---
- branch: MAIN
  date: Wed Oct 10 03:07:13 UTC 2012
  files:
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/net/bind99/Makefile
    pathrev: pkgsrc/net/bind99/Makefile@1.13
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/net/bind99/PLIST
    pathrev: pkgsrc/net/bind99/PLIST@1.3
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/net/bind99/distinfo
    pathrev: pkgsrc/net/bind99/distinfo@1.9
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/net/bind99/patches/patch-bin_tests_system_Makefile.in
    pathrev: pkgsrc/net/bind99/patches/patch-bin_tests_system_Makefile.in@1.3
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/net/bind99/patches/patch-configure
    pathrev: pkgsrc/net/bind99/patches/patch-configure@1.3
    type: modified
  - new: '1.2'
    old: '1.1'
    path: pkgsrc/net/bind99/patches/patch-configure.in
    pathrev: pkgsrc/net/bind99/patches/patch-configure.in@1.2
    type: modified
  id: 20121010T030713Z.cc080c3f0588a04a5f719fcddf7c0b37c0e4f268
  log: |
    Update bind99 to 9.9.2 (BIND 9.9.2).

    Here are change changes from release note.  Note security fixes except
    CVE-2012-5166 should be already fixed in previous version of bind99 package.

    Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.

    Security Fixes

    * A deliberately constructed combination of records could cause named to hang
      while populating the additional section of a response. [CVE-2012-5166] [RT
      #31090]
    * Prevents a named assert (crash) when queried for a record whose RDATA
      exceeds 65535 bytes.  [CVE-2012-4244] [RT #30416]
    * Prevents a named assert (crash) when validating caused by using "Bad cache"
      data before it has been initialized. [CVE-2012-3817] [RT #30025]
    * A condition has been corrected where improper handling of zero-length RDATA
      could cause undesirable behavior, including termination of the named
      process. [CVE-2012-1667] [RT #29644]
    * ISC_QUEUE handling for recursive clients was updated to address a race
      condition that could cause a memory leak. This rarely occurred with UDP
      clients, but could be a significant problem for a server handling a steady
      rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]

    New Features

    * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
      now supported per RFC 6605. [RT #21918]
    * Introduces a new tool "dnssec-checkds" command that checks a zone to
      determine which DS records should be published in the parent zone, or which
      DLV records should be published in a DLV zone, and queries the DNS to ensure
      that it exists. (Note: This tool depends on python; it will not be built or
      installed on systems that do not have a python interpreter.)  [RT #28099]
    * Introduces a new tool "dnssec-verify" that validates a signed zone, checking
      for the correctness of signatures and NSEC/NSEC3 chains.  [RT #23673]
    * Adds configuration option "max-rsa-exponent-size <value>;" that can be used
      to specify the maximum rsa exponent size that will be accepted when
      validating [RT #29228]

    Feature Changes

    * Improves OpenSSL error logging [RT #29932]
    * nslookup now returns a nonzero exit code when it is unable to get an answer.
      [RT #29492]
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/bind99'
  unixtime: '1349838433'
  user: taca