FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Port details
bind99 BIND DNS suite with updated DNSSEC and DNS64
9.9.6P1 dns on this many watch lists=22 search for ports that depend on this port An older version of this port was marked as vulnerable.
Maintained by: mat@FreeBSD.org search for ports maintained by this maintainer
Port Added: 28 Jan 2012 05:28:38
Also Listed In: net ipv6
License: ISCL
BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND
architecture.  Some of the important features of BIND 9 are:

DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests)
IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA)
     Experimental IPv6 Resolver Library
DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0
     Improved standards conformance
Views: One server process can provide multiple "views" of the DNS namespace,
     e.g. an "inside" view to certain clients, and an "outside" view to others.
Multiprocessor Support

BIND 9.9 includes a number of changes from BIND 9.8 and earlier releases,
including:
	NXDOMAIN redirection
	Improved startup and reconfiguration time, especially with large
		numbers of authoritative zones
	New "inline-signing" option, allows named to sign zones completely
		transparently, including static zones
	Many other new features, especially for DNSSEC

See the CHANGES file for more information on features.

WWW: https://www.isc.org/software/bind
SVNWeb : Main Web Site : Distfiles Availability : PortsMon

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Required To Build:
  1. security/openssl
Required To Run:
  1. security/openssl
Required Libraries:
  1. textproc/libxml2

This port is required by:

for Build * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

To install the port: cd /usr/ports/dns/bind99/ && make install clean
To add the package: pkg install dns/bind99


Configuration Options
===> The following configuration options are available for bind99-9.9.6P1:
     DOCS=on: Build and/or install documentation
     FILTER_AAAA=off: Enable filtering of AAAA records
     FIXED_RRSET=off: Enable fixed rrset ordering
     GOST=off: Enable GOST ciphers, needs SSL (see help)
     IDN=off: International Domain Names support
     IPV6=on: IPv6 protocol support
     LARGE_FILE=off: 64-bit file support
     LINKS=off: Create conf file symlinks in /usr/local
     NEWSTATS=off: Enable alternate xml statistics channel format
     PYTHON=off: Build with Python utilities
     REPLACE_BASE=off: Replace base BIND (FreeBSD 9.x and earlier)
     RPZ_NSDNAME=off: Enable RPZ NSDNAME policy records
     RPZ_NSIP=off: Enable RPZ NSIP trigger rules
     RPZ_PATCH=off: RPZ improvements
     RRL=on: Response Rate Limiting
     SIGCHASE=off: dig/host/nslookup will do DNSSEC validation
     SSL=on: Build with OpenSSL (Required for DNSSEC)
     THREADS=on: Threading support
====> Dynamically Loadable Zones
     DLZ_POSTGRESQL=off: DLZ Postgres driver
     DLZ_MYSQL=off: DLZ MySQL driver (no threading)
     DLZ_BDB=off: DLZ BDB driver
     DLZ_LDAP=off: DLZ LDAP driver
     DLZ_FILESYSTEM=off: DLZ filesystem driver
     DLZ_STUB=off: DLZ stub driver
====> GSSAPI Security API support: you have to select exactly one of them
     GSSAPI_BASE=off: GSSAPI Security API support (Heimdal in base)
     GSSAPI_HEIMDAL=off: GSSAPI Security API support (security/heimdal)
     GSSAPI_MIT=off: GSSAPI Security API support (security/krb5)
     GSSAPI_NONE=on: No GSSAPI Security API support
===> Use 'make config' to modify these settings

Master Sites:
  1. ftp://ftp.ciril.fr/pub/isc/bind9/9.9.6-P1/
  2. ftp://ftp.dti.ad.jp/pub/net/isc/bind9/9.9.6-P1/
  3. ftp://ftp.freenet.de/pub/ftp.isc.org/isc/bind9/9.9.6-P1/
  4. ftp://ftp.funet.fi/pub/mirrors/ftp.isc.org/isc/bind9/9.9.6-P1/
  5. ftp://ftp.iij.ad.jp/pub/network/isc/bind9/9.9.6-P1/
  6. ftp://ftp.isc.org/isc/bind9/9.9.6-P1/
  7. ftp://ftp.mirrorservice.org/sites/ftp.isc.org/isc/bind9/9.9.6-P1/
  8. ftp://ftp.nominum.com/pub/isc/bind9/9.9.6-P1/
  9. ftp://ftp.ntua.gr/pub/net/isc/isc/bind9/9.9.6-P1/
  10. ftp://ftp.ripe.net/mirrors/sites/ftp.isc.org/isc/bind9/9.9.6-P1/
  11. ftp://ftp.sunet.se/pub/network/isc/bind9/9.9.6-P1/
  12. ftp://ftp.task.gda.pl/mirror/ftp.isc.org/isc/bind9/9.9.6-P1/
  13. ftp://ftp.u-aizu.ac.jp/pub/net/isc/bind9/9.9.6-P1/
  14. http://distcache.FreeBSD.org/ports-distfiles/
  15. http://ftp.isc.org/isc/bind9/9.9.6-P1/
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2013-11-12
    Affects: users of dns/bind9*
    Author: erwin@FreeBSD.org
    Reason: 
      All bind9 ports have been updated to support FreeBSD 10.x after
      BIND was removed from the base system.  It is now self-contained
      in ${PREFIX}/etc/namedb, and chroot and symlinking options are
      no longer supported out of the box.
    
      For users of FreeBSD 9.x and earlier, the LINKS option is no longer
      enabled by default, but still supported.  No other changes should
      affect those users, and updating without changing already set options
      will keep the system in the same state.
    
    

Number of commits found: 106 (showing only 100 on this page)

1 | 2  »  

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
08 Dec 2014 17:29:44
Original commit files touched by this commit  9.9.6P1
Revision:374305
mat search for other commits by this committer
Security update of BIND9 to 9.9.6-P1 and 9.10.1-P1.

Security:	CVE-2014-8500 CVE-2014-8680
Sponsored by:	Absolight
24 Nov 2014 17:41:10
Original commit files touched by this commit  9.9.6_1
Revision:373227
mat search for other commits by this committer
Fix three ports forgotten by the USE_PGSQL removal.  (Fix a typo in devel/upp.)

Sponsored by:	Absolight
17 Nov 2014 17:51:52
Original commit files touched by this commit  9.9.6_1
Revision:372675
mat search for other commits by this committer
Install the bind.keys file with the root and dlv.isc.org keys.

Sponsored by:	Absolight
07 Oct 2014 10:25:21
Original commit files touched by this commit  9.9.6
Revision:370291
mat search for other commits by this committer
Note REPLACE_BASE will get removed.

Sponsored by:	Absolight
23 Sep 2014 13:25:35
Original commit files touched by this commit  9.9.6
Revision:369056
mat search for other commits by this committer
Update to 9.9.6.

Sponsored by:	Absolight
07 Sep 2014 10:24:59
Original commit files touched by this commit  9.9.5P1_5
Revision:367505 This port version is marked as vulnerable.
mat search for other commits by this committer
configure no longer has problems detecting our arch like it had in bind95's
time, so remove ARCH modification, which leads to other problems, like [1]

PR:		193359 [1]
Submitted by:	dinoex [1]
Sponsored by:	Absolight
29 Jul 2014 22:16:12
Original commit files touched by this commit  9.9.5P1_5
Revision:363400 This port version is marked as vulnerable.
mat search for other commits by this committer
Enable RRL by default.

Requested by:	so many my head hurts
Sponsored by:	Absolight
24 Jul 2014 18:34:16
Original commit files touched by this commit  9.9.5P1_4
Revision:362835 This port version is marked as vulnerable.
tijl search for other commits by this committer
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample
(Only the first 15 lines of the commit message are shown above View all of this commit message)
11 Jul 2014 15:38:42
Original commit files touched by this commit  9.9.5P1_3
Revision:361553 This port version is marked as vulnerable.
mat search for other commits by this committer
And it's supposed to be lower case.

Sponsored by:	Absolight
11 Jul 2014 15:28:13
Original commit files touched by this commit  9.9.5P1_3
Revision:361548 This port version is marked as vulnerable.
mat search for other commits by this committer
Add CPE to BIND9.

Sponsored by:	Absolight
24 Jun 2014 15:15:33
Original commit files touched by this commit  9.9.5P1_3
Revision:359094 This port version is marked as vulnerable.
mat search for other commits by this committer
Add a PYTHON option to bind99 and bind910, it installs a couple of dnssec
related utilities.
Use bind's own Makefiles for installation in bind-tools.

Sponsored by:	Absolight
18 Jun 2014 12:23:28
Original commit files touched by this commit  9.9.5P1_2
Revision:358262 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix dns/bind-tools after the gssapi update.

Also, move it from BIND 9.9 to 9.10, and add delv and nsupdate.

Sponsored by:	Absolight
17 Jun 2014 17:16:33
Original commit files touched by this commit  9.9.5P1_2
Revision:358151 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove test bits.

Pointy hat to:	mat
Sponsored by:	Absolight
17 Jun 2014 15:01:25
Refresh Original commit files touched by this commit
Revision:358127
mat search for other commits by this committer
Convert dns/bind9* to USES=gssapi.

Sponsored by:	Absolight
13 Jun 2014 13:14:32
Original commit files touched by this commit  9.9.5P1
Revision:357679 This port version is marked as vulnerable.
mat search for other commits by this committer
Correct local path for rpz* patchs.

Sponsored by:	Absolight
12 Jun 2014 14:18:57
Original commit files touched by this commit  9.9.5P1
Revision:357597 This port version is marked as vulnerable.
mat search for other commits by this committer
Update to 9.9.5-P1.

Changes:	https://lists.isc.org/pipermail/bind-announce/2014-June/000913.html
Sponsored by:	Absolight
09 Jun 2014 10:24:24
Original commit files touched by this commit  9.9.5_18
Revision:357127 This port version is marked as vulnerable.
mat search for other commits by this committer
Unbreak, it seems not everybody as switched to pkg yet...

Sponsored by:	Absolight
06 Jun 2014 10:59:46
Original commit files touched by this commit  9.9.5_17
Revision:356762 This port version is marked as vulnerable.
mat search for other commits by this committer
Don't install rndc.conf

It is generated by the rc script during the first startup.  And if
the file is present, it messes up the rndc.key generation.

Poked by:	Alain Audebert
Sponsored by:	Absolight
17 May 2014 21:30:25
Original commit files touched by this commit  9.9.5_16
Revision:354375 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix build with GOST (on 10, base OpenSSL doesn't have it)
Make sure OpenSSL from ports is used < 10.

Sponsored by:	Absolight
16 May 2014 03:13:58
Original commit files touched by this commit  9.9.5_15
Revision:354193 This port version is marked as vulnerable.
mat search for other commits by this committer
Ok, revert r354129, it was a bad idea.

Poked by:	many
Sponsored by:	Absolight
15 May 2014 14:12:34
Original commit files touched by this commit  9.9.5_14
Revision:354129 This port version is marked as vulnerable.
mat search for other commits by this committer
Try and fix the plist for bind9* ports when <10.

Poked by:	swills
Sponsored by:	Absolight
14 May 2014 23:59:14
Original commit files touched by this commit  9.9.5_13
Revision:354095 This port version is marked as vulnerable.
mat search for other commits by this committer
Make GOST in BIND 9.* optional

Test Plan: Currently testing in poudriere

Differential Revision: https://phabric.freebsd.org/D12
17 Apr 2014 16:43:49
Original commit files touched by this commit  9.9.5_12
Revision:351487 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix the rc script reload command.

Noticed by:	David Samms
Sponsored by:	Absolight
16 Apr 2014 18:28:50
Original commit files touched by this commit  9.9.5_11
Revision:351411 This port version is marked as vulnerable.
zeising search for other commits by this committer
The FreeBSD x11@ and graphics team proudly presents
a zeising, kwm production, with help from dumbbell, bdrewery:

NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE

This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.

This patch also contains updates of libxcb and related ports, pixman, as well
(Only the first 15 lines of the commit message are shown above View all of this commit message)
12 Apr 2014 19:23:10
Original commit files touched by this commit  9.9.5_10
Revision:351124 This port version is marked as vulnerable.
mat search for other commits by this committer
Use @sample for my port, cleanup an etc/PORTNAME into ETCDIR.

Sponsored by:	Absolight
10 Apr 2014 20:43:50
Original commit files touched by this commit  9.9.5_10
Revision:350848 This port version is marked as vulnerable.
mat search for other commits by this committer
Two changes to the RC script
- Add a dependency on ldconfig
- Allow people to change the pidfile

PR:		188439
Submitted by:	Oliver Lehmann
Sponsored by:	Absolight
10 Apr 2014 15:45:03
Original commit files touched by this commit  9.9.5_9
Revision:350817 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove noop patch.

Sponsored by:	Absolight
09 Apr 2014 14:14:46
Original commit files touched by this commit  9.9.5_9
Revision:350710 This port version is marked as vulnerable.
mat search for other commits by this committer
- Add a patch to install missing man page
- Add dnssec-* tools to bind-tools[1]

Requested by:	many [1]
Sponsored by:	Absolight
27 Mar 2014 13:30:12
Original commit files touched by this commit  9.9.5_8
Revision:349338 This port version is marked as vulnerable.
mat search for other commits by this committer
- Fix startup script
- Fix whitespace

PR:		188011
Submitted by:	takefu
Sponsored by:	Absolight
25 Mar 2014 17:25:17
Original commit files touched by this commit  9.9.5_7
Revision:349162 This port version is marked as vulnerable.
mat search for other commits by this committer
Finaly pet rclint.

With help from:	crees
Sponsored by:	Absolight
25 Mar 2014 15:46:24
Original commit files touched by this commit  9.9.5_6
Revision:349154 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove GSSAPI from the default options.

Almost nobody needs it, and people keep having a hard time building BIND
because of this.

Sponsored by:	Absolight
17 Mar 2014 18:46:47
Original commit files touched by this commit  9.9.5_5
Revision:348497 This port version is marked as vulnerable.
mat search for other commits by this committer
- Use SUB_FILES for named.conf and the rc script
- Fix some package installation warnings

Sponsored by:	Absolight
06 Mar 2014 17:31:55
Original commit files touched by this commit  9.9.5_4
Revision:347284 This port version is marked as vulnerable.
mat search for other commits by this committer
Always depend on libxml[1]
Add XML newstats support to bind99[2]

PR:		186890[1], 186791[2]
Submitted by:	Jason Mann[1], Matthew Seaman[2]
Sponsored by:	Absolight
06 Mar 2014 17:12:52
Original commit files touched by this commit  9.9.5_3
Revision:347281 This port version is marked as vulnerable.
mat search for other commits by this committer
Try and have BIND start earlier.

Sponsored by:	Absolight
04 Mar 2014 17:37:54
Original commit files touched by this commit  9.9.5_2
Revision:347047 This port version is marked as vulnerable.
mat search for other commits by this committer
Actually commit what I tested.

Sponsored by:	Absolight
04 Mar 2014 17:32:46
Original commit files touched by this commit  9.9.5_2
Revision:347046 This port version is marked as vulnerable.
mat search for other commits by this committer
Don't polute isc-config.sh with gssapi flags.

Submitted by:	hrs
Sponsored by:	Absolight
27 Feb 2014 18:10:04
Original commit files touched by this commit  9.9.5_1
Revision:346383 This port version is marked as vulnerable.
mat search for other commits by this committer
Change the BIND ports to use PKGNAMESUFFIX.

Sponsored by:	Absolight
07 Feb 2014 09:15:23
Original commit files touched by this commit  9.9.5_1
Revision:343205 This port version is marked as vulnerable.
mat search for other commits by this committer
Add back the RPZ speed improvements patch.

Many thanks to:	Vernon Schryver
Sponsored by:	Absolight
31 Jan 2014 08:58:46
Original commit files touched by this commit  9.9.5
Revision:341947 This port version is marked as vulnerable.
mat search for other commits by this committer
Update to 9.9.5.

Changes:	https://lists.isc.org/pipermail/bind-announce/2014-January/000896.html
Sponsored by:	Absolight
27 Jan 2014 15:43:42
Original commit files touched by this commit  9.9.4.2
Revision:341417 This port version is marked as vulnerable.
garga search for other commits by this committer
Revert r341073, static libs are not supposed to be PIC
25 Jan 2014 18:28:03
Original commit files touched by this commit  9.9.4.2
Revision:341073 This port version is marked as vulnerable.
garga search for other commits by this committer
Add -fPIC to CFLAGS for amd64, this fix static libraries

Approved by:	mat@ (maintainer)
13 Jan 2014 17:38:28
Original commit files touched by this commit  9.9.4.2
Revision:339612 This port version is marked as vulnerable.
mat search for other commits by this committer
Security update to fix CVE-2014-0591 as reported at
https://kb.isc.org/article/AA-01078/74/

9.9.4 -> 9.9.4-P2
9.8.6 -> 9.8.6-P2
9.6-ESV-R10 -> 9.6-ESV-R10-P2

Security:	CVE-2014-0591 Remote DOS
08 Jan 2014 22:52:19
Original commit files touched by this commit  9.9.4_9
Revision:339186 This port version is marked as vulnerable.
mat search for other commits by this committer
Fixup rndc.conf.sample installation

Spotted by:	antoine
07 Jan 2014 09:55:07
Original commit files touched by this commit  9.9.4_8
Revision:338989 This port version is marked as vulnerable.
erwin search for other commits by this committer
There's always a default value for named_conf now, so no need to
check for it, and espcially not for a wrong value.

Noticed by:	Stefan Bethke <stb@lassitu.de>
Approved by:	mat (maintainer)
06 Jan 2014 23:15:20
Original commit files touched by this commit  9.9.4_7
Revision:338952 This port version is marked as vulnerable.
mat search for other commits by this committer
Yet another round of fixes.

This time, it seems all of REPLACE_BASE, not REPLACE_BASE and post Bind removal
from base seem to work consistently.
06 Jan 2014 21:39:08
Original commit files touched by this commit  9.9.4_6
Revision:338943 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix yet another bug, they're creeping like crazy...
06 Jan 2014 17:31:55
Original commit files touched by this commit  9.9.4_5
Revision:338910 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix gssapi options knob.
06 Jan 2014 14:29:25
Original commit files touched by this commit  9.9.4_4
Revision:338882 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix build with LINKS.
06 Jan 2014 13:34:48
Original commit files touched by this commit  9.9.4_4
Revision:338877 This port version is marked as vulnerable.
mat search for other commits by this committer
Convert to staging and new options.
04 Jan 2014 19:25:57
Original commit files touched by this commit  9.9.4_3
Revision:338674 This port version is marked as vulnerable.
mat search for other commits by this committer
Add the DOCS option to OPTIONS_DEFAULT.
02 Jan 2014 13:43:12
Original commit files touched by this commit  9.9.4_2
Revision:338442 This port version is marked as vulnerable.
erwin search for other commits by this committer
Hand the BIND ports to a new volunteer.
10 Dec 2013 10:01:21
Original commit files touched by this commit  9.9.4_2
Revision:336054 This port version is marked as vulnerable.
erwin search for other commits by this committer
Fix build with GSSAPI option without Kerberos

PR:		184560
Submitted by:	Dewayne <dewayne@heuristicsystems.com.au>
08 Dec 2013 19:49:52
Original commit files touched by this commit  9.9.4_2
Revision:335933 This port version is marked as vulnerable.
marino search for other commits by this committer
bind(96,98,99): Couple OSVERSION with OPSYS

OSVERSION is platform-specific and must be used with OPSYS.

Approved by:	maintainer (erwin)
07 Dec 2013 10:50:23
Original commit files touched by this commit  9.9.4_2
Revision:335824 This port version is marked as vulnerable.
gjb search for other commits by this committer
To prevent fallout of lowering __FreeBSD_version in releng/10.0 branch,
adjust OSVERSION evaluation in ports that specifically use '100050N'.

Approved by:	affected maintainers (implicit)
Sponsored by:	The FreeBSD Foundation
05 Dec 2013 12:54:56
Original commit files touched by this commit  9.9.4_2
Revision:335667 This port version is marked as vulnerable.
erwin search for other commits by this committer
Install named.conf as named.conf.sample and don't overwrite on upgrade

Bullet hole in foot:	joeld
Pointy hat:		erwin
04 Dec 2013 12:15:53
Original commit files touched by this commit  9.9.4_1
Revision:335618 This port version is marked as vulnerable.
erwin search for other commits by this committer
Fix build with GSSAPI

Submitted by:	sunpoet
22 Nov 2013 19:05:01
Original commit files touched by this commit  9.9.4_1
Revision:334604 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
- Respect BIND_DESTETC and PREFIX

Submitted by:	sunpoet (myself)
Approved by:	erwin (maintainer)
22 Nov 2013 13:41:34
Original commit files touched by this commit  9.9.4_1
Revision:334593 This port version is marked as vulnerable.
erwin search for other commits by this committer
Fix startup script.

PR:		184159 [1]
Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com> [1],
		Trond Endrestoel <Trond.Endrestol@ximalas.info> (private email)
12 Nov 2013 10:59:20
Original commit files touched by this commit  9.9.4
Revision:333563 This port version is marked as vulnerable.
erwin search for other commits by this committer
Support FreeBSD 10.0.

On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.

LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.

Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
04 Nov 2013 11:23:11
Original commit files touched by this commit  9.9.4
Revision:332693 This port version is marked as vulnerable.
erwin search for other commits by this committer
Drop support for REPLACE_BIND option after BIND was removed from base,
there's nothing to replace.
23 Sep 2013 10:20:56
Original commit files touched by this commit  9.9.4
Revision:327967 This port version is marked as vulnerable.
erwin search for other commits by this committer
Add an option for filter-aaaa

Submitted by:	Matej Gregr <matej.gregr@gmail.com>
20 Sep 2013 16:31:58
Original commit files touched by this commit  9.9.4
Revision:327719 This port version is marked as vulnerable.
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
dns)
20 Sep 2013 08:22:45
Original commit files touched by this commit  9.9.4
Revision:327668 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to 9.9.4

Note that the Rate Limiting option has been renamed.

Security Fixes

   Previously an error in bounds checking on the private type
   'keydata' could be used to deny service through a deliberately
   triggerable REQUIRE failure (CVE-2013-4854).  [RT #34238]

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

New Features
(Only the first 15 lines of the commit message are shown above View all of this commit message)
17 Sep 2013 11:31:49
Original commit files touched by this commit  9.9.3.2
Revision:327469 This port version is marked as vulnerable.
erwin search for other commits by this committer
Make GSSAPI support optional

PR:		182122
Submitted by:	Uwe Doering <gemini@geminix.org>
05 Sep 2013 20:18:30
Original commit files touched by this commit  9.9.3.2
Revision:326444 This port version is marked as vulnerable.
bsam search for other commits by this committer
. introduce ICONV_CONFIGURE_BASE variable at Mk/Uses/iconv.mk. It's value is
  "--with-libiconv=${LOCALBASE}" at systems pre OSVERSION 100043 and "" (null)
  otherwise;
. convert all ports which has CONFIGURE_ARGS=--with-libiconv=${LOCALBASE}.

Approved by:	portmgr (bapt, implicit)
27 Jul 2013 21:08:36
Original commit files touched by this commit  9.9.3.2
Revision:323808 This port version is marked as vulnerable.
roberto search for other commits by this committer
Update the RPZ+RL patches for both versions.

Approved by:	erwin
26 Jul 2013 22:19:27
Original commit files touched by this commit  9.9.3.2
Revision:323758 This port version is marked as vulnerable.
roberto search for other commits by this committer
Put back the two patches for RPZ-RL that were removed during the previous
update.
26 Jul 2013 22:05:05
Original commit files touched by this commit  9.9.3.2
Revision:323757 This port version is marked as vulnerable.
roberto search for other commits by this committer
Security update to fix CVE-2013-4854 as reported at
https://kb.isc.org/article/AA-01015/0

9.9.3-p1 -> 9.9.3-P2
9.8.5-p1 -> 9.8.5-P2

9.6.x is not affected, neither is 10.x.

Security:	CVE-2013-4854 Remote DOS
05 Jun 2013 11:51:29
Original commit files touched by this commit  9.9.3.1
Revision:319984 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to 9.9.3-P1

Security Fixes

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

   Now supports NAPTR regular expression validation on all platforms,
   and avoids memory exhaustion compiling pathological regular
   expressions. (CVE-2013-2266)  [RT #32688]

   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of specific queries that are received.  (CVE-2012-5688)
(Only the first 15 lines of the commit message are shown above View all of this commit message)
31 May 2013 09:49:42
Original commit files touched by this commit  9.9.3
Revision:319476 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to 9.9.3
31 May 2013 08:10:57
Original commit files touched by this commit  9.9.2.2
Revision:319468 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update RPZ and RRL patch set:

  - address the issue raised by Bob Harold. RRL on recursive servers
     applies rate limits after waiting for recursion except on
     sub-domains of domains for which the server is authoritative.

  - fix the bug reported by Roy Arends in which "slipped" NXDOMAIN
     responses had rcode values of 0 (NoError) instead of 3 (NXDOMAIN).

  - move reports of RRL drop and slip actions from the "queries"
     log category to the "query-errors" category. Because they are not
     in the "queres" category, enabling or disabling query logging no
     longer affects them.
06 May 2013 07:53:39
Original commit files touched by this commit  9.9.2.2
Revision:317477 This port version is marked as vulnerable.
erwin search for other commits by this committer
Fix typo in RPZRRL_PATCH

Submitted by:	Alexander Yerenkow <yerenkow@gmail.com>
24 Apr 2013 13:17:04
Original commit files touched by this commit  9.9.2.2
Revision:316430 This port version is marked as vulnerable.
zeising search for other commits by this committer
Readd dns/bind-tools.
This is done in a similar manner as the old bind-tools, but uses bind99
instead of bind97 as master port.
Change bind99 to facilitate the bind-tools slave, in a simlar way as was
done for bind97.

Approved by:	erwin (maintainer)
23 Apr 2013 08:26:48
Original commit files touched by this commit  9.9.2.2
Revision:316321 This port version is marked as vulnerable.
erwin search for other commits by this committer
Make pkg-message and pkg-install a local file to the bind98 and bind99
ports and not include the one from the deprecated bind97 port, which is
to be removed.
17 Apr 2013 07:57:55
Original commit files touched by this commit  9.9.2.2
Revision:315942 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update RPZ+RRL patchset to the latest version.

The change makes "slip 1;" send only truncated (TC=1) responses.
Without the change, "slip 1;" is the same as the default of "slip 2;".
That default, which alternates truncated with dropped responses
when the rate limit is exceeded, is better for authoritative DNS
servers, because it further reduces the amplification of an attack
from about 1X to about 0.5X.

DNS RRL is not recommended for recursive servers.

Feature safe:	yes
27 Mar 2013 07:56:12
Original commit files touched by this commit  9.9.2.2
Revision:315356 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to 9.9.2-P2

Removed the check for regex.h in configure in order
to disable regex syntax checking, as it exposes
BIND to a critical flaw in libregex on some
platforms. [RT #32688]

Security:       CVE-2013-2266
15 Mar 2013 14:47:41
Original commit files touched by this commit  9.9.2.1
Revision:314305 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update the RPZ+RRL patch files which remove
working files that should not have been in the patches[1]
Also move to a versioned filename for the patches[2]

Submitted by:	Robert Sargent <robtsgt@gmail.com> [1],
		Vernon Schryver <vjs@rhyolite.com> [2]
05 Feb 2013 09:34:49
Original commit files touched by this commit  9.9.2.1
Revision:311683 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update RPZ+RRL patch to 028.23

A serious Multiple Zone Response Policy Zone (RPZ2)
Speed Improvement bug has been fixed.

`./configure --enable-rpz-nsip --enable-rpz-nsdname`
is now the default.

Responses affected by the all-per-second parameter
are always dropped. The slip value has no effect on them.

There are improved log messages for responses that are
dropped or "slipped," because they would require an
excessive identical referral.
10 Jan 2013 10:37:18
Original commit files touched by this commit  9.9.2.1
Revision:310175 This port version is marked as vulnerable.
erwin search for other commits by this committer
Reduce lenght of the option description for RPZRRL_PATCH to
avoid problems with the older dialog(1) on FreeBSD 8.x

Noticed by:   Terry Kennedy <terry@tmk.com>
09 Jan 2013 10:20:16
Original commit files touched by this commit  9.9.2.1
Revision:310131 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update the response rate limiting patch to the latest
released version of January 5, 2013.

This also includes performance patches to the BIND9
Response Policy Zones (DNS RPZ), Single Zone Response
Policy Zone (RPZ) Speed Improvement, in the same
patch.

More information: http://ss.vix.su/~vjs/rrlrpz.html
04 Jan 2013 10:47:28
Original commit files touched by this commit  9.9.2.1
Revision:309925 This port version is marked as vulnerable.
erwin search for other commits by this committer
Add LICENSE.
04 Jan 2013 10:39:41
Original commit files touched by this commit  9.9.2.1
Revision:309924 This port version is marked as vulnerable.
erwin search for other commits by this committer
Add experimental option for Response Rate Limiting patch.
14 Dec 2012 10:43:36
Original commit files touched by this commit  9.9.2.1
Revision:308897 This port version is marked as vulnerable.
erwin search for other commits by this committer
- Use new OPTIONS_GROUP for DLZ options.[1]
- This also allows more than one DLZ option
  to be set.[2]

Submitted by:	bapt [1] (as RADIO)
Suggested by:	az [2] (thus GROUP instead)
05 Dec 2012 07:46:03
Original commit files touched by this commit  9.9.2.1
Revision:308317 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to the latest patch level from ISC:

  BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
  vulnerable to a software defect that allows a crafted query to
  crash the server with a REQUIRE assertion failure.  Remote
  exploitation of this defect can be achieved without extensive
  effort, resulting in a denial-of-service (DoS) vector against
  affected servers.

Security:	2892a8e2-3d68-11e2-8e01-0800273fe665
		CVE-2012-5688
Feature safe:	yes
03 Dec 2012 10:52:11
Original commit files touched by this commit  9.9.2
Revision:308136 This port version is marked as vulnerable.
erwin search for other commits by this committer
Improve the SSL option description

Submitted by:	Kazunori Fujiwara <fujiwara@jprs.co.jp>
Feature safe:	yes
03 Dec 2012 10:48:18
Original commit files touched by this commit  9.9.2
Revision:308135 This port version is marked as vulnerable.
erwin search for other commits by this committer
Remove gpg signature checking that in itself does not
provide any additional security.

Feature safe:	yes
27 Nov 2012 10:05:32
Original commit files touched by this commit  9.9.2
Revision:307830 This port version is marked as vulnerable.
erwin search for other commits by this committer
- Update CONFLICTS
- Fix a typo in the OPTIONSNG conversion
- Add FIXED_RRSET option
- Add RPZ options (9.8 and 9.8 only)

PR:		172586
Submitted by:	Craig Leres <leres@ee.lbl.gov>
Feature safe:	yes
26 Oct 2012 08:37:11
Original commit files touched by this commit  9.9.2
Revision:306427 This port version is marked as vulnerable.
erwin search for other commits by this committer
Reduce lenght of the option description for DLZ_MYSQL to
avoid problems with the older dialog(1) on FreeBSD 8.x

Noticed by:	Terry Kennedy <terry@tmk.com>
Feature safe:	yes
25 Oct 2012 10:53:57
Original commit files touched by this commit  9.9.2
Revision:306379 This port version is marked as vulnerable.
erwin search for other commits by this committer
- Convert to OPTIONSNG
- Turn on IPv6 support by default

Feature safe:	yes
19 Oct 2012 13:20:03
Original commit files touched by this commit  9.9.2
Revision:306119 This port version is marked as vulnerable.
erwin search for other commits by this committer
Force python off to disable build time detection of python.

Submitted by:	zeising
Feature safe:	yes
19 Oct 2012 10:17:28
Original commit files touched by this commit  9.9.2
Revision:306113 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to 9.9.2

Feature safe:	yes
10 Oct 2012 11:54:44
Original commit files touched by this commit  9.9.1.4
Revision:305645 This port version is marked as vulnerable.
erwin search for other commits by this committer
Upgrade to the latest BIND patch level:

A deliberately constructed combination of records could cause named
to hang while populating the additional section of a response.

Security:	 
http://www.vuxml.org/freebsd/57a700f9-12c0-11e2-9f86-001d923933b6.html
10 Oct 2012 09:11:41
Original commit files touched by this commit  9.9.1.3
Revision:305639 This port version is marked as vulnerable.
erwin search for other commits by this committer
Take maintainership of the BIND ports while I'm working on the latest
security releases.
08 Oct 2012 10:38:48
Original commit files touched by this commit  9.9.1.3
Revision:305526 This port version is marked as vulnerable.
dougb search for other commits by this committer
Throw my ports back in the pool, and make my intentions clear for the
various ports that I've created.

I bid fond fare well
A chapter closes for me
What opens for you?
19 Sep 2012 03:46:36
Original commit files touched by this commit  9.9.1.3
Revision:304476 This port version is marked as vulnerable.
dougb search for other commits by this committer
Upgrade to the latest BIND patch level:

Prevents a crash when queried for a record whose RDATA exceeds
65535 bytes.

Prevents a crash when validating caused by using "Bad cache" data
before it has been initialized.

ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries.

A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process.

For more information: https://kb.isc.org/article/AA-00788
24 Jul 2012 19:23:23
Original commit files touched by this commit  9.9.1.2
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure
in BIND9

High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a "bad cache" data structure
before it has been initialized.

CVE: CVE-2012-3817
Posting date: 24 July, 2012
04 Jun 2012 21:51:34
Original commit files touched by this commit  9.9.1.1
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Upgrade to 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, and 9.9.1-P1, the latest
from ISC. These patched versions contain a critical bugfix:

  Processing of DNS resource records where the rdata field is zero length
  may cause various issues for the servers handling them.

  Processing of these records may lead to unexpected outcomes. Recursive
  servers may crash or disclose some portion of memory to the client.
  Secondary servers may crash on restart after transferring a zone
  containing these records. Master servers may corrupt zone data if the
  zone option "auto-dnssec" is set to "maintain". Other unexpected
  problems that are not listed here may also be encountered.

All BIND users are strongly encouraged to upgrade.
23 May 2012 04:40:55
Original commit files touched by this commit  9.9.1
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Upgrade to BIND versions 9.9.1, 9.8.3, 9.7.6, and 9.6-ESV-R7,
the latest from ISC. These versions all contain the following:

Feature Change

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

Bug Fix

*  The locking strategy around the handling of iterative queries
   has been tuned to reduce unnecessary contention in a multi-
   threaded environment.

Each version also contains other critical bug fixes.

All BIND users are encouraged to upgrade to these latest versions.
23 May 2012 04:40:33
Original commit files touched by this commit  9.9.0_1
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Remove patch that is incorporated into version 9.9.1
04 Apr 2012 22:03:08
Original commit files touched by this commit  9.9.0_1
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Switch to using the PORTDOCS macro

Feature safe:   yes

Number of commits found: 106 (showing only 100 on this page)

1 | 2  »  

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
ntpDec 20
ntp-develDec 20
gitDec 19
otrsDec 16
mod_dav_svnDec 15
subversionDec 15
subversion16Dec 15
subversion17Dec 15
nvidia-driverDec 14
nvidia-driver-173Dec 14
nvidia-driver-304Dec 14
asterisk11Dec 11
bind99Dec 11
xorg-serverDec 10
unboundDec 09

10 vulnerabilities affecting 27 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24436
Broken 145
Deprecated 70
Ignore 398
Forbidden 2
Restricted 207
No CDROM 93
Vulnerable 19
Expired 0
Set to expire 65
Interactive 0
new 24 hours 4
new 48 hours7
new 7 days25
new fortnight43
new month130

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.