[Oraclevm-errata] OVMSA-2020-0021 Important: Oracle VM 3.3 bind security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Jun 4 12:34:34 PDT 2020
Oracle VM Security Advisory OVMSA-2020-0021
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/bind-9.8.2-0.68.rc1.el6_10.7.src.rpm
Description of changes:
[32:9.8.2-0.68.rc1.7]
- Correct tests covering CVE-2020-8617
[32:9.8.2-0.68.rc1.6]
- Add additional fix to limit recursions
[32:9.8.2-0.68.rc1.5]
- Add CVE tests to codebase
[32:9.8.2-0.68.rc1.4]
- Limit number of queries triggered by a request (CVE-2020-8616)
- Fix invalid tsig request (CVE-2020-8617)
[32:9.8.2-0.68.rc1.3]
- Use only selected documentation files
[32:9.8.2-0.68.rc1.2]
- Fix CVE-2018-5743
[32:9.8.2-0.68.rc1.1]
- Fix CVE-2018-5740
[32:9.8.2-0.68.rc1]
- Fix CVE-2017-3145
[32:9.8.2-0.67.rc1]
- Change EDNS flags only after successful query (#1416035)
- Fix crash in ldap driver at bind-sdb stop (#1426626)
[32:9.8.2-0.66.rc1]
- Fix CVE-2017-3142 and CVE-2017-3143
[32:9.8.2-0.65.rc1]
- Update root servers and trust anchors
[32:9.8.2-0.64.rc1]
- Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391)
[32:9.8.2-0.63.rc1]
- Fix CVE-2017-3136 (ISC change 4575)
- Fix CVE-2017-3137 (ISC change 4578)
[32:9.8.2-0.62.rc1]
- Fix and test caching CNAME before DNAME (ISC change 4558)
[32:9.8.2-0.61.rc1]
- Fix CVE-2016-9147 (ISC change 4510)
- Fix regression introduced by CVE-2016-8864 (ISC change 4530)
[32:9.8.2-0.60.rc1]
- Restore SELinux contexts before named restart
[32:9.8.2-0.59.rc1]
- Use /lib or /lib64 only if directory in chroot already exists
- Tighten NSS library pattern, escape chroot mount path
[32:9.8.2-0.58.rc1]
- Fix CVE-2016-8864
[32:9.8.2-0.57.rc1]
- Do not change lib permissions in chroot (#1321239)
- Support WKS records in chroot (#1297562)
[32:9.8.2-0.56.rc1]
- Do not include patch backup in docs (fixes #1325081 patch)
[32:9.8.2-0.55.rc1]
- Backported relevant parts of [RT #39567] (#1259923)
[32:9.8.2-0.54.rc1]
- Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)
[32:9.8.2-0.53.rc1]
- Fix multiple realms in nsupdate script like upstream (#1313286)
[32:9.8.2-0.52.rc1]
- Fix multiple realm in nsupdate script (#1313286)
[32:9.8.2-0.51.rc1]
- Use resolver-query-timeout high enough to recover all forwarders
(#1325081)
[32:9.8.2-0.50.rc1]
- Fix CVE-2016-2848
[32:9.8.2-0.49.rc1]
- Fix infinite loop in start_lookup (#1306504)
[32:9.8.2-0.48.rc1]
- Fix CVE-2016-2776
[32:9.8.2-0.47.rc1]
- Fix CVE-2016-1285 and CVE-2016-1286
[32:9.8.2-0.46.rc1]
- Fix CVE-2015-8704
[32:9.8.2-0.45.rc1]
- Updated named.ca hints file to the latest version (#1267991)
[32:9.8.2-0.44.rc1]
- Fix CVE-2015-8000
[32:9.8.2-0.43.rc1]
- Fix excessive queries caused by DS chasing with stub zones when DNSSEC
is not used (#1227189)
- Added the fixed tarball with configuration to Sources (Related: #1223359)
[32:9.8.2-0.42.rc1]
- Don't use ISC's DLV by default (#1223359)
[32:9.8.2-0.41.rc1]
- Added support for CAA records (#1252611)
[32:9.8.2-0.40.rc1]
- Fix CVE-2015-5722
[32:9.8.2-0.39.rc1]
- Fix CVE-2015-5477
[32:9.8.2-0.38.rc1]
- Fix CVE-2015-4620
[32:9.8.2-0.37.rc1]
- Resolves: 1215687 - DNS resolution failure in high load environment with
SERVFAIL and "out of memory/success" in the log
[32:9.8.2-0.36.rc1]
- Fix CVE-2015-1349
[32:9.8.2-0.35.rc1]
- Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476)
[32:9.8.2-0.34.rc1]
- Fix race condition when using isc__begin_beginexclusive (#1175321)
[32:9.8.2-0.33.rc1]
- Sanitize SDB API to better handle database errors (#1146893)
[32:9.8.2-0.32.rc1]
- Fix CVE-2014-8500 (#1171974)
[32:9.8.2-0.31.rc1]
- Fix RRL slip behavior when set to 1 (#1112356)
- Fix issue causing bind to hang after reload if using DYNDB (#1142152)
[32:9.8.2-0.30.rc1]
- Use /dev/urandom when generating rndc.key file (#951255)
[32:9.8.2-0.29.rc1]
- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035
[32:9.8.2-0.28.rc1]
- Add support for TLSA resource records (#956685)
- Increase defaults for lwresd workers and make workers and client
objects number configurable (#1092035)
[32:9.8.2-0.27.rc1]
- Fix segmentation fault in nsupdate when -r option is used (#1064045)
- Fix race condition on send buffer in host tool when sending UDP query
(#1008827)
- Allow authentication using TSIG in allow-notify configuration
statement (#1044545)
- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)
- Include updated named.ca file with root server addresses (#917356)
- Don't generate rndc.key if there is rndc.conf on start-up (#997743)
- Fix dig man page regarding how to disable IDN (#1023045)
- Handle ICMP Destination unreachable (Protocol unreachable) response
(#1066876)
[32:9.8.2-0.26.rc1]
- Configure BIND with --with-dlopen=yes to support dynamically loadable
DLZ drivers (#846065)
- Fix initscript to return correct exit value when calling
checkconfig/configtest/check/test (#848033)
- Don't (un)mount chroot filesystem when running initscript command
configtest with running server (#851123)
- Fix zone2sqlite tool to accept zones containing "." or "-" or starting
with a digit (#919414)
- Fix initscript not to mount chroot filesystem is named is already
running (#948743)
- Fix initscript to check if the PID in PID-file is really s PID of
running named server (#980632)
- Correct the installed documentation ownership (#1051283)
[32:9.8.2-0.25.rc1]
- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4
option (#1025008)
- Fix race condition when destroying a resolver fetch object (#993612)
- Fix the RRL functionality to include referrals-per-second and
nodata-per-second options (#1036700)
- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)
[32:9.8.2-0.24.rc1]
- Fix CVE-2014-0591
[32:9.8.2-0.23.rc1]
- Fix gssapictx memory leak (#911167)
[32:9.8.2-0.22.rc1]
- fix CVE-2013-4854
[32:9.8.2-0.21.rc1]
- fix CVE-2013-2266
- ship dns/rrl.h in -devel subpkg
[32:9.8.2-0.20.rc1]
- remove one bogus file from /usr/share/doc, introduced by RRL patch
[32:9.8.2-0.19.rc1]
- fix CVE-2012-5689
[32:9.8.2-0.18.rc1]
- add response rate limit patch (#873624)
[32:9.8.2-0.17.rc1]
- fix CVE-2012-5688
[32:9.8.2-0.16.rc1]
- initscript: silence spurious "named.pid: No such file" error
[32:9.8.2-0.15.rc1]
- fix CVE-2012-5166
[32:9.8.2-0.14.rc1]
- allow forward{,ers} statement in static-stub zones
[32:9.8.2-0.13.rc1]
- fix CVE-2012-4244
[32:9.8.2-0.12.rc1]
- fix CVE-2012-3817
[32:9.8.2-0.11.rc1]
- fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165)
[32:9.8.2-0.10.rc1]
- fix CVE-2012-1667
[32:9.8.2-0.9.rc1]
- fix race condition in the resolver module
- nslookup: return non-zero exit code when fail to get answer (#816164)
[32:9.8.2-0.8.rc1]
- initscript: don't umount /var/named when didn't mount it
[32:9.8.2-0.7.rc1]
- don't fail when logfile cannot be opened (#809084)
[32:9.8.2-0.6.rc1]
- fix multilib regression in bind-devel (#800053)
[32:9.8.2-0.5.rc1]
- fix errors reported by Coverity
- be more strict when caching NS RRsets (CVE-2012-1033)
[32:9.8.2-0.4.rc1]
- load dynamic-db plugins later (#795414)
[32:9.8.2-0.3.rc1]
- decrease severity of various errors related to outside DNS environment
(#788870)
- fixed various bind-chroot packaging errors (#789886)
- use portreserve to reserve rndc control port (#790682)
[32:9.8.2-0.2.rc1]
- harden dns_zone_setmasterswithkeys() to avoid INSIST failures
- build with '--enable-fixed-rrset'
- fix potential memory leak in code which processes rndc authentication
(#749582)
- generate rndc.key during `service named start` (#768798)
- nslookup: improve handling of AA responses with recursion off
- removed obsolete bind97-rh714049.patch patch
[32:9.8.2-0.1.rc1]
- update to 9.8.2rc1
- patches merged
- bind97-rh754398.patch
- bind97-rh700097.patch
- bind97-rh734502.patch
- bind97-rh746694-1.patch
- bind97-rh746694-2.patch
- bind97-rh739406-1.patch
- bind97-rh739406-2.patch
- ship DNSKEY for root zone in default configuration
[32:9.7.3-10.P3]
- disable atomic ops on ppc* because they caused named to hang/crash
[32:9.7.3-9.P3]
- fix race condition in resolver.c:validated()
- improve error handling in zone.c:zone_refreshkeys() to avoid
hang during shutdown
[32:9.7.3-8.P3]
- fix DOS against recursive servers (#754398)
[32:9.7.3-7.P3]
- fix memory leak in nsupdate when using SIG(0) keys
[32:9.7.3-6.P3]
- load/unload dyndb plugins on appropriate places to avoid crashes (#725577)
- nsupdate could have failed if server has multiple IPs and the first
was unreachable (#714049)
- nsupdate returned zero when target zone didn't exist (#700097)
- readd configtest target to initscript
- print "the working directory is not writable" as debug message
- fix some Coverity warnings
[32:9.7.3-5.P3]
- fix rare race condition in request.c
[32:9.7.3-4.P3]
- update to 9.7.3-P3 (CVE-2011-2464)
[32:9.7.3-3.P1]
- update to 9.7.3-P1 (CVE-2011-1910)
[32:9.7.3-2]
- don't generate rndc.key during installation
[32:9.7.3-1]
- update to 9.7.3 (CVE-2011-0414)
- patches merged
- bind97-gsstsig.patch
- bind97-rh664401.patch
- bind97-rh623638.patch
[32:9.7.2-8.P3]
- regenerate fixed nsupdate manual page
[32:9.7.2-7.P3]
- improve host/dig resolv.conf parser (#rh669163)
- improve internal test suite
- don't mention that HMAC-MD5 is the only one TSIG algorighm
in nsupdate manpage
- initscript: sybsys name is always named, not named-sdb
[32:9.7.2-6.P3]
- named could die on exit after negotiating a GSS-TSIG key (#653486)
- fix typo in initscript
[32:9.7.2-5.P3]
- include root zone DNSKEY in the bind package (#667375)
[32:9.7.2-4.P3]
- solve conflict between i686 and x86_64 bind-devel packages (#658045)
- fix "service named status" when used with named-sdb
- fix "krb5-self" update-policy rule processing (#664401)
- don't check MD5, size and mtime of sysconfig/named
[32:9.7.2-3.P3]
- use same atomic operations on both ppc and ppc64 (#623638)
- add new option DISABLE_ZONE_CHECKING to sysconfig/named (#623673)
- document dig exit codes
- add Requires: bind-libs to bind subpkgs
- remove statement about system-config-bind from named.8 manpage (#660676)
[32:9.7.2-2.P3]
- host utility now honors "attempts", "timeout" and "debug" options in
resolv.conf (#622764)
- initscript should kill only the "correct" named process (#622785)
- attempt to reconnect to PostgreSQL during each query if the initial
connection failed (#623190)
[32:9.7.2-1.P3]
- update to 9.7.2-P3 (#623122)
- patch bind97-managed-keyfile.patch replaced by bind97-compat-keysdir.patch
- patches merged
- bind97-rh554316.patch
- bind97-rh576906.patch
[32:9.7.0-5.P2]
- update to 9.7.0-P2
[32:9.7.0-4.P1]
- fix occassional crash on keytable.c:286 (#554316)
- active query might be destroyed in resume_dslookup() which triggered
REQUIRE
failure (#507429)
[32:9.7.0-3.P1]
- update to 9.7.0-P1 release
[32:9.7.0-2]
- improve automatic DNSSEC reconfiguration trigger
- initscript now returns 2 in case that action doesn't exist (#523435)
- enable/disable chroot when bind-chroot is installed/uninstalled
[32:9.7.0-1]
- update to production 9.7.0 release
[32:9.7.0-0.14.rc2]
- obsolete dnssec-conf
- automatically update configuration from old dnssec-conf based
- improve default configuration; enable DLV by default
- remove obsolete triggerpostun from bind-libs subpackage
[32:9.7.0-0.13.rc2]
- update to 9.7.0rc2 bugfix release (CVE-2010-0097 and CVE-2010-0290)
[32:9.7.0-0.12.rc1]
- initscript LSB related fixes (#523435)
- revert the "DEBUG" feature (#510283), it causes too many problems
(#545128)
[32:9.7.0-0.11.rc1]
- disable PKCS11 support. PKCS11 support in openssl is not available in
RHEL6
[32:9.7.0-0.10.rc1]
- update to 9.7.0rc1
- bind97-headers.patch merged
- update default configuration
[32:9.7.0-0.9.b3]
- update to 9.7.0b3
[32:9.7.0-0.8.b2]
- install isc/namespace.h header
[32:9.7.0-0.7.b2]
- update to 9.7.0b2
[32:9.7.0-0.6.b1]
- update to 9.7.0b1
- add bind-pkcs11 subpackage to support PKCS11 compatible keystores for
DNSSEC
keys
[32:9.7.0-0.5.a3]
- don't package named-bootconf utility, it is very outdated and unneeded
[32:9.7.0-0.4.a3]
- determine file size via `stat` instead of `ls` (#523682)
[32:9.7.0-0.3.a3]
- update to 9.7.0a3
[32:9.7.0-0.2.a2]
- improve chroot related documentation (#507795)
- add NetworkManager dispatcher script to reload named when network
interface is
activated/deactivated (#490275)
- don't set/unset named_write_master_zones SELinux boolean every time in
initscript, modify it only when it's actually needed
[32:9.7.0-0.1.a2]
- update to 9.7.0a2
- merged patches
- bind-96-db_unregister.patch
- bind96-rh507469.patch
[32:9.6.1-9.P1]
- next attempt to fix the postun trigger (#520385)
- remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch
[32:9.6.1-8.P1]
- rebuilt with new openssl
[32:9.6.1-7.P1]
- update the patch for dynamic loading of database backends
[32:9.6.1-6.P1]
- 9.6.1-P1 release (CVE-2009-0696)
- fix postun trigger (#513016, hopefully)
[32:9.6.1-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[32:9.6.1-4]
- remove useless bind-9.3.3rc2-rndckey.patch
[32:9.6.1-3]
- fix broken symlinks in bind-libs (#509635)
- fix typos in /etc/sysconfig/named (#509650)
- add DEBUG option to /etc/sysconfig/named (#510283)
[32:9.6.1-2]
- improved "chroot automount" patches (#504596)
- host should fail if specified server doesn't respond (#507469)
[32:9.6.1-1]
- 9.6.1 release
- simplify chroot maintenance. Important files and directories are
mounted into
chroot (see /etc/sysconfig/named for more info, #504596)
- fix doc/named.conf.default perms
[32:9.6.1-0.4.rc1]
- 9.6.1rc1 release
[32:9.6.1-0.3.b1]
- update the patch for dynamic loading of database backends
- create %{_libdir}/bind directory
- copy default named.conf to doc directory, shared with s-c-bind (atkac)
[32:9.6.1-0.2.b1]
- update the patch for dynamic loading of database backends
- fix dns_db_unregister()
- useradd now takes "-N" instead of "-n" (atkac, #495726)
- print nicer error msg when zone file is actually a directory (atkac,
#490837)
[32:9.6.1-0.1.b1]
- 9.6.1b1 release
- patches merged
- bind-96-isc_header.patch
- bind-95-rh469440.patch
- bind-96-realloc.patch
- bind9-fedora-0001.diff
- use -version-number instead of -version-info libtool param
[32:9.6.0-11.1.P1]
- logrotate configuration file now points to /var/named/data/named.run by
default (#489986)
[32:9.6.0-11.P1]
- fall back to insecure mode when no supported DNSSEC algorithm is found
instead of SERVFAIL
- don't fall back to non-EDNS0 queries when DO bit is set
[32:9.6.0-10.P1]
- enable DNSSEC only if it is enabled in sysconfig/dnssec
[32:9.6.0-9.P1]
- add DNSSEC support to initscript, enabled it per default
- add requires dnssec-conf
[32:9.6.0-8.P1]
- fire away libbind, it is now separate package
[32:9.6.0-7.P1]
- fixed some read buffer overflows (upstream)
[32:9.6.0-6.P1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[32:9.6.0-5.P1]
- update the patch for dynamic loading of database backends
- include iterated_hash.h
[32:9.6.0-4.P1]
- rebuild for dependencies
[32:9.6.0-3.P1]
- rebuild against new openssl
[32:9.6.0-2.P1]
- 9.6.0-P1 release (CVE-2009-0025)
[32:9.6.0-1]
- Happy new year
- 9.6.0 release
[32:9.6.0-0.7.rc2]
- 9.6.0rc2 release
- bind-96-rh475120.patch merged
[32:9.6.0-0.6.rc1]
- add patch for dynamic loading of database backends
[32:9.6.0-0.5.1.rc1]
- allow to reuse address for non-random query-source ports (#475120)
[32:9.6.0-0.5.rc1]
- 9.6.0rc1 release
- patches merged
- bind-9.2.0rc3-varrun.patch
- bind-95-sdlz-include.patch
- bind-96-libxml2.patch
- fixed rare use-after-free problem in host utility (#452060)
- enabled chase of DNSSEC signature chains in dig
[32:9.6.0-0.4.1.b1]
- improved sample config file (#473586)
[32:9.6.0-0.4.b1]
- reverted previous change, koji doesn't like it
[32:9.6.0-0.3.b1]
- build bind-chroot as noarch
[32:9.6.0-0.2.1.b1]
- updates due libtool 2.2.6
- don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources
[32:9.6.0-0.2.b1]
- make statistics http server working, patch backported from 9.6 HEAD
[32:9.6.0-0.1.b1]
- 9.6.0b1 release
- don't build ODBC and Berkeley DB DLZ drivers
- end of bind-chroot-admin script, copy config files to chroot manually
- /proc doesn't have to be mounted to chroot
- temporary use libbind from 9.5 series, noone has been released for 9.6 yet
[32:9.5.1-0.8.4.b2]
- dig/host: use only IPv4 addresses when -4 option is specified (#469440)
[32:9.5.1-0.8.2.b2]
- removed unneeded bind-9.4.1-ldap-api.patch
[32:9.5.1-0.8.1.b2]
- ship dns/{s,}dlz.h and isc/radix.h in bind-devel
[32:9.5.1-0.8.b2]
- removed bind-9.4.0-dnssec-directory.patch, it is wrong
[32:9.5.1-0.7.b2]
- 9.5.1b2 release
- patches merged
- bind95-rh454783.patch
- bind-9.5-edns.patch
- bind95-rh450995.patch
- bind95-rh457175.patch
[32:9.5.1-0.6.b1]
- IDN output strings didn't honour locale settings (#461409)
[32:9.5.1-0.5.b1]
- disable transfer stats on DLZ zones (#454783)
[32:9.5.1-0.4.b1]
- add forgotten patch for #457175
- build with -O2
[32:9.5.1-0.3.b1]
- static libraries are no longer supported
- IP acls weren't merged correctly (#457175)
- use fPIE on sparcv9/sparc64 (Dennis Gilmore)
- add sparc64 to list of 64bit arches in spec (Dennis Gilmore)
[32:9.5.1-0.2.b1]
- updated patches due new rpm (--fuzz=0 patch parameter)
[32:9.5.1-0.1.1.b1]
- use %patch0 for Patch0 (#455061)
- correct source address (#455118)
[32:9.5.1-0.1.b1]
- 9.5.1b1 release (CVE-2008-1447)
- dropped bind-9.5-recv-race.patch because upstream doesn't want it
[32:9.5.0-37.1]
- update default named.conf statements (#452708)
[32:9.5.0-37]
- some compat changes to fix building on RHEL4
[32:9.5.0-36.3]
- fixed typo in %posttrans script
[32:9.5.0-36.2]
- parse inner acls correctly (#450995)
[32:9.5.0-36.1]
- removed dns-keygen utility in favour of rndc-confgen -a (#449287)
- some minor sample fixes (#449274)
[32:9.5.0-36]
- updated to 9.5.0 final
- use getifaddrs to find available interfaces
[32:9.5.0-35.rc1]
- make /var/run/named writable by named (#448277)
- fixed one non-utf8 file
[32:9.5.0-34.rc1]
- fixes needed to pass package review (#225614)
[32:9.5.0-33.1.rc1]
- bind-chroot now depends on bind (#446477)
[32:9.5.0-33.rc1]
- updated to 9.5.0rc1
- merged patches
- bind-9.5-libcap.patch
- make binaries readable by others (#427826)
[32:9.5.0-32.b3]
- reverted "any" patch, upstream says not needed
- log EDNS failure only when we really switch to plain EDNS (#275091)
- detect configuration file better
[32:9.5.0-31.1.b3]
- addresses 0.0.0.0 and ::0 really match any (#275091, comment #28)
[32:9.5.0-31.b3]
- readded bind-9.5-libcap.patch
- added bind-9.5-recv-race.patch from F8 branch (#400461)
[32:9.5.0-30.1.b3]
- build Berkeley DB DLZ backend
[32:9.5.0-30.b3]
- 9.5.0b3 release
- dropped patches (upstream)
- bind-9.5-transfer-segv.patch
- bind-9.5-mudflap.patch
- bind-9.5.0-generate-xml.patch
- bind-9.5-libcap.patch
[32:9.5.0-29.3.b2]
- fixed named.conf.sample file (#437569)
[32:9.5.0-29.2.b2]
- fixed URLs
[32:9.5.0-29.1.b2]
- BuildRequires cleanup
[32:9.5.0-29.b2]
- rebuild without mudflap (#434159)
[32:9.5.0-28.b2]
- port named to use libcap library, enable threads (#433102)
- removed some unneeded Requires
[32:9.5.0-27.b2]
- removed conditional build with libefence (use -fmudflapth instead)
- fixed building of DLZ stuff (#432497)
- do not build Berkeley DB DLZ backend
- temporary build with --disable-linux-caps and without threads (#433102)
- update named.ca file to affect IPv6 changes in root zone
[32:9.5.0-26.b2]
- build with -D_GNU_SOURCE (#431734)
- improved fix for #253537, posttrans script is now used
- improved fix for #400461
- 9.5.0b2
- bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch
- only named, named-sdb and lwresd are PIE
- bind-9.5-sdb.patch has been updated
- bind-9.5-libidn.patch has been updated
- bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch
- removed bind-9.5-gssapi-header.patch (upstream)
- removed bind-9.5-CVE-2008-0122.patch (upstream)
- removed bind-9.2.2-nsl.patch
- improved sdb_tools Makefile.in
[32:9.5.0-25.b1]
- fixed segfault during sending notifies (#400461)
- rebuild with gcc 4.3 series
[32:9.5.0-24.b1]
- removed bind-9.3.2-prctl_set_dumpable.patch (upstream)
- allow parallel building of libdns library
- CVE-2008-0122
[32:9.5.0-23.b1]
- fixed initscript wait loop (#426382)
- removed dependency on policycoreutils and libselinux (#426515)
[32:9.5.0-22.b1]
- fixed regression caused by libidn2 patch (#426348)
[32:9.5.0-21.b1]
- fixed typo in post section (CVE-2007-6283)
[32:9.5.0-20.b1]
- removed obsoleted triggers
- CVE-2007-6283
[32:9.5.0-19.2.b1]
- added dst/gssapi.h to -devel subpackage (#419091)
- improved fix for (#417431)
[32:9.5.0-19.1.b1]
- fixed shutdown with initscript when rndc doesn't work (#417431)
- fixed IDN patch (#412241)
[32:9.5.0-19.b1]
- 9.5.0b1 (#405281, #392491)
[32:9.5.0-18.6.a7]
- Rebuild for deps
[32:9.5.0-18.5.a7]
- build with -O0
[32:9.5.0-18.4.a7]
- bind-9.5-random_ports.patch was removed because upstream doesn't
like it. query-source{,v6} options are sufficient (#391931)
- bind-chroot-admin called restorecon on /proc filesystem (#405281)
[32:9.5.0-18.3.a7]
- removed edns patch to keep compatibility with vanilla bind
(#275091, comment #20)
[32:9.5.0-18.2.a7]
- use system port selector instead ISC's (#391931)
[32:9.5.0-18.a7]
- removed statement from initscript which passes -D to named
[32:9.5.0-17.a7]
- 9.5.0a7
- dropped patches (upstream)
- bind-9.5-update.patch
- bind-9.5-pool_badfree.patch
- bind-9.5-_res_errno.patch
[32:9.5.0-16.5.a6]
- added bind-sdb again, contains SDB modules and DLZ modules
- bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch
[32:9.5.0-16.4.a6]
- removed Requires: openldap, postgresql, mysql, db4, unixODBC
- new L.ROOT-SERVERS.NET address
[32:9.5.0-16.3.a6]
- completely disable DBUS
[32:9.5.0-16.2.a6]
- minor cleanup in bind-chroot-admin
[32:9.5.0-16.1.a6]
- fixed typo in initscript
[32:9.5.0-16.a6]
- disabled DBUS (dhcdbd doesn't exist & #339191)
[32:9.5.0-15.1.a6]
- fixed missing va_end () functions (#336601)
- fixed memory leak when dbus initialization fails
[32:9.5.0-15.a6]
- corrected named.5 SDB statement (#326051)
[32:9.5.0-14.a6]
- added edns patch again (#275091)
[32:9.5.0-13.a6]
- removed bind-9.3.3-edns.patch patch (see #275091 for reasons)
[32:9.5.0-12.4.a6]
- build with O2
- removed "autotools" patch
- bugfixing in bind-chroot-admin (#279901)
[32:9.5.0-12.a6]
- bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are
obsoleted by upstream bind-9.5-_res_errno.patch
[32:9.5.0-11.9.a6]
- fixed wrong resolver's dispatch pool cleanup (#275011, patch from
tmraz redhat com)
[32:9.5.0-11.3.a6]
- initscript failure message is now printed correctly (#277981,
Quentin Armitage (quentin armitage org uk) )
[32:9.5.0-11.2.a6]
- temporary revert ISC 2119 change and add "libbind-errno" patch
(#254501) again
[32:9.5.0-11.1.a6]
- removed end dots from Summary sections (skasal at redhat.com)
- fixed wrong file creation by autotools patch (skasal at redhat.com)
[32:9.5.0-11.a6]
- start using --disable-isc-spnego configure option
- remove bind-9.5-spnego-memory_management.patch (source isn't
compiled)
[32:9.5.0-10.2.a6]
- added new initscript option KEYTAB_FILE which specified where
is located kerberos .keytab file for named service
- obsolete temporary bind-9.5-spnego-memory_management.patch by
bind-9.5-gssapictx-free.patch which conforms BIND coding standards
(#251853)
[32:9.5.0-10.a6]
- dropped direct dependency to /etc/openldap/schema directory
- changed hardcoded paths to macros
- fired away code which configure LDAP server
[32:9.5.0-9.1.a6]
- named could crash with SRV record UPDATE (#251336)
[32:9.5.0-9.a6]
- disable 64bit dlz driver patch on alpha and ia64 (#251298)
- remove wrong malloc functions from lib/dns/spnego.c (#251853)
[32:9.5.0-8.2.a6]
- changed licence from BSD-like to ISC
[32:9.5.0-8.1.a6]
- disabled named on all runlevels by default
[32:9.5.0-8.a6]
- minor next improvements on autotools patch
- dig and host utilities now using libidn instead idnkit for
IDN support
[32:9.5.0-7.a6]
- binutils/gcc bug rebuild (#249435)
[32:9.5.0-6.a6]
- updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and
CVE-2007-2926
- fixed building on 64bits
[31:9.5.0a5-5]
- integrated "autotools" patch for testing purposes (upstream will
accept it in future, for easier building)
[31:9.5.0a5-4.1]
- fixed DLZ drivers building on 64bit systems
[31:9.5.0a5-4]
- fixed relation between logrotated and chroot-ed named
[31:9.5.0a5-3.9]
- removed bind-sdb package (default named has compiled SDB backend now)
- integrated DLZ (Dynamically loadable zones) drivers
- integrated GSS-TSIG support (RFC 3645)
- build with -O0 (many new features, potential core dumps will be more
useful)
[31:9.5.0a5-3.2]
- initscript should be ready for parallel booting (#246878)
[31:9.5.0a5-3]
- handle integer overflow in isc_time_secondsastimet function gracefully
(#247856)
[31:9.5.0a5-2.2]
- moved chroot configfiles into chroot subpackage (#248306)
[31:9.5.0a5-2]
- minor changes in default configuration
- fix h_errno assigment during resolver initialization (unbounded
recursion, #245857)
- removed wrong patch to #150288
[31:9.5.0a5-1]
- updated to latest upstream
[31:9.4.1-7]
- marked caching-nameserver as obsolete (#244604)
- fixed typo in initscript (causes that named doesn't detect NetworkManager
correctly)
- next cleanup in configuration - moved configfiles into config.tar
- removed delay between start & stop in restart function in named.init
[31:9.4.1-6]
- major changes in initscript. Could be LSB compatible now
- removed caching-nameserver subpackage. Move configs from this
package to main bind package as default configuration and major
configuration cleanup
[31:9.4.1-5]
- very minor compatibility change in bind-chroot-admin (line 215)
- enabled IDN support by default and don't distribute IDN libraries
- specfile cleanup
- add dynamic directory to /var/named. This directory will be primarily
used for
dynamic DNS zones. ENABLE_ZONE_WRITE and SELinux's
named_write_master_zones no longer exist
[31:9.4.1-4]
- removed ldap-api patch and start using deprecated API
- fixed minor problem in bind-chroot-admin script (#241103)
[31:9.4.1-3]
- fixed bind-chroot-admin dynamic DNS handling (#239149)
- updated zone-freeze patch to latest upstream
- ldap sdb has been rewriten to latest api (#239802)
[31:9.4.1-2.fc7]
- test build on new build system
[31:9.4.1-1.fc7]
- updated to 9.4.1 which contains fix to CVE-2007-2241
[31:9.4.0-8.fc7]
- improved "zone freeze patch" - if multiple zone with same name exists
no zone is freezed
- minor cleanup in caching-nameserver's config file
- fixed race-condition in dbus code (#235809)
- added forgotten restorecon statement in bind-chroot-admin
[31:9.4.0-7.fc7]
- removed DEBUGINFO option because with this option (default) was bind
builded with -O0 and without this flag no debuginfo package was produced.
(I want faster bind => -O2 + debuginfo)
- fixed zone finding (#236426)
[31:9.4.0-6.fc7]
- added idn support (still under development with upstream, disabled by
default)
[31:9.4.0-5.fc7]
- dnssec-signzone utility now doesn't ignore -d parameter
[31:9.4.0-4.fc7]
- removed query-source[-v6] options from caching-nameserver config
(#209954, increase security)
- throw away idn. It won't be ready in fc7
[31:9.4.0-3.fc7]
- prepared bind to merge review
- added experimental idn support to bind-utils utils (not enabled by
default yet)
- change chroot policy in caching-nameserver post section
- fixed bug in bind-chroot-admin - rootdir function is called properly now
[31:9.4.0-2.fc7]
- added experimental SQLite support (written by John Boyd
<jaboydjr at netwalk.com>)
- moved bind-chroot-admin script to chroot package
- bind-9.3.2-redhat_doc.patch is always applied (#231738)
[31:9.4.0-1.fc7]
- updated to 9.4.0
- bind-chroot-admin now sets EAs correctly (#213926)
- throw away next_server_on_referral and no_servfail_stops patches
(fixed in 9.4.0)
[31:9.3.4-7.fc7]
- minor cleanup in bind-chroot-admin script
[31:9.3.4-6.fc7]
- fixed broken bind-chroot-admin script (#227995)
[31:9.3.4-5.fc7]
- bind-chroot-admin now uses correct chroot path (#227600)
[31:9.3.4-4.fc7]
- fixed conflict between bind-sdb and ldap
- removed duplicated bind directory in bind-libs
[31:9.3.4-3.fc7]
- fixed building without libbind
- fixed post section (selinux commands is now in if-endif statement)
- prever macro has been removed from version
[31:9.3.4-2.fc7]
- redirected output from bind-chroot prep and %preun stages to /dev/null
[31:9.3.4-1.fc7]
- updated to version 9.3.4 which contains security bugfixes
[31:9.3.3-5.fc7]
- package bind-libbind-devel has been marked as obsolete
[31:9.3.3-4.fc7]
- package bind-libbind-devel has beed removed (libs has been moved to
bind-devel & bind-libs)
- Resolves: #214208
[31:9.3.3-3]
- fixed a multi-lib issue
- Resolves: rhbz#222717
[31:9.3.3-2]
- added namedGetForwarders written in shell (#176100),
created by Baris Cicek <baris at nerd.com.tr>.
[31:9.3.3-1]
- update to 9.3.3 final
- fix for #219069: file included twice in src.rpm
[31:9.3.3-0.1.rc3]
- added back an interval to restart
- renamed package, it should meet the N-V-R criteria
- fix for #216185: bind-chroot-admin able to change root mode 750
- added fix from #215997: incorrect permissions on dnszone.schema
- added a notice to init script when /etc/named.conf doesn't exist (#216075)
[30:9.3.3-6]
- fix for #200465: named-checkzone and co. cannot be run as non-root user
- fix for #212348: chroot'd named causes df permission denied error
- fix for #211249, #211083 - problems with stopping named
- fix for #212549: init script does not unmount /proc filesystem
- fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1,
added edns-enable options to named configuration file which can suppress
EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options)
- fix for #212961: bind-chroot doesn't clean up its mess on %preun
- update to 9.3.3rc3, removed already merged patches
[30:9.3.3-5]
- fix for #209359: bind-libs from compatlayer CD will not
install on ia64
[30:9.3.3-4]
- added fix for #210096: warning: group named does not exist - using root
[30:9.3.3-3]
- added fix from #209400 - Bind Init Script does not create
the PID file always, created by Jeff Means
- added timeout to stop section of init script.
The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT
shell variable.
[30:9.3.3-2]
- removed chcon from %post script, replaced by restorecon
(Bug 202547, comment no. 37)
[30:9.3.3-1]
- updated to the latest upstream (9.3.3rc2)
[30:9.3.2-41]
- added upstream patch for correct SIG handling - CVE-2006-4095
[30:9.3.2-40]
- suppressed messages from bind-chroot-admin
- cleared notes about bind-config
[30:9.3.2-39]
- added fix for #203522 - "bind-chroot-admin -e" command fails
[30:9.3.2-38]
- fix for #203194 - tmpfile usage
[30:9.3.2-37]
- fix for #202542 - /usr/sbin/bind-chroot-admin: No such file or directory
- fix for #202547 - file_contexts: invalid context
[30:9.3.2-36]
- added Provides: bind-config
[30:9.3.2-35]
- fix bug 197493: renaming subpackage bind-config to caching-nameserver
[30:9.3.2-34]
- fix bug 199876: make '%exclude libbbind.*' conditional on %{LIBBIND}
[30:9.3.2-33]
- fix #195881, perms are not packaged correctly
[30:9.3.2-32]
- fix addenda to bug 189789:
determination of selinux enabled was still not 100% correct in
bind-chroot-admin
- fix addenda to bug 196398:
make named.init test for NetworkManager being enabled AFTER testing for
-D absence;
named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named
setting to disable
auto-enable of named dbus support if NetworkManager enabled.
[30:9.3.2-30]
- fix bug 196398 - Enable -D option automatically in initscript
if NetworkManager enabled in any runlevel.
- fix namedGetForwarders for new dbus
- fix bug 195881 - libbind.so should be owned by bind-libbind-devel
[30:9.3.2-28.FC6]
- Rebuild against new dbus
[30:9.3.2-27.FC6]
- rebuild with fixed glibc-kernheaders
[30:9.3.2-26.FC6.1]
- rebuild
[30:9.3.2-26.FC6]
- fix bugs 191093, 189789
- backport selected fixes from upstream bind9 'v9_3_3b1' CVS version:
( see http://www.isc.org/sw/bind9.3.php "Fixes" ):
o change 2024 / bug 16027:
named emitted spurious "zone serial unchanged" messages on reload
o change 2013 / bug 15941:
handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully
o change 2009 / bug 15808: coverity fixes
o change 1997 / bug 15818:
named was failing to replace negative cache entries when a positive one
for the type was learnt
o change 1994 / bug 15694: OpenSSL 0.9.8 support
o change 1991 / bug 15813:
The configuration data, once read, should be treated as readonly.
o misc. validator fixes
o misc. resolver fixes
o misc. dns fixes
o misc. isc fixes
o misc. libbind fixes
o misc. isccfg fix
o misc. lwres fix
o misc. named fixes
o misc. dig fixes
o misc. nsupdate fix
o misc. tests fixes
[30:9.3.2-24.FC6]
- and actually put the devel symlinks in the right subpackage
[30:9.3.2-23.FC6]
- rebuild for -devel deps
[30:9.3.2-22]
- apply upstream patch for ncache_adderesult segfault bug 173961 addenda
- fix bug 188382: rpm --verify permissions inconsistencies
- fix bug 189186: use /sbin/service instead of initscript
- rebuild for new gcc, glibc-kernheaders
[30:9.3.2-20]
- fix resolver.c ncache_adderesult segfault reported in addenda to bug
173961
(upstream bugs #15642, #15528 ?)
- allow named ability to generate core dumps after setuid (upstream bug
#15753)
[30:9.3.2-18]
- fix bug 187529: make bind-chroot-admin deal with subdirectories properly
[30:9.3.2-16]
- fix bug 187286:
prevent host(1) printing duplicate 'is an alias for' messages
for the default AAAA and MX lookups as well as for the A lookup
(it now uses the CNAME returned for the A lookup for the AAAA and MX
lookups).
This is upstream bug #15702 fixed in the unreleased bind-9.3.3
- fix bug 187333: fix SOURCE24 and SOURCE25 transposition
[30:9.3.2-14]
- fix bug 186577: remove -L/usr/lib from libbind.pc and more .spec file
cleanup
- add '%doc' sample configuration files in /usr/share/doc/bind*/sample
- rebuild with new gcc and glibc
[30:9.3.2-12]
- fix typo in initscript
- fix Requires(post): policycoreutils in sub-packages
[30.9.3.2-10]
- fix bug 185969: more .spec file cleanup
[30.9.3.2-8]
- Do not allow package to be installed if named:25 userid creation fails
- Give libbind a pkg-config file
- remove restorecon from bind-chroot-admin (not required).
- fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };)
[30:9.3.2-7]
- fix issues with bind-chroot-admin
[30:9.3.2-6]
- replace caching-nameserver with bind-config sub-package
- fix bug 177595: handle case where $ROOTDIR is a link in initscript
- fix bug 177001: bind-config creates symlinks OK now
- fix bug 176388: named.conf is now never replaced by any RPM
- fix bug 176248: remove unecessary creation of rpmsave links
- fix bug 174925: no replacement of named.conf
- fix bug 173963: existing named.conf never modified
- major .spec file cleanup
[30:9.3.2-4.1]
- bump again for double-long bug on ppc(64)
[30:9.3.2-4]
- regenerate redhat_doc patch for non-DBUS builds
- allow dbus builds to work with dbus version < 0.6 (bz #179816)
[30:9.3.2-3]
- try supporting without dbus support
[30:9.3.2-2.1]
- Rebuild for new gcc, glibc, glibc-kernheaders
[30:9.3.2-2]
- fix bug 177854: temporary fix for broken kernel-2.6.15-1854+
/proc/net/if_inet6 format
[30:9.3.2-1]
- Upgrade to 9.3.2, released today
[28:9.3.2rc1-2]
- fix bug 176100: do not Require: perl just for namedGetForwarders !
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
[28:9.3.2rc-1]
- Upgrade to upstream version 9.3.2rc1
- fix namedSetForwarders -> namedGetForwarders SOURCE14 typo
[24:9.3.1-26]
- rebuild for new dbus 0.6 dependency; remove use of
DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT
[24:9.3.1-24]
- allow D-BUS support to work in bind-chroot environment:
workaround latest selinux policy by mounting /var/run/dbus/
under chroot instead of /var/run/dbus/system-bus-socket
[24:9.3.1-22]
- fix bug 172632 - remove .la files
- ship namedGetForwarders and namedSetForwarders scripts
- fix detection of -D option in chroot
[24:9.3.1-21]
- rebuilt with new openssl
[24.9.3.1-20]
- Allow the -D enable D-BUS option to be used within bind-chroot .
- fix bug 171226: supply some documentation for pgsql SDB .
[24:9.3.1-18]
- fix bug 169969: do NOT call dbus_svc_dispatch() in dbus_mgr_init_dbus() -
task->state != task_ready and will cause Abort in task.c if process
is waiting for NameOwnerChanged to do a SetForwarders
[24:9.3.1-16]
- Fix reconnecting to dbus-daemon after it stops & restarts .
[24:9.3.1-14]
- When forwarder nameservers are changed with D-BUS, flush the cache.
[24:9.3.1-12]
- fix bug 168302: use %{__cc} for compiling dns-keygen
- fix bug 167682: bind-chroot directory permissions
- fix issues with -D dbus option when dbus service not running or disabled
[24:9.3.1-12]
- fix bug 167062: named should be started after syslogd by default
[24:9.3.1-11]
- fix bug 166227: host: don't do default AAAA and MX lookups with '-t a'
option
[24:9.3.1-10]
- Build with D-BUS patch by default; D-BUS support enabled with named -D
option
- Enable D-BUS for named_sdb also
- fix sdb pgsql's zonetodb.c: must use isc_hash_create() before
dns_db_create()
- update fix for bug 160914 : test for RD=1 and ARCOUNT=0 also before
trying next server
- fix named.init script to handle named_sdb properly
- fix named.init script checkconfig() to handle named '-c' option
and make configtest, test, check configcheck synonyms
[24:9.3.1-8]
- fix named.init script bugs 163598, 163409, 151852(addendum)
[24:9.3.1-7]
- fix bug 160914: resolver utilities should try next server on empty
referral
(now that glibc bug 162625 is fixed)
host and nslookup now by default try next server on SERVFAIL
(host now has '-s' option to disable, and nslookup given
'[no]fail' option similar to dig's [no]fail option).
- rebuild and re-test with new glibc & gcc (all tests passed).
[24:9.3.1-6]
- fix bug 157950: dig / host / nslookup should reject invalid resolv.conf
files and not use uninitialized garbage nameserver values
(ISC bug 14841 raised).
[24:9.3.1-4_FC4]
- Fix SDB LDAP
[24:9.3.1-4]
- Fix bug 157601: give named.init a configtest function
- Fix bug 156797: named.init should check SELinux booleans.local before
booleans
- Fix bug 154335: if no controls in named.conf, stop named with -TERM
sig, not rndc
- Fix bug 155848: add NOTES section to named.8 man-page with info on all
Red Hat
BIND quirks and SELinux DDNS / slave zone file configuration
- D-BUS patches NOT applied until dhcdbd is in FC
[24:9.3.1-4_dbus]
- Enhancement to allow dynamic forwarder table management and
- DHCP forwarder auto-configuration with D-BUS
[24:9.3.1-2_FC4]
- Rebuild for bind-sdb libpq.so.3 dependency
- fix bug 150981: don't install libbind man-pages if no libbind
- fix bug 151852: mount proc on $ROOTDIR/proc to allow sysconf(...)
to work and correct number of CPUs to be determined
[24:9.3.1-1_FC4]
- Upgrade to ISC BIND 9.3.1 (final release) released today.
[22.9.3.1rc1-5]
- fix bug 150288: h_errno not being accessed / set correctly in libbind
- add libbind man-pages from bind-8.4.6
[22:9.3.1rc1-4]
- Rebuild with gcc4 / glibc-2.3.4-14.
[22:9.3.1rc1-3]
- configure with --with-pic to get PIC libraries
[22:9.3.1rc1-2]
- fix bug 149183: don't use getifaddrs() .
[22:9.3.1rc1-1]
- Upgrade to 9.3.1rc1
- Add Simplified Database Backend (SDB) sub-package ( bind-sdb )
- add named_sdb - ldap + pgsql + dir database backend support with
- 'ENABLE_SDB' named.sysconfig option
- Add BIND resolver library & includes sub-package ( libbind-devel)
- fix bug 147824 / 147073 / 145664: ENABLE_ZONE_WRITE in named.init
- fix bug 146084 : shutup restorecon
[22:9.3.0-2]
- Fix bug 143438: named.init will now make correct ownership of
$ROOTDIR/var/named
- based on 'named_write_master_zones' SELinux boolean.
- Fix bug 143744: dig & nsupdate IPv6 timeout (dup of 140528)
[9.3.0-1]
- Upgrade BIND to 9.3.0 in Rawhide / FC4 (bugs 134529, 133654...)
[20:9.2.4-4]
- Fix bugs 140528 and 141113:
- 2 second timeouts when IPv6 not configured and root nameserver's
- AAAA addresses are queried
[20:9.2.4-2]
- Fix bug 136243: bind-chroot %post must run restorecon -R /var/named/chroot
- Fix bug 135175: named.init must return non-zero if named is not run
- Fix bug 134060: bind-chroot %post must use mktemp, not /tmp/named
- Fix bug 133423: bind-chroot %files entries should have been %dirs
[20:9.2.4-1]
- BIND 9.2.4 (final release) released - source code actually
- identical to 9.2.4rc8, with only version number change.
[10:9.2.4rc8-14]
- Upgrade to upstream bind-9.2.4rc8 .
- Progress: Finally! Hooray! ISC bind now distributes:
- o named.conf(5) and nslookup(8) manpages
- 'bind-manpages.bz2' source can now disappear
- (could this have something to do with ISC bug I raised about this?)
- o 'deprecation_msg' global has vanished
- bind-9.2.3rc3-deprecation_msg_shut_up.diff.bz2 can disappear
[10:9.2.4rc8-14]
- Fix bug 106572/132385: copy /etc/localtime to chroot on start
[10:9.2.4rc7-12_EL3]
- Fix bug 132303: if ROOTDIR line was replaced after upgrade from
- bind-chroot-9.2.2-21, restart named
[10:9.2.4rc7-11_EL3]
- Fix bug 131803: replace ROOTDIR line removed by broken
- bind-chroot 9.2.2-21's '%postun'; added %triggerpostun for bind-chroot
[10:9.2.4rc7-10_EL3]
- Fix bugs 130121 & 130981 for RHEL-3
[10:9.2.4rc7-10]
- Fix bug 130121: add '%ghost' entries for files included in previous
- bind-chroot & not in current - ie. named.conf, rndc.key, dev/* -
- that RPM removed after upgrade .
* Thu Aug 26 2004 Jason Vas Dias <jvdias at redhat.com>
- Fix bug 130981: add '-t' option to named-checkconf invocation in
- named.init if chroot installed.
* Wed Aug 25 2004 Jason Vas Dias <jvdias at redhat.com>
- Remove resolver(5) manpage now in man-pages (bug 130792);
- Don't create /dev/ entries in bind-chroot if already there (bug 127556);
- fix bind-devel Requires (bug 130919)
- Set default location for dumpdb & stats files to /var/named/data
* Tue Aug 24 2004 Jason Vas Dias <jvdias at redhat.com>
- Fix devel Requires for bug 130738 & fix version
* Tue Aug 24 2004 Jason Vas Dias <jvdias at redhat.com>
- Fix errors on clean install if named group does not exist
- (bug 130777)
* Thu Aug 19 2004 Jason Vas Dias <jvdias at redhat.com>
- Upgrade to bind-9.2.4rc7; applied initscript fix
- for bug 102035.
* Mon Aug 09 2004 Jason Vas Dias <jvdias at redhat.com>
- Fixed bug 129289: bind-chroot install / deinstall
- on install, existing config files 'safe_replace'd
- with links to chroot copies; on uninstall, moved back.
* Fri Aug 06 2004 Jason Vas Dias <jvdias at redhat.com>
- Fixed bug 129258: "${prefix}/var/tmp" typo in spec
* Wed Jul 28 2004 Jason Vas Dias <jvdias at redhat.com>
- Fixed bug 127124 : 'Requires: kernel >= 2.4'
- causes problems with Linux VServers
* Tue Jul 27 2004 Jason Vas Dias <jvdias at redhat.com>
- Fixed bug 127555 : chroot tar missing var/named/slaves
* Fri Jul 16 2004 Jason Vas Dias <jvdias at redhat.com>
- Upgraded to ISC version 9.2.4rc6
* Fri Jul 16 2004 Jason Vas Dias <jvdias at redhat.com>
- Fixed named.init generation of error messages on
- 'service named stop' and 'service named reload'
- as per bug 127775
[9.2.3-19]
- Bump for rhel 3.0 U3
[9.2.3-18]
- remove disable-linux-caps
[9.2.3-17]
- Update RHEL3 to latest bind
* Tue Jun 15 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
[9.2.3-15]
- Remove device files from chroot, Named uses the system one
[9.2.3-14]
- Move RFC to devel package
[9.2.3-13]
- Fix location of restorecon
[9.2.3-12]
- Tighten security on config files. Should be owned by root
[9.2.3-11]
- Update key patch to include conf-keygen
[9.2.3-10]
- fix chroot to only happen once.
- fix init script to do kill insteall of killall
[9.2.3-9]
- Add fix for SELinux security context
* Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Sat Feb 28 2004 Florian La Roche <Florian.LaRoche at redhat.de>
- run ldconfig for libs subrpm
* Mon Feb 23 2004 Tim Waugh <twaugh at redhat.com>
- Use ':' instead of '.' as separator for chown.
[9.2.3-7]
- Add COPYRIGHT
* Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
[9.2.3-5]
- Add defattr to libs
[9.2.3-4]
- Break out library package
[9.2.3-3]
- Fix condrestart
[9.2.3-2]
- Move libisc and libdns to bind from bind-util
[9.2.3-1]
- Move to 9.2.3
[9.2.2.P3-10]
- Add PIE support
[9.2.2.P3-9]
- Add /var/named/slaves directory
* Sun Oct 12 2003 Florian La Roche <Florian.LaRoche at redhat.de>
- do not link against libnsl, not needed for Linux
[9.2.2.P3-6]
- Fix local time in log file
[9.2.2.P3-5]
- Try again
[9.2.2.P3-4]
- Fix handling of chroot -/dev/random
[9.2.2.P3-3]
- Stop hammering stuff on update of chroot environment
[9.2.2.P3-2]
- Fix chroot directory to grab all subdirectories
[9.2.2.P3-1]
- New patch to support for "delegation-only"
[9.2.2-23]
- patch support for "delegation-only"
[9.2.2-22]
- Update to build on RHL
[9.2.2-21]
- Install libraries as exec so debug info will be pulled
[9.2.2-20]
- Remove BSDCOMPAT (BZ 99454)
[9.2.2-19]
- Update to build on RHL
[9.2.2-18]
- Change protections on /var/named and /var/chroot/named
[9.2.2-17]
- Update to build on RHL
[9.2.2-16]
- Update to build on RHEL
* Wed Jun 04 2003 Elliot Lee <sopwith at redhat.com>
- rebuilt
[9.2.2-14]
- Update to build on RHEL
[9.2.2-13]
- Fix config description of named.conf in chroot
- Change named.init script to check for existence of /etc/sysconfig/network
[9.2.2-12]
- Update to build on RHEL
[9.2.2-11]
- Update to build on RHEL
[9.2.2-10]
- Fix echo OK on starting/stopping service
[9.2.2-9]
- Update to build on RHEL
[9.2.2-8]
- Fix echo on startup
[9.2.2-7]
- Fix problems with chroot environment
- Eliminate posix threads
[9.2.2-6]
- Fix build problems
[9.2.2-5]
- Fix build on beehive
[9.2.2-4]
- build bind-chroot kit
[9.2.2-3]
- Change configure to use proper threads model
[9.2.2-2]
- update to 9.2.2
[9.2.2-1]
- update to 9.2.2
[9.2.1-16]
- Put a sleep in restart to make sure stop completes
* Wed Jan 22 2003 Tim Powers <timp at redhat.com>
- rebuilt
[9.2.1-14]
- Separate /etc/rndc.key to separate file
[9.2.1-13]
- Use openssl's pkgconfig data, if available, at build-time.
[9.2.1-12]
- Fix log rotate to use service named reload
- Change service named reload to give success/failure message [73770]
- Fix File checking [75710]
- Begin change to automatically run in CHROOT environment
[9.2.1-10]
- Fix startup script to work like all others.
[9.2.1-9]
- Fix configure to build on x86_64 platforms
* Wed Aug 07 2002 Karsten Hopp <karsten at redhat.de>
- fix #70583, doesn't build on IA64
[9.2.1-8]
- bind-utils shouldn't require bind
[9.2.1-7]
- fix name of pidfine in logrotate script (#68842)
- fix owner of logfile in logrotate script (#41391)
- fix nslookup and named.conf man pages (output on stderr)
(#63553, #63560, #63561, #54889, #57457)
- add rfc1912 (#50005)
- gzip all rfc's
- fix typo in keygen.c (#54870)
- added missing manpages (#64065)
- shutdown named properly with rndc stop (#62492)
- /sbin/nologin instead of /bin/false (#68607)
- move nsupdate to bind-utils (where the manpage already was) (#66209,
#66381)
- don't kill initscript when rndc fails (reload) (#58750)
[9.2.1-5]
- Fix #65975
* Fri Jun 21 2002 Tim Powers <timp at redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp at redhat.com>
- automated rebuild
[9.2.1-2]
- Move libisccc, lib isccfg and liblwres from bind-utils to bind,
they're not required if you aren't running a nameserver.
* Fri May 03 2002 Florian La Roche <Florian.LaRoche at redhat.de>
- update to 9.2.1 release
[9.2.0-8]
- Merge 30+ bug fixes from 9.2.1rc1 code
[9.2.0-7]
- Don't exit if /etc/named.conf doesn't exist if we're running
chroot (#60868)
- Revert Elliot's changes, we do require specific glibc/glibc-kernheaders
versions or bug #58335 will be back. "It compiles, therefore it works"
isn't always true.
[9.2.0-6]
- Fix BuildRequires (we don't need specific glibc/glibc-kernheaders
versions).
- Use _smp_mflags
[9.2.0-4]
- rebuild, require recent autoconf, automake (#58335)
* Fri Jan 25 2002 Tim Powers <timp at redhat.com>
- rebuild against new libssl
* Wed Jan 09 2002 Tim Powers <timp at redhat.com>
- automated rebuild
[9.2.0-1]
- 9.2.0
[9.2.0-0.rc10.2]
- 9.2.0rc10
[9.2.0-0.rc8.2]
- Fix up rndc.conf (#55574)
[9.2.0-0.rc8.1]
- rc8
- Enforce --enable-threads
[9.2.0-0.rc7.1]
- 9.2.0rc7
- Use rndc status for "service named status", it's supposed to actually
work in 9.2.x.
[9.2.0-0.rc5.1]
- 9.2.0rc5
- Fix rpm --rebuild with ancient libtool versions (#53938, #54257)
[9.2.0-0.rc4.1]
- 9.2.0rc4
[9.2.0-0.rc3.1]
- 9.2.0rc3
- remove ttl patch, I don't think we need this for 8.0.
- remove dig.1.bz2 from the bind8-manpages tar file, 9.2 has a new dig
man page
- add lwres* man pages to -devel
[9.1.3-4]
- Make sure /etc/rndc.conf isn't world-readable even after the
%post script inserted a random key (#53009)
[9.1.3-3]
- Add build dependencies (#49368)
- Make sure running service named start several times doesn't create
useless processes (#47596)
- Work around the named parent process returning 0 even if the config
file is broken (it's parsed later by the child processes) (#45484)
[9.1.3-2]
- Don't use rndc status, it's not yet implemented (#48839)
* Sun Jul 08 2001 Florian La Roche <Florian.LaRoche at redhat.de>
- update to 9.1.3 release
[9.1.3-0.rc3.1]
- Fix up rndc configuration and improve security (#46586)
[9.1.3-0.rc2.2]
- Sync with caching-nameserver-7.1-6
[9.1.3-0.rc2.1]
- Update to rc2
[9.1.3-0.rc1.3]
- Remove resolv.conf(5) man page, it's now in man-pages
[9.1.3-0.rc1.2]
- Add named.conf man page from bind 8.x (outdated, but better than nothing,
- Rename the rndc key (#42895)
- Add dnssec* man pages
[9.1.3-0.rc1.1]
- 9.1.3rc1
- s/Copyright/License/
[9.1.2-1]
- 9.1.2 final. No changes between 9.1.2-0.rc1.1 and this one, except for
the version number, though.
[9.1.2-0.rc1.1]
- 9.1.2rc1
[9.1.1-1]
- 9.1.1
[9.1.0-10]
- Merge fixes from 9.1.1rc5
[9.1.0-9]
- Work around bind 8 -> bind 9 migration problem when using buggy zone
files:
accept zones without a TTL, but spew out a big fat warning. (#31393)
* Thu Mar 08 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Add fixes from rc4
* Fri Mar 02 2001 Nalin Dahyabhai <nalin at redhat.com>
- rebuild in new environment
* Thu Mar 01 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- killall -HUP named if rndc reload fails (#30113)
* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Merge some fixes from 9.1.1rc3
* Tue Feb 20 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Don't use the standard rndc key from the documentation, instead,
create a random one
at installation time (#26358)
- Make /etc/rndc.conf readable by user named only, it contains secret keys
* Tue Feb 20 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.1.1 probably won't be out in time, revert to 9.1.0 and apply fixes
from 9.1.1rc2
- bind requires bind-utils (#28317)
* Tue Feb 13 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Update to rc2, fixes 2 more bugs
- Fix build with glibc >= 2.2.1-7
* Thu Feb 08 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Update to 9.1.1rc1; fixes 17 bugs (14 of them affecting us;
1 was fixed in a Red Hat patch already, 2 others are portability
improvements)
* Wed Feb 07 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Remove initscripts 5.54 requirement (#26489)
* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Add named-checkconf, named-checkzone (#25170)
* Mon Jan 29 2001 Trond Eivind Glomsrod <teg at redhat.com>
- use echo, not gprintf
* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix problems with $GENERATE
Patch from Daniel Roesen <droesen at entire-systems.com>
Bug #24890
* Thu Jan 18 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.1.0 final
* Sat Jan 13 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.1.0rc1
- i18nify init script
- bzip2 source to save space
* Thu Jan 11 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix %postun script
* Tue Jan 09 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.1.0b3
* Mon Jan 08 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Add named.conf man page from bind8 (#23503)
* Sun Jan 07 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Make /etc/rndc.conf and /etc/sysconfig/named noreplace
- Make devel require bind = %{version} rather than just bind
* Sun Jan 07 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix init script for real
* Sat Jan 06 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix init script when ROOTDIR is not set
* Thu Jan 04 2001 Bernhard Rosenkraenzer <bero at redhat.com>
- Add hooks for setting up named to run chroot (RFE #23246)
- Fix up requirements
* Fri Dec 29 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.1.0b2
* Wed Dec 20 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- Move run files to /var/run/named/ - /var/run isn't writable
by the user we're running as. (Bug #20665)
* Tue Dec 19 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix reverse lookups (#22272)
- Run ldconfig in %post utils
* Tue Dec 12 2000 Karsten Hopp <karsten at redhat.de>
- fixed logrotate script (wrong path to kill)
- include header files in -devel package
- bugzilla #22049, #19147, 21606
* Fri Dec 08 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.1.0b1 (9.1.0 is in our timeframe and less buggy)
* Mon Nov 13 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.0.1
* Mon Oct 30 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix initscript (Bug #19956)
- Add sample rndc.conf (Bug #19956)
- Fix build with tar 1.13.18
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- Add some missing man pages (taken from bind8) (Bug #18794)
* Sun Sep 17 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.0.0 final
* Wed Aug 30 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- rc5
- fix up nslookup
* Thu Aug 24 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- rc4
* Thu Jul 13 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- 9.0.0rc1
* Wed Jul 12 2000 Prospector <bugzilla at redhat.com>
- automatic rebuild
* Sun Jul 09 2000 Florian La Roche <Florian.LaRoche at redhat.de>
- add "exit 0" for uninstall case
* Fri Jul 07 2000 Florian La Roche <Florian.LaRoche at redhat.de>
- add prereq init.d and cleanup install section
* Fri Jun 30 2000 Trond Eivind Glomsrod <teg at redhat.com>
- fix the init script
* Wed Jun 28 2000 Nalin Dahyabhai <nalin at redhat.com>
- make libbind.a and nslookup.help readable again by setting INSTALL_LIB
to ""
* Mon Jun 26 2000 Bernhard Rosenkranzer <bero at redhat.com>
- Fix up the initscript (Bug #13033)
- Fix build with current glibc (Bug #12755)
- /etc/rc.d/init.d -> /etc/init.d
- use %{_mandir} rather than /usr/share/man
* Mon Jun 19 2000 Bill Nottingham <notting at redhat.com>
- fix conflict with man-pages
- remove compatibilty chkconfig links
- initscript munging
* Wed Jun 14 2000 Nalin Dahyabhai <nalin at redhat.com>
- modify logrotate setup to use PID file
- temporarily disable optimization by unsetting $RPM_OPT_FLAGS at build-time
- actually bump the release this time
* Sun Jun 04 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- FHS compliance
* Mon Apr 17 2000 Nalin Dahyabhai <nalin at redhat.com>
- clean up restart patch
* Mon Apr 10 2000 Nalin Dahyabhai <nalin at redhat.com>
- provide /var/named (fix for bugs #9847, #10205)
- preserve args when restarted via ndc(8) (bug #10227)
- make resolv.conf(5) a link to resolver(5) (bug #10245)
- fix SYSTYPE bug in all makefiles
- move creation of named user from %post into %pre
* Mon Feb 28 2000 Bernhard Rosenkranzer <bero at redhat.com>
- Fix TTL (patch from ISC, Bug #9820)
* Wed Feb 16 2000 Bernhard Rosenkranzer <bero at redhat.com>
- fix typo in spec (it's %post, without a leading blank) introduced in -6
- change SYSTYPE to linux
* Fri Feb 11 2000 Bill Nottingham <notting at redhat.com>
- pick a standard < 100 uid/gid for named
* Fri Feb 04 2000 Elliot Lee <sopwith at redhat.com>
- Pass named a '-u named' parameter by default, and add/remove user.
* Thu Feb 03 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- fix host mx bug (Bug #9021)
* Mon Jan 31 2000 Cristian Gafton <gafton at redhat.com>
- rebuild to fix dependencies
- man pages are compressed
* Wed Jan 19 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- It's /usr/bin/killall, not /usr/sbin/killall (Bug #8063)
* Mon Jan 17 2000 Bernhard Rosenkraenzer <bero at redhat.com>
- Fix up location of named-bootconf.pl and make it executable
(Bug #8028)
- bind-devel requires bind
* Mon Nov 15 1999 Bernhard Rosenkraenzer <bero at redhat.com>
- update to 8.2.2-P5
* Wed Nov 10 1999 Bill Nottingham <notting at redhat.com>
- update to 8.2.2-P3
* Tue Oct 12 1999 Cristian Gafton <gafton at redhat.com>
- add patch to stop a cache only server from complaining about lame servers
on every request.
* Fri Sep 24 1999 Preston Brown <pbrown at redhat.com>
- use real stop and start in named.init for restart, not ndc restart, it has
problems when named has changed during a package update... (# 4890)
* Fri Sep 10 1999 Bill Nottingham <notting at redhat.com>
- chkconfig --del in %preun, not %postun
* Mon Aug 16 1999 Bill Nottingham <notting at redhat.com>
- initscript munging
* Mon Jul 26 1999 Bill Nottingham <notting at redhat.com>
- fix installed chkconfig links to match init file
* Sat Jul 03 1999 Jeff Johnson <jbj at redhat.com>
- conflict with new (in man-1.24) man pages (#3876,#3877).
* Tue Jun 29 1999 Bill Nottingham <notting at redhat.com>
- fix named.logrotate (wrong %SOURCE)
* Fri Jun 25 1999 Jeff Johnson <jbj at redhat.com>
- update to 8.2.1.
- add named.logrotate (#3571).
- hack around egcs-1.1.2 -m486 bug (#3413, #3485).
- vet file list.
* Fri Jun 18 1999 Bill Nottingham <notting at redhat.com>
- don't run by default
* Sun May 30 1999 Jeff Johnson <jbj at redhat.com>
- nslookup fixes (#2463).
- missing files (#3152).
* Sat May 01 1999 Stepan Kasal <kasal at math.cas.cz>
- nslookup patched:
to count numRecords properly
to fix subsequent calls to ls -d
to parse "view" and "finger" commands properly
the view hack updated for bind-8 (using sed)
* Wed Mar 31 1999 Bill Nottingham <notting at redhat.com>
- add ISC patch
- add quick hack to make host not crash
- add more docs
* Fri Mar 26 1999 Cristian Gafton <gafton at redhat.com>
- add probing information in the init file to keep linuxconf happy
- dont strip libbind
* Sun Mar 21 1999 Cristian Gafton <gafton at redhat.com>
- auto rebuild in the new build environment (release 3)
* Wed Mar 17 1999 Preston Brown <pbrown at redhat.com>
- removed 'done' output at named shutdown.
* Tue Mar 16 1999 Cristian Gafton <gafton at redhat.com>
- version 8.2
* Wed Dec 30 1998 Cristian Gafton <gafton at redhat.com>
- patch to use the __FDS_BITS macro
- build for glibc 2.1
* Wed Sep 23 1998 Jeff Johnson <jbj at redhat.com>
- change named.restart to /usr/sbin/ndc restart
* Sat Sep 19 1998 Jeff Johnson <jbj at redhat.com>
- install man pages correctly.
- change K10named to K45named.
* Wed Aug 12 1998 Jeff Johnson <jbj at redhat.com>
- don't start if /etc/named.conf doesn't exist.
* Sat Aug 08 1998 Jeff Johnson <jbj at redhat.com>
- autmagically create /etc/named.conf from /etc/named.boot in %post
- remove echo in %post
* Wed Jun 10 1998 Jeff Johnson <jbj at redhat.com>
- merge in 5.1 mods
* Sun Apr 12 1998 Manuel J. Galan <manolow at step.es>
- Several essential modifications to build and install correctly.
- Modified 'ndc' to avoid deprecated use of '-'
* Mon Dec 22 1997 Scott Lampert <fortunato at heavymetal.org>
- Used buildroot
- patched bin/named/ns_udp.c to use <libelf/nlist.h> for include
on Redhat 5.0 instead of <nlist.h>
More information about the Oraclevm-errata
mailing list