Commit Graph

16 Commits

Author SHA1 Message Date
dougb
6df9693fc1 Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
dougb
fb8cb3b3a3 Vendor import of BIND 9.3.4 2007-01-29 18:31:57 +00:00
dougb
b63477174b Remove from the vendor branch files that are no longer in the
9.3.3 sources.
2006-12-10 07:12:50 +00:00
dougb
f5d31f05bd Vendor import of BIND 9.3.3 2006-12-10 07:09:56 +00:00
dougb
4a3a088a0b Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):

Description:
        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
        CAN-2006-4339.
2006-11-04 07:53:25 +00:00
dougb
f79340e225 Vendor import of BIND 9.3.2-P1, which addresses the following security
vulnerabilities:

http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066.  [security]      Handle SIG queries gracefully. [RT #16300]

http://www.kb.cert.org/vuls/id/697164
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
2006-09-06 21:27:11 +00:00
dougb
84bc3de5bb Remove files from the vendor branch that are no longer present
in BIND 9.3.2 that were mistakenly removed from HEAD.
2006-01-14 02:11:56 +00:00
dougb
cfe23adacb After some discussion with the folks at ISC, it turns out that the _ai_pad
part of the structure was a hack to maintain binary compatibility with
Sun binaries, and my understanding is that it's not needed generally
on sparc systems running other operating systems. Therefore, hide this
code behind the same set of tests as in lib/bind/include/netdb.h.

This file is being imported on the vendor branch because a similar change
(or change with similar effect) will be in the next version of BIND 9.

This change will not affect other platforms in any way.
2006-01-04 19:18:43 +00:00
dougb
13e6e55147 Vendor import of BIND 9.3.2 2005-12-29 04:22:58 +00:00
dougb
9123af99f7 Update the vendor branch with a patch to this file that was
researched by glebius, and incorporated by ISC into the next
version of BIND. Unfortunately, it looks like their release
will come after the release of FreeBSD 6, so we will bring
this in now.

The patch addresses a problem with high-load resolvers which
hit memory barriers. Without this patch, running the resolving
name server out of memory would lead to "unpredictable results."

Of course, the canonical answer to this problem is to put more
memory into the system, however that is not always possible, and
the code should be able to handle this situation gracefully in
any case.
2005-08-18 18:39:31 +00:00
dougb
12fce141a0 Remove files from the vendor branch that were [re]moved in 9.3.1 2005-03-17 08:10:34 +00:00
dougb
6c00746d36 Vendor import of BIND 9.3.1 2005-03-17 08:04:02 +00:00
des
46172d5768 Vendor import of BIND 9.3.0. 2004-09-23 07:18:50 +00:00
cvs2svn
93363f29ef This commit was manufactured by cvs2svn to create branch 'VENDOR-bind9'. 2004-09-21 19:01:49 +00:00
trhodes
272f1870d5 Vendor import of BIND 9.3.0rc4.
These three files were missed in the original import because their names
contained the magic letters w, i and n in that sequence.
2004-09-19 18:34:53 +00:00
trhodes
06246360f7 Vender import of BIND 9.3.0rc4. 2004-09-19 01:30:24 +00:00