Fix PORTVERSION so that wacky things don't happen down the road.
In my previous commit I forgot to mention that 'pkg_add -r bind' is
only half the rationale for changing PORTNAME. The other half is so
that people who really want to can 'pkg_add -r bind9'.
v. 1.41
date: 2002/03/17 06:47:25; author: dougb; state: Exp; lines: +64 -26
Upgrade to the latest release candidate, 9.2.1rc1. Numerous 9.x bugs
are fixed in this version, however BIND 9 is still recommended only
for early adopters, and those that have time to closely monitor
their name service.
* Change PORTNAME to bind9 so that 'pkg_add -r bind' does the right thing
* Use the local version of openssl, and disable threads on all but
the most recent -current. Thread support is still considered experimental.
v. 1.40
date: 2001/08/15 00:03:13; author: dougb; state: Exp; lines: +3 -1
Add some mirrors
v. 1.39
date: 2001/07/24 18:10:31; author: dougb; state: Exp; lines: +8 -2
Update port version to ISC's latest stable release
v. 1.38
date: 2001/05/28 08:27:10; author: dougb; state: Exp; lines: +2 -2
Upgrade to 9.1.3rc1, whose most significant change is a fix for
some IXFR problems.
v. 1.37
date: 2001/05/09 06:32:42; author: dougb; state: Exp; lines: +2 -2
Upgrade to BIND 9.1.2-Release. There is no newe functionality, but
it is highly recommended that all users of BIND 9 upgrade to this
maintenance release.
v. 1.36
date: 2001/04/03 07:37:00; author: dougb; state: Exp; lines: +2 -2
Update to the actual release version of 9.1.1. If you're using
bind 9, upgrade to this version.
v. 1.35
date: 2001/03/27 08:45:23; author: dougb; state: Exp; lines: +2 -2
Latest bug fixes, FOR GREAT JUSTICE !!
v. 1.34
date: 2001/03/23 14:37:41; author: dougb; state: Exp; lines: +2 -2
Latest bug fixes and documentation updates.
v. 1.33
date: 2001/03/19 09:11:31; author: dougb; state: Exp; lines: +2 -2
Latest bug fixes, no features added.
v. 1.32
date: 2001/03/10 20:56:44; author: dougb; state: Exp; lines: +2 -2
Upgrade to ISC's latest. No new features, but a few useful bug fixes.
v. 1.31
date: 2001/03/02 07:28:36; author: kuriyama; state: Exp; lines: +3 -2
Add more master sites.
Approved by: maintainer
v. 1.30
date: 2001/02/27 08:08:59; author: dougb; state: Exp; lines: +2 -2
Update to ISC's latest
v. 1.29
date: 2001/02/13 07:33:34; author: dougb; state: Exp; lines: +2 -2
Latest update from ISC. Truly just bugfixes.
v. 1.28
date: 2001/02/08 08:35:42; author: dougb; state: Exp; lines: +2 -3
Update to ISC's bug fix release. For those who wish to (or need to)
use BIND 9 this upgrade is highly recommended.
v. 1.27
date: 2001/02/07 20:34:50; author: dougb; state: Exp; lines: +2 -1
I knew I forgot something... the patch is reported to substantially
improve the resistance to DOS, so this is worth a portv. bump.
v. 1.26
date: 2001/02/07 12:36:19; author: dougb; state: Exp; lines: +32 -5
Major overhaul, including an updated man/plist, patching the man pages
to make the location of etc/ files prefix-safe. Install a sample
rndc.conf file. Since rndc won't start without one the user should have
an example to work from. Add the installation of various docs wrapped
in a NOPORTDOCS test.
Last but not least, add a patch that turns off the debugging code ISC
left on by default. This should help solve the problems with
misbehaving assert's, related to nmap and other causes.
v. 1.25
date: 2001/01/31 07:21:26; author: dougb; state: Exp; lines: +2 -2
Take over maintainership of the BIND's. This is something I use every day,
so I'm on top of the security advisories, etc.
v. 1.24
date: 2001/01/21 00:42:48; author: will; state: Exp; lines: +5 -3
Update to 9.1.0; replace Makefile.in patch with perl regex.
Requested by: Joong Hyun Kim
v. 1.23
date: 2000/12/01 23:42:12; author: ade; state: Exp; lines: +3 -2
Add CONFIGURE_ARGS so that named/lwresd put their pid files
in the "right" place (/var/run), as opposed to ${PREFIX}/var/run
v. 1.22
date: 2000/11/19 19:21:02; author: dougb; state: Exp; lines: +3 -3
Update to 9.0.1
PR: ports/22941
Submitted by: Leif Neland, leifn@neland.dk
v. 1.21
date: 2000/11/03 17:25:13; author: sumikawa; state: Exp; lines: +2 -1
Bump PORTREVISION for the previous commiting.
v. 1.20
date: 2000/11/03 16:06:24; author: sumikawa; state: Exp; lines: +2 -2
Add 'ipv6' on CATEGORIES. bind9 supports queries via IPv6.
v. 1.19
date: 2000/10/29 04:45:17; author: will; state: Exp; lines: +16 -23
Update to BIND version 9.0.0, now with better DNSSEC support among lots
of other neat things like that. Sorry for the delay.
Repo-copy by: asami
v. 1.18
date: 2000/10/21 21:05:58; author: asami; state: dead; lines: +1 -1
Temporarily remove bind9, it is a repo-copy from bind8 not updated.
The history is safe, so just "cvs add" the files back when bind9 is
ready to be committed.
v. 1.17
date: 2000/04/09 18:10:15; author: cpiazza; state: Exp; lines: +3 -3
Update with the new PORTNAME/PORTVERSION variables
v. 1.16
date: 1999/11/15 01:03:41; author: jseger; state: Exp; lines: +4 -7
Upgrade to 8.2.2 patch 5
v. 1.15
date: 1999/11/12 06:40:36; author: jseger; state: Exp; lines: +10 -6
Upgrade to bind-8.2.2.p3 + patch4. Fixes some security issues.
Many people submitted patches for this one, and a combination of them
were used.
v. 1.14
date: 1999/08/30 14:22:09; author: peter; state: Exp; lines: +1 -1
$Id$ -> $FreeBSD$
v. 1.13
date: 1999/08/08 18:03:44; author: jseger; state: Exp; lines: +5 -7
Upgrade to bind 8.2.1
Submitted by: ust@cert.siemens.de
PR: ports/12875
v. 1.12
date: 1999/06/28 21:25:07; author: billf; state: Exp; lines: +0 -0
Bring back bind8, even -CURRENT only has 8.1.2, this port is more up-to-date.
Requested By: a bazillion people both on mailing lists and #FreeBSD.
v. 1.11
date: 1999/06/25 20:21:49; author: jseger; state: dead; lines: +1 -1
Nuke bind8, it's been in the base system for a while now.
v. 1.10
date: 1999/05/31 17:36:25; author: jseger; state: Exp; lines: +5 -2
Use latest patches from ISC.
PR: ports/11784
v. 1.9
date: 1999/04/04 14:28:37; author: jseger; state: Exp; lines: +8 -8
Upgrade to bind 8.2
Submitted by: Brad Hendrickse
PR: ports/10861
v. 1.8
date: 1999/01/13 03:37:27; author: scrappy; state: Exp; lines: +3 -1
Add a couple more Y2K links...
v. 1.7
date: 1998/12/10 02:59:27; author: jseger; state: Exp; lines: +3 -1
Install HTML documentation in ${PREFIX}/share/doc/bind8
PR: 7750
v. 1.6
date: 1998/07/19 05:11:59; author: gpalmer; state: Exp; lines: +2 -2
Update comment to match reality
v. 1.5
date: 1998/05/21 00:42:19; author: jseger; state: Exp; lines: +6 -11
Upgrade to version 8.1.2.
Submitted by: Studded@dal.net
v. 1.4
date: 1998/04/14 21:44:27; author: jseger; state: Exp; lines: +1 -16
Make this build under current again.
v. 1.3
date: 1998/02/04 16:23:28; author: wollman; state: Exp; lines: +7 -1
Take markm out of his misery... The patch belongs to the port's
makefile, not bind's.
v. 1.2
date: 1998/01/12 19:17:22; author: markm; state: Exp; lines: +2 -2
Install the raw (roff) man pages, not the formatted ones.
v. 1.1
date: 1997/11/26 00:24:18; author: jseger; state: Exp;
branches: 1.1.1;
Initial revision
v. 1.1.1.1
date: 1997/11/26 00:24:18; author: jseger; state: Exp; lines: +0 -0
Import of bind 8.1.1 port.
PR: ports/4118
=============================================================================
v. 1.79
date: 2007/12/03 09:43:43; author: dougb; state: Exp; lines: +1 -1
ISC recently announced that BIND 8 has been End-of-Life'd:
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
Therefore, per the previous announcement, remove the ports for BIND 8.
This includes the chinese/bind8 slave port, and mail/smc-milter which
has a dependency on libbind_r.a from BIND 8.x. The latter has been
unmaintained since 2005, and is 3 versions behind.
Approved by: portmgr (linimon)
v. 1.78
date: 2007/07/24 22:00:03; author: dougb; state: Exp; lines: +2 -2
Update to 9.3.4-P1, which fixes the following:
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
v. 1.77
date: 2007/07/23 09:35:46; author: rafan; state: Exp; lines: +1 -2
- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
v. 1.76
date: 2007/06/10 00:27:17; author: dougb; state: Exp; lines: +1 -1
Add a CONFLICTS to bind 9.4.
v. 1.75
date: 2007/01/25 01:57:42; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.4, the latest from ISC, which addresses the
following security issues. All users of BIND are encouraged to upgrade
to this version.
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to 65537.
[RT #16391]
2066. [security] Handle SIG queries gracefully. [RT #16300]
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
v. 1.74
date: 2006/12/21 08:49:20; author: dougb; state: Exp; lines: +8 -0
Apply the markup fixes from the base to the nsupdate.8 and
nslookup.1 man pages.
v. 1.73
date: 2006/12/09 22:20:38; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.3, the latest from ISC. This is
a maintenance release, with the usual round of bug and
security fixes.
All users of BIND 9 are encouraged to upgrade to this
version.
v. 1.72
date: 2006/11/03 07:47:21; author: dougb; state: Exp; lines: +2 -2
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
v. 1.71
date: 2006/09/06 18:42:40; author: dougb; state: Exp; lines: +2 -2
Upgrade to version 9.3.2-P1, which addresses the following security
vulnerabilities:
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066. [security] Handle SIG queries gracefully. [RT #16300]
http://www.kb.cert.org/vuls/id/697164
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
All users of BIND 9 are encouraged to upgrade to this version.
v. 1.70
date: 2006/08/28 06:03:13; author: dougb; state: Exp; lines: +10 -16
Add OPTIONS to the rest of my ports that need them.
Add CONFLICTS to the bind* ports.
v. 1.69
date: 2005/12/28 01:07:22; author: dougb; state: Exp; lines: +2 -2
Update to 9.3.2, the latest from ISC
v. 1.68
date: 2005/12/06 09:36:48; author: dougb; state: Exp; lines: +3 -3
Move the verify target after pre-fetch.
v. 1.67
date: 2005/11/27 01:11:31; author: dougb; state: Exp; lines: +1 -1
Committed the wrong version ... s#/usr/local#${LOCALBASE}#
v. 1.66
date: 2005/11/27 01:03:06; author: dougb; state: Exp; lines: +7 -1
Fix a long-standing problem that appears when users install
openssl from ports, and do not use the option to have the port
version overwrite the base version.
Several folks have mentioned this problem in the past, but a
good workaround (and more importantly, solid testing) were
provided by the submitter.
Submitted by: Uffe Vedenbrant
v. 1.65
date: 2005/10/29 07:13:27; author: dougb; state: Exp; lines: +5 -1
For the ports that I maintain, do the following as appropriate:
1. Add myself as a backup master site (Sourceforge and CPAN ports
already have good enough coverage, so skip them).
2. For all ports that have them, download the PGP signature files.
3. For ports in 2, add a verify target to the Makefile
4. For ports where I was already providing a master site, update the URL.
5. Pet portlint in a couple of places.
v. 1.64
date: 2005/06/29 08:10:25; author: dougb; state: Exp; lines: +3 -1
ISC staff has informed me that in BIND 9.3.x, threads are always a
bad idea, so disable them in all cases unless the user has
affirmatively requested this through the define.
v. 1.63
date: 2005/03/17 07:07:51; author: dougb; state: Exp; lines: +2 -4
1. The OPTIONS stuff isn't working the way it should according to reports,
so rip it out until I have a chance to debug it.
2. Improve the comment about deprecating an old knob.
v. 1.62
date: 2005/03/13 10:52:52; author: dougb; state: Exp; lines: +19 -14
Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.
All users of BIND 9 are highly encouraged to upgrade to this version.
Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
FreeBSD.
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
v. 1.61
date: 2005/01/28 20:47:44; author: dougb; state: Exp; lines: +9 -1
Include a patch from ISC to deal with the following vulnerability:
Name: BIND: Self Check Failing [Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.
Workarounds:
Turn off dnssec validation (off by default) at the options/view level.
dnssec-enable no;
Active Exploits: None known
Bump PORTREVISION accordingly.
It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
v. 1.60
date: 2004/09/27 04:43:55; author: dougb; state: Exp; lines: +1 -1
The parens around the OSVERSION test were fatal for < 4.9, and did not
provide anything useful for newer systems, so remove them.
PR: ports/72118
Submitted by: Michel Lavondes
Approved by: portmgr (eik)
v. 1.59
date: 2004/09/24 04:03:31; author: dougb; state: Exp; lines: +23 -14
Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).
Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current
There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.
Approved by: portmgr (marcus)
v. 1.58
date: 2004/04/04 06:19:46; author: dougb; state: Exp; lines: +1 -2
The ringserver sites don't have the latest BIND 9.
Submitted by: fenner's distfile survey
v. 1.57
date: 2004/03/14 23:06:52; author: dougb; state: Exp; lines: +1 -2
DISTNAME is a slightly less painful way of dealing with wacky
version numbers.
v. 1.56
date: 2003/10/28 11:54:41; author: dougb; state: Exp; lines: +0 -1
I specifically stated that I did not want to bump portepoch for this port.
I realize that my error in version numbering previously caused some confusion
about 9.2.3 being a more up to date version than 9.2.3.4, but this will quickly
be resolved with the next version, and affected only a few users who installed
the release candidate. The portepoch change is permanent, and perpetuates a
silly kludge for no good reason.
Please do not change this again without discussing it with me.
v. 1.55
date: 2003/10/28 09:15:03; author: edwin; state: Exp; lines: +1 -0
Fix removal of the last digit in the version number issue.
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3
>
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3,1
<
v. 1.54
date: 2003/10/24 23:10:57; author: dougb; state: Exp; lines: +2 -2
Upgrade to the 9.2.3 release version
v. 1.53
date: 2003/10/02 19:18:54; author: dougb; state: Exp; lines: +2 -7
Unbreak(?) USE_OPENSSL support for people that don't have it in the base
Submitted by: A cast of thousands
v. 1.52
date: 2003/09/25 05:08:39; author: dougb; state: Exp; lines: +3 -3
Upgrade to version 9.2.3rc4.
The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.
The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.
v. 1.51
date: 2003/09/05 07:33:47; author: edwin; state: Exp; lines: +1 -1
Chase repocopies towards ports/dns
PR: ports/56020
Submitted by: Kimura Fuyuki
Approved by: portmgr
v. 1.50
date: 2003/09/05 04:54:32; author: edwin; state: Exp; lines: +1 -1
Massive repo-copies request: net->dns (partly devel->dns)
PR: ports/56020
Submitted by: Kimura Fuyuki
Approved by: portmgr
v. 1.49
date: 2003/06/07 22:56:34; author: dougb; state: Exp; lines: +2 -0
Display the new pkg-message after port build.
v. 1.48
date: 2003/03/04 09:44:15; author: dougb; state: Exp; lines: +3 -2
* Update to version 9.2.2, the latest from ISC. This version contains no
new features compared to 9.2.1, only bug fixes. Users of BIND 9 are
highly encouraged to upgrade.
* Switch to Makefile COMMENT
v. 1.47
date: 2003/01/26 08:42:01; author: dougb; state: Exp; lines: +25 -21
Upgrade to 9.2.2rc1. This version has been available for several months, and
is widely considered to be more stable than 9.2.1. I would have preferred
a -REL version, but better is better.
* Clean up the Makefile a little
* Just say no to threads
* Add the PORT_REPLACES_BASE magic, similar to the bind8 port
v. 1.46
date: 2002/08/01 09:23:06; author: ijliao; state: Exp; lines: +1 -1
typo
Submitted by: Kimura Fuyuki
v. 1.45
date: 2002/08/01 07:35:52; author: ijliao; state: Exp; lines: +2 -4
add MASTER_SITE_ISC (1) and apply them
PR: 41218
Submitted by: Kimura Fuyuki (1)
v. 1.44
date: 2002/05/22 05:22:31; author: dougb; state: Exp; lines: +3 -3
Update to the latest release version
v. 1.43
date: 2002/04/08 08:32:47; author: dougb; state: Exp; lines: +3 -3
Upgrade to 9.2.1rc2, the latest from ISC. Numerous bugs were fixed,
see /usr/local/share/doc/bind9/CHANGES after installation for details.
v. 1.42
date: 2002/03/17 19:09:09; author: dougb; state: Exp; lines: +9 -7
Fix PORTVERSION so that wacky things don't happen down the road.
In my previous commit I forgot to mention that 'pkg_add -r bind' is
only half the rationale for changing PORTNAME. The other half is so
that people who really want to can 'pkg_add -r bind9'.
v. 1.41
date: 2002/03/17 06:47:25; author: dougb; state: Exp; lines: +64 -26
Upgrade to the latest release candidate, 9.2.1rc1. Numerous 9.x bugs
are fixed in this version, however BIND 9 is still recommended only
for early adopters, and those that have time to closely monitor
their name service.
* Change PORTNAME to bind9 so that 'pkg_add -r bind' does the right thing
* Use the local version of openssl, and disable threads on all but
the most recent -current. Thread support is still considered experimental.
v. 1.40
date: 2001/08/15 |
| |
|