FreeBSD-src - Raptor Engineering's fork of pfsense FreeBSD src with pfSense changes

	Commit message (Collapse)	Author	Age	Files	Lines
*	Vendor import of BIND 9.4.2	dougb	2007-12-02	57	-508/+854
\|
*	Vendor import of 9.4.1-P1, which has fixes for the following:	dougb	2007-07-25	2	-8/+34
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	1. The default access control lists (acls) are not being correctly set. If not set anyone can make recursive queries and/or query the cache contents. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 2. The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 Approved by: re (kensmith, implicit)
*	Remove from the vendor branch files that are no longer	dougb	2007-06-02	2	-324/+0
\| \| \| \|	present in BIND 9.4.1.
*	Vendor import of BIND 9.4.1	dougb	2007-06-02	127	-6357/+13235
\|
*	Vendor import of BIND 9.3.3	dougb	2006-12-10	71	-1030/+1411
\|
*	Update to version 9.3.2-P2, which addresses the vulnerability	dougb	2006-11-04	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	announced by ISC dated 31 October (delivered via e-mail to the bind-announce@isc.org list on 2 November): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339.
*	Vendor import of BIND 9.3.2-P1, which addresses the following security	dougb	2006-09-06	1	-3/+3
\| \| \| \| \| \| \| \| \| \| \| \| \|	vulnerabilities: http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en 2066. [security] Handle SIG queries gracefully. [RT #16300] http://www.kb.cert.org/vuls/id/697164 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] All users of BIND 9 are encouraged to upgrade to this version.
*	Remove files from the vendor branch that are no longer present	dougb	2006-01-14	8	-2354/+0
\| \| \| \|	in BIND 9.3.2 that were mistakenly removed from HEAD.
*	Vendor import of BIND 9.3.2	dougb	2005-12-29	65	-11049/+5834
\|
*	Vendor import of BIND 9.3.1	dougb	2005-03-17	25	-134/+337
\|
*	Vendor import of BIND 9.3.0.	des	2004-09-23	3	-5/+7
\|
*	Vender import of BIND 9.3.0rc4.	trhodes	2004-09-19	136	-0/+62570