| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: bind-lwresd | Distribution: openSUSE 11.4 |
| Version: 9.7.6P3 | Vendor: openSUSE |
| Release: 0.37.1 | Build date: Sat Sep 15 19:10:18 2012 |
| Group: Productivity/Networking/DNS/Utilities | Build host: build32 |
| Size: 531664 | Source RPM: bind-9.7.6P3-0.37.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://isc.org/sw/bind/ | |
| Summary: Lightweight Resolver Daemon | |
Bind-lwresd provides resolution services to local clients using a
combination of the lightweight resolver library liblwres and the
resolver daemon process lwresd running on the local host. These
communicate using a simple UDP-based protocol, the "lightweight
resolver protocol" that is distinct from and simpler than the full DNS
protocol.
Authors:
--------
ISC Software <bind@isc.org>
BSD-3-Clause ; MIT
* Sat Sep 15 2012 meissner@suse.com
- A nameserver can be caused to exit with a REQUIRE exception if it can
be induced to load a specially crafted resource record.
CVE-2012-4244
bnc#780157
- 9.6-ESV-R7-P3
- fetched current named.root and dnszone-schema.txt from upstream.
- named.root: D has ipv6 record now
* Mon Jul 30 2012 ug@suse.de
- Bad-cache data could be used before it was
initialized, causing an assert.
CVE-2012-3817
bnc#772945
- Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
- 9.7.6-P2
* Tue Jul 03 2012 ug@suse.de
- VUL-1: deleted domain name resolving flaw
CVE-2012-1033
bnc#746074
- more than 40 other bugs fixed (see CHANGES for details)
- 9.7.6-P1
* Mon Jun 04 2012 ug@suse.de
- VUL-0: bind remote DoS via zero length rdata field
CVE-2012-1667
bnc#765315
* Thu Nov 17 2011 ug@suse.de
- Cache lookup could return RRSIG data associated with nonexistent
records, leading to an assertion failure. (bnc#730995)
CVE-2011-4313
* Tue Jul 05 2011 ug@suse.de
- Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. This was fixed by disambiguating internal database
representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
(bnc#703907)
* Tue May 31 2011 meissner@suse.de
- Security update to 9.7.3-P1
- fixed a denial of service in RRSIG (CVE-2011-1910 / bnc#696585)
- Updated named.root from internic
* Thu Feb 24 2011 ug@suse.de
- fixed security issue
VUL-0: bind: IXFR or DDNS update combined with high query rate
DoS vulnerability (CVE-2011-0414 bnc#674431)
- version to 9.7.3
* Wed Jan 05 2011 meissner@suse.de
- ifdef the sysvinit specific prereqs for openSUSE 11.4 and later
* Thu Dec 09 2010 mvyskocil@suse.cz
- fix bnc#656509 - direct mount of /proc in chroot
* Tue Dec 07 2010 coolo@novell.com
- prereq init scripts syslog and network
* Thu Dec 02 2010 ug@suse.de
- fixed VUL-0: bind: Key algorithm rollover bug
bnc#657102, CVE-2010-3614
- fixed VUL-0: bind: allow-query processed incorrectly
bnc#657120, CVE-2010-3615
- fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type
bnc#657129, CVE-2010-3613
* Tue Nov 23 2010 ug@suse.de
- fixed return code of "rcnamed status"
- added gssapi support
* Tue Oct 12 2010 ug@suse.de
- Zones may be dynamically added and removed with the "rndc addzone"
and "rndc delzone" commands. These dynamically added zones are
written to a per-view configuration file. Do not rely on the
configuration file name nor contents as this will change in a
future release. This is an experimental feature at this time.
- Added new "filter-aaaa-on-v4" access control list to select which
IPv4 clients have AAAA record filtering applied.
- A new command "rndc secroots" was added to dump a combined summary
of the currently managed keys combined with statically configured
trust anchors.
- Added support to load new keys into managed zones without signing
immediately with "rndc loadkeys". Added support to link keys with
"dnssec-keygen -S" and "dnssec-settime -S".
- Documentation improvements
- ORCHID prefixes were removed from the automatic empty zone list.
- Improved handling of GSSAPI security contexts. Specifically, better
memory management of cached contexts, limited lifetime of a context
to 1 hour, and added a "realm" command to nsupdate to allow
selection of a non-default realm name.
- The contributed tool "ztk" was updated to version 1.0.
- version 9.7.1 to 9.7.2-P2
* Mon Jul 26 2010 ug@suse.de
- chrooted bind failed to start (bnc#625019)
* Mon Jun 21 2010 ug@suse.de
- genrandom: add support for the generation of multiple
files.
- Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13.
- Incrementally write the master file after performing
a AXFR.
- Add AAAA address for L.ROOT-SERVERS.NET.
- around 50 bugs fixed (see CHANGELOG for details)
- version 9.7.1
* Thu May 20 2010 ug@suse.de
- Handle broken DNSSEC trust chains better. [RT #15619]
- Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131
- version 9.7.0-P2
* Sat May 01 2010 aj@suse.de
- Handle /var/run on tmpfs.
- do not use run_ldconfig.
* Wed Feb 24 2010 jengelh@medozas.de
- Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch
* Wed Feb 17 2010 ug@suse.de
- Fully automatic signing of zones by "named".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option "attach-cache" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
- version 9.7.0
* Wed Jan 20 2010 ug@suse.de
- [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
- [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
- [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
- version 9.6.1-P3
* Mon Jan 04 2010 ug@suse.de
- removed the syntax check for include files (bnc#567593)
* Tue Dec 15 2009 jengelh@medozas.de
- add baselibs.conf as a source
- enable parallel building
- add baselibs for SPARC
- package documentation as noarch
* Wed Nov 25 2009 ug@suse.de
- Security fix
When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
CVE-2009-4022
bnc#558260
- update from P1 to P2
* Fri Nov 20 2009 ug@suse.de
- added localhost for ipv6 to default config (bnc#539529)
* Wed Nov 18 2009 ug@suse.de
- fixed apparmor profile (bnc#544181)
* Tue Nov 03 2009 coolo@novell.com
- updated patches to apply with fuzz=0
* Wed Sep 30 2009 ug@suse.de
- using start_daemon instead of startproc (bnc#539532)
* Mon Aug 10 2009 ug@suse.de
- version update to 9.6.1-P1
(security fix CVE-2009-0696)
bnc#526185
* Tue Jun 30 2009 ug@suse.de
- enabled MySQL DLZ (Dynamically Loadable Zones)
* Tue Jun 16 2009 ug@suse.de
- around 50 bugfixes against 9.6.0p1
See changelog for details
- version 9.6.1
* Thu Apr 09 2009 ug@suse.de
- not all include files were copied into chroot (bnc#466800)
* Tue Mar 03 2009 ug@suse.de
- /etc/named.conf does not include /etc/named.d/forwarders.conf
by default (bnc#480334)
/etc/init.d/lwresd /usr/sbin/lwresd /usr/sbin/rclwresd /usr/share/man/man8/lwresd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Jun 10 05:10:40 2013