Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

bind-libs-9.8.1-4.2.2 RPM for i586

From OpenSuSE 12.1 for i586

Name: bind-libs Distribution: openSUSE 12.1
Version: 9.8.1 Vendor: openSUSE
Release: 4.2.2 Build date: Sat Oct 29 19:22:19 2011
Group: Development/Libraries/C and C++ Build host: build06
Size: 3091628 Source RPM: bind-9.8.1-4.2.2.src.rpm
Summary: Shared libraries of BIND
This package contains the shared libraries of the Berkeley Internet
Name Domain (BIND) Domain Name System implementation of the Domain Name
System (DNS) protocols.




BSD3c(or similar) ; MIT License (or similar)


* Wed Oct 26 2011
  - on a 64bit system a chrooted bind failed to start if 32bit
    libs were installed (bnc#716745)
* Fri Sep 30 2011
  - add libtool as buildrequire to make the spec file more reliable
* Sat Sep 17 2011
  - Remove redundant tags/sections from specfile
  - Use %_smp_mflags for parallel build
* Fri Sep 16 2011
  - very first restart can create broken chroot
* Mon Sep 05 2011
  * fixed SSL in chroot environment (bnc#715881)
* Mon Sep 05 2011
  * Added a new include file with function typedefs for the DLZ
    "dlopen" driver. [RT #23629]
    * Added a tool able to generate malformed packets to allow testing of
    how named handles them. [RT #24096]
    * The root key is now provided in the file bind.keys allowing DNSSEC
    validation to be switched on at start up by adding
    "dnssec-validation auto;" to named.conf. If the root key provided
    has expired, named will log the expiration and validation will not
    work. More information and the most current copy of bind.keys can
    be found at *Please note this feature
    was actually added in 9.8.0 but was not included in the 9.8.0
    release notes. [RT #21727]
    * If named is configured with a response policy zone (RPZ) and a
    query of type RRSIG is received for a name configured for RRset
    replacement in that RPZ, it will trigger an INSIST and crash the
    server. RRSIG. [RT #24280]
    * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    * Using Response Policy Zone (RPZ) to query a wildcard CNAME label
    with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
    query type independant. [RT #24715]
    * Using Response Policy Zone (RPZ) with DNAME records and querying
    the subdomain of that label can cause named to crash. Now logs that
    DNAME is not supported. [RT #24766]
    * Change #2912 populated the message section in replies to UPDATE
    requests, which some Windows clients wanted. This exposed a latent
    bug that allowed the response message to crash named. With this
    fix, change 2912 has been reduced to copy only the zone section to
    the reply. A more complete fix for the latent bug will be released
    later. [RT #24777]
    * many bugfixes (see CHANGELOG)
    * 9.8.1
* Wed Aug 31 2011
  - Fixed the ldapdump tool to also respect the "uri" setting in
    /etc/openldap/ldap.conf (bnc#710430)
* Tue Jul 05 2011
  * Using Response Policy Zone (RPZ) with DNAME records and querying
    the subdomain of that label can cause named to crash. Now logs that
    DNAME is not supported. [RT #24766]
    * If named is configured to be both authoritative and resursive and
    receives a recursive query for a CNAME in a zone that it is
    authoritative for, if that CNAME also points to a zone the server
    is authoritative for, the recursive part of name will not follow
    the CNAME change and the response will not be a complete CNAME
    chain. [RT #24455]
    * Using Response Policy Zone (RPZ) to query a wildcard CNAME label
    with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
    query type independant. [RT #24715] [CVE-2011-1907]
    * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. This was fixed by disambiguating internal database
    representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
    * 9.8.0-P4
* Tue Jun 07 2011
  - A large RRSET from a remote authoritative server that results in
    the recursive resolver trying to negatively cache the response can
    hit an off by one code error in named, resulting in named crashing.
    [RT #24650] [CVE-2011-1910]
  - Zones that have a DS record in the parent zone but are also listed
    in a DLV and won't validate without DLV could fail to validate. [RT
* Mon May 23 2011
  - Build with -DNO_VERSION_DATE to avoid timestamps in binaries.
* Thu May 19 2011
  - buildreq update-desktop-files for newer rpms
* Thu May 05 2011
  - The ADB hash table stores informations about which authoritative
    servers to query about particular domains
  - BIND now supports a new zone type, static-stub
  - BIND now supports Response Policy Zones
  - BIND 9.8.0 now has DNS64 support
  - Dynamically Loadable Zones (DLZ) now support dynamic updates.
  - Added a "dlopen" DLZ driver, allowing the creation of external DLZ
    drivers that can be loaded as shared objects at runtime rather than
    having to be linked with named
  - named now retains GSS-TSIG keys across restarts
  - There is a new update-policy match type "external".
  - bugfixes
  - version to 9.8.0
* Thu Feb 24 2011
  - fixed security issue
    VUL-0: bind: IXFR or DDNS update combined with high query rate
    DoS vulnerability (CVE-2011-0414 bnc#674431)
  - version to 9.7.3
* Wed Jan 05 2011
  - ifdef the sysvinit specific prereqs for openSUSE 11.4 and later
* Thu Dec 09 2010
  - fix bnc#656509 - direct mount of /proc in chroot
* Wed Dec 08 2010
  - prereq init scripts syslog and network
* Thu Dec 02 2010
  - fixed VUL-0: bind: Key algorithm rollover bug
    bnc#657102, CVE-2010-3614
  - fixed VUL-0: bind: allow-query processed incorrectly
    bnc#657120, CVE-2010-3615
  - fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type
    bnc#657129, CVE-2010-3613
* Tue Nov 23 2010
  - fixed return code of "rcnamed status"
  - added gssapi support
* Tue Oct 12 2010
  - Zones may be dynamically added and removed with the "rndc addzone"
    and "rndc delzone" commands. These dynamically added zones are
    written to a per-view configuration file. Do not rely on the
    configuration file name nor contents as this will change in a
    future release. This is an experimental feature at this time.
  - Added new "filter-aaaa-on-v4" access control list to select which
    IPv4 clients have AAAA record filtering applied.
  - A new command "rndc secroots" was added to dump a combined summary
    of the currently managed keys combined with statically configured
    trust anchors.
  - Added support to load new keys into managed zones without signing
    immediately with "rndc loadkeys". Added support to link keys with
    "dnssec-keygen -S" and "dnssec-settime -S".
  - Documentation improvements
  - ORCHID prefixes were removed from the automatic empty zone list.
  - Improved handling of GSSAPI security contexts. Specifically, better
    memory management of cached contexts, limited lifetime of a context
    to 1 hour, and added a "realm" command to nsupdate to allow
    selection of a non-default realm name.
  - The contributed tool "ztk" was updated to version 1.0.
  - version 9.7.1 to 9.7.2-P2
* Mon Jul 26 2010
  - chrooted bind failed to start (bnc#625019)
* Mon Jun 21 2010
  - genrandom: add support for the generation of multiple
  - Update empty-zones list to match
  - Incrementally write the master file after performing
    a AXFR.
  - Add AAAA address for L.ROOT-SERVERS.NET.
  - around 50 bugs fixed (see CHANGELOG for details)
  - version 9.7.1
* Thu May 20 2010
  - Handle broken DNSSEC trust chains better. [RT #15619]
  - Named could return SERVFAIL for negative responses
    from unsigned zones. [RT #21131
  - version 9.7.0-P2
* Sat May 01 2010
  - Handle /var/run on tmpfs.
  - do not use run_ldconfig.
* Wed Feb 24 2010
  - Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch
* Wed Feb 17 2010
  - Fully automatic signing of zones by "named".
  - Simplified configuration of DNSSEC Lookaside Validation (DLV).
  - Simplified configuration of Dynamic DNS, using the "ddns-confgen"
    command line tool or the "local" update-policy option.  (As a side
    effect, this also makes it easier to configure automatic zone
  - New named option "attach-cache" that allows multiple views to
    share a single cache.
  - DNS rebinding attack prevention.
  - New default values for dnssec-keygen parameters.
  - Support for RFC 5011 automated trust anchor maintenance
  - Smart signing: simplified tools for zone signing and key
  - The "statistics-channels" option is now available on Windows.
  - A new DNSSEC-aware libdns API for use by non-BIND9 applications
  - On some platforms, named and other binaries can now print out
    a stack backtrace on assertion failure, to aid in debugging.
  - A "tools only" installation mode on Windows, which only installs
    dig, host, nslookup and nsupdate.
  - Improved PKCS#11 support, including Keyper support and explicit
    OpenSSL engine selection.
  - version 9.7.0
* Wed Jan 20 2010
  - [security]  Do not attempt to validate or cache
      out-of-bailiwick data returned with a secure
      answer; it must be re-fetched from its original
      source and validated in that context. [RT #20819]
  - [security]  Cached CNAME or DNAME RR could be returned to clients
      without DNSSEC validation. [RT #20737]
  - [security]  Bogus NXDOMAIN could be cached as if valid. [RT #20712]
  - version 9.6.1-P3
* Mon Jan 04 2010
  - removed the syntax check for include files (bnc#567593)
* Tue Dec 15 2009
  - add baselibs.conf as a source
  - enable parallel building
  - add baselibs for SPARC
  - package documentation as noarch
* Wed Nov 25 2009
  - Security fix
    When validating, track whether pending data was from
    the additional section or not and only return it if
    validates as secure. [RT #20438]
  - update from P1 to P2
* Fri Nov 20 2009
  - added localhost for ipv6 to default config (bnc#539529)
* Wed Nov 18 2009
  - fixed apparmor profile (bnc#544181)
* Tue Nov 03 2009
  - updated patches to apply with fuzz=0
* Wed Sep 30 2009
  - using start_daemon instead of startproc (bnc#539532)
* Mon Aug 10 2009
  - version update to 9.6.1-P1
    (security fix CVE-2009-0696)
* Tue Jun 30 2009
  - enabled MySQL DLZ (Dynamically Loadable Zones)
* Tue Jun 16 2009
  - around 50 bugfixes against 9.6.0p1
    See changelog for details
  - version 9.6.1
* Thu Apr 09 2009
  - not all include files were copied into chroot (bnc#466800)
* Tue Mar 03 2009
  - /etc/named.conf does not include /etc/named.d/forwarders.conf
    by default (bnc#480334)



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 10 04:48:26 2015