bind security update

[32:9.8.2-0.68.rc1.0.3.8]

• Backport fix for CVE-2018-5741 [Orabug: 33496185]
  [32:9.8.2-0.68.rc1.0.2.8]
• Backport possible assertion failure on DNAME processing (CVE-2021-25215)
  [32:9.8.2-0.68.rc1.0.1.8]
• Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749)
  [32:9.8.2-0.68.rc1.8]
• Fix tsig-request verify (CVE-2020-8622)
  [32:9.8.2-0.68.rc1.7]
• Correct tests covering CVE-2020-8617
  [32:9.8.2-0.68.rc1.6]
• Add additional fix to limit recursions
  [32:9.8.2-0.68.rc1.5]
• Add CVE tests to codebase
  [32:9.8.2-0.68.rc1.4]
• Limit number of queries triggered by a request (CVE-2020-8616)
• Fix invalid tsig request (CVE-2020-8617)
  [32:9.8.2-0.68.rc1.3]
• Use only selected documentation files
  [32:9.8.2-0.68.rc1.2]
• Fix CVE-2018-5743
  [32:9.8.2-0.68.rc1.1]
• Fix CVE-2018-5740
  [32:9.8.2-0.68.rc1]
• Fix CVE-2017-3145
  [32:9.8.2-0.67.rc1]
• Change EDNS flags only after successful query (#1416035)
• Fix crash in ldap driver at bind-sdb stop (#1426626)
  [32:9.8.2-0.66.rc1]
• Fix CVE-2017-3142 and CVE-2017-3143
  [32:9.8.2-0.65.rc1]
• Update root servers and trust anchors
  [32:9.8.2-0.64.rc1]
• Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391)
  [32:9.8.2-0.63.rc1]
• Fix CVE-2017-3136 (ISC change 4575)
• Fix CVE-2017-3137 (ISC change 4578)
  [32:9.8.2-0.62.rc1]
• Fix and test caching CNAME before DNAME (ISC change 4558)
  [32:9.8.2-0.61.rc1]
• Fix CVE-2016-9147 (ISC change 4510)
• Fix regression introduced by CVE-2016-8864 (ISC change 4530)
  [32:9.8.2-0.60.rc1]
• Restore SELinux contexts before named restart
  [32:9.8.2-0.59.rc1]
• Use /lib or /lib64 only if directory in chroot already exists
• Tighten NSS library pattern, escape chroot mount path
  [32:9.8.2-0.58.rc1]
• Fix CVE-2016-8864
  [32:9.8.2-0.57.rc1]
• Do not change lib permissions in chroot (#1321239)
• Support WKS records in chroot (#1297562)
  [32:9.8.2-0.56.rc1]
• Do not include patch backup in docs (fixes #1325081 patch)
  [32:9.8.2-0.55.rc1]
• Backported relevant parts of [RT #39567] (#1259923)
  [32:9.8.2-0.54.rc1]
• Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)
  [32:9.8.2-0.53.rc1]
• Fix multiple realms in nsupdate script like upstream (#1313286)
  [32:9.8.2-0.52.rc1]
• Fix multiple realm in nsupdate script (#1313286)
  [32:9.8.2-0.51.rc1]
• Use resolver-query-timeout high enough to recover all forwarders (#1325081)
  [32:9.8.2-0.50.rc1]
• Fix CVE-2016-2848
  [32:9.8.2-0.49.rc1]
• Fix infinite loop in start_lookup (#1306504)
  [32:9.8.2-0.48.rc1]
• Fix CVE-2016-2776
  [32:9.8.2-0.47.rc1]
• Fix CVE-2016-1285 and CVE-2016-1286
  [32:9.8.2-0.46.rc1]
• Fix CVE-2015-8704
  [32:9.8.2-0.45.rc1]
• Updated named.ca hints file to the latest version (#1267991)
  [32:9.8.2-0.44.rc1]
• Fix CVE-2015-8000
  [32:9.8.2-0.43.rc1]
• Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1227189)
• Added the fixed tarball with configuration to Sources (Related: #1223359)
  [32:9.8.2-0.42.rc1]
• Don’t use ISC’s DLV by default (#1223359)
  [32:9.8.2-0.41.rc1]
• Added support for CAA records (#1252611)
  [32:9.8.2-0.40.rc1]
• Fix CVE-2015-5722
  [32:9.8.2-0.39.rc1]
• Fix CVE-2015-5477
  [32:9.8.2-0.38.rc1]
• Fix CVE-2015-4620
  [32:9.8.2-0.37.rc1]
• Resolves: 1215687 - DNS resolution failure in high load environment with
  SERVFAIL and ‘out of memory/success’ in the log
  [32:9.8.2-0.36.rc1]
• Fix CVE-2015-1349
  [32:9.8.2-0.35.rc1]
• Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476)
  [32:9.8.2-0.34.rc1]
• Fix race condition when using isc__begin_beginexclusive (#1175321)
  [32:9.8.2-0.33.rc1]
• Sanitize SDB API to better handle database errors (#1146893)
  [32:9.8.2-0.32.rc1]
• Fix CVE-2014-8500 (#1171974)
  [32:9.8.2-0.31.rc1]
• Fix RRL slip behavior when set to 1 (#1112356)
• Fix issue causing bind to hang after reload if using DYNDB (#1142152)
  [32:9.8.2-0.30.rc1]
• Use /dev/urandom when generating rndc.key file (#951255)
  [32:9.8.2-0.29.rc1]
• Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035
  [32:9.8.2-0.28.rc1]
• Add support for TLSA resource records (#956685)
• Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)
  [32:9.8.2-0.27.rc1]
• Fix segmentation fault in nsupdate when -r option is used (#1064045)
• Fix race condition on send buffer in host tool when sending UDP query (#1008827)
• Allow authentication using TSIG in allow-notify configuration statement (#1044545)
• Fix SELinux context of /var/named/chroot/etc/localtime (#902431)
• Include updated named.ca file with root server addresses (#917356)
• Don’t generate rndc.key if there is rndc.conf on start-up (#997743)
• Fix dig man page regarding how to disable IDN (#1023045)
• Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)
  [32:9.8.2-0.26.rc1]
• Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)
• Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)
• Don’t (un)mount chroot filesystem when running initscript command configtest with running server (#851123)
• Fix zone2sqlite tool to accept zones containing ‘.’ or ‘-’ or starting with a digit (#919414)
• Fix initscript not to mount chroot filesystem is named is already running (#948743)
• Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)
• Correct the installed documentation ownership (#1051283)
  [32:9.8.2-0.25.rc1]
• configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)
• Fix race condition when destroying a resolver fetch object (#993612)
• Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)
• Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)
  [32:9.8.2-0.24.rc1]
• Fix CVE-2014-0591
  [32:9.8.2-0.23.rc1]
• Fix gssapictx memory leak (#911167)
  [32:9.8.2-0.22.rc1]
• fix CVE-2013-4854
  [32:9.8.2-0.21.rc1]
• fix CVE-2013-2266
• ship dns/rrl.h in -devel subpkg
  [32:9.8.2-0.20.rc1]
• remove one bogus file from /usr/share/doc, introduced by RRL patch
  [32:9.8.2-0.19.rc1]
• fix CVE-2012-5689
  [32:9.8.2-0.18.rc1]
• add response rate limit patch (#873624)
  [32:9.8.2-0.17.rc1]
• fix CVE-2012-5688
  [32:9.8.2-0.16.rc1]
• initscript: silence spurious ‘named.pid: No such file’ error
  [32:9.8.2-0.15.rc1]
• fix CVE-2012-5166
  [32:9.8.2-0.14.rc1]
• allow forward{,ers} statement in static-stub zones
  [32:9.8.2-0.13.rc1]
• fix CVE-2012-4244
  [32:9.8.2-0.12.rc1]
• fix CVE-2012-3817
  [32:9.8.2-0.11.rc1]
• fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165)
  [32:9.8.2-0.10.rc1]
• fix CVE-2012-1667
  [32:9.8.2-0.9.rc1]
• fix race condition in the resolver module
• nslookup: return non-zero exit code when fail to get answer (#816164)
  [32:9.8.2-0.8.rc1]
• initscript: don’t umount /var/named when didn’t mount it
  [32:9.8.2-0.7.rc1]
• don’t fail when logfile cannot be opened (#809084)
  [32:9.8.2-0.6.rc1]
• fix multilib regression in bind-devel (#800053)
  [32:9.8.2-0.5.rc1]
• fix errors reported by Coverity
• be more strict when caching NS RRsets (CVE-2012-1033)
  [32:9.8.2-0.4.rc1]
• load dynamic-db plugins later (#795414)
  [32:9.8.2-0.3.rc1]
• decrease severity of various errors related to outside DNS environment
  (#788870)
• fixed various bind-chroot packaging errors (#789886)
• use portreserve to reserve rndc control port (#790682)
  [32:9.8.2-0.2.rc1]
• harden dns_zone_setmasterswithkeys() to avoid INSIST failures
• build with ‘–enable-fixed-rrset’
• fix potential memory leak in code which processes rndc authentication
  (#749582)
• generate rndc.key during (#768798)
• nslookup: improve handling of AA responses with recursion off
• removed obsolete bind97-rh714049.patch patch
  [32:9.8.2-0.1.rc1]
• update to 9.8.2rc1
• patches merged
  • bind97-rh754398.patch
  • bind97-rh700097.patch
  • bind97-rh734502.patch
  • bind97-rh746694-1.patch
  • bind97-rh746694-2.patch
  • bind97-rh739406-1.patch
  • bind97-rh739406-2.patch
• ship DNSKEY for root zone in default configuration
  [32:9.7.3-10.P3]
• disable atomic ops on ppc* because they caused named to hang/crash
  [32:9.7.3-9.P3]
• fix race condition in resolver.c:validated()
• improve error handling in zone.c:zone_refreshkeys() to avoid
  hang during shutdown
  [32:9.7.3-8.P3]
• fix DOS against recursive servers (#754398)
  [32:9.7.3-7.P3]
• fix memory leak in nsupdate when using SIG(0) keys
  [32:9.7.3-6.P3]
• load/unload dyndb plugins on appropriate places to avoid crashes (#725577)
• nsupdate could have failed if server has multiple IPs and the first
  was unreachable (#714049)
• nsupdate returned zero when target zone didn’t exist (#700097)
• readd configtest target to initscript
• print ‘the working directory is not writable’ as debug message
• fix some Coverity warnings
  [32:9.7.3-5.P3]
• fix rare race condition in request.c
  [32:9.7.3-4.P3]
• update to 9.7.3-P3 (CVE-2011-2464)
  [32:9.7.3-3.P1]
• update to 9.7.3-P1 (CVE-2011-1910)
  [32:9.7.3-2]
• don’t generate rndc.key during installation
  [32:9.7.3-1]
• update to 9.7.3 (CVE-2011-0414)
• patches merged
  • bind97-gsstsig.patch
  • bind97-rh664401.patch
  • bind97-rh623638.patch
    [32:9.7.2-8.P3]
• regenerate fixed nsupdate manual page
  [32:9.7.2-7.P3]
• improve host/dig resolv.conf parser (#rh669163)
• improve internal test suite
• don’t mention that HMAC-MD5 is the only one TSIG algorighm
  in nsupdate manpage
• initscript: sybsys name is always named, not named-sdb
  [32:9.7.2-6.P3]
• named could die on exit after negotiating a GSS-TSIG key (#653486)
• fix typo in initscript
  [32:9.7.2-5.P3]
• include root zone DNSKEY in the bind package (#667375)
  [32:9.7.2-4.P3]
• solve conflict between i686 and x86_64 bind-devel packages (#658045)
• fix ‘service named status’ when used with named-sdb
• fix ‘krb5-self’ update-policy rule processing (#664401)
• don’t check MD5, size and mtime of sysconfig/named
  [32:9.7.2-3.P3]
• use same atomic operations on both ppc and ppc64 (#623638)
• add new option DISABLE_ZONE_CHECKING to sysconfig/named (#623673)
• document dig exit codes
• add Requires: bind-libs to bind subpkgs
• remove statement about system-config-bind from named.8 manpage (#660676)
  [32:9.7.2-2.P3]
• host utility now honors ‘attempts’, ‘timeout’ and ‘debug’ options in
  resolv.conf (#622764)
• initscript should kill only the ‘correct’ named process (#622785)
• attempt to reconnect to PostgreSQL during each query if the initial
  connection failed (#623190)
  [32:9.7.2-1.P3]
• update to 9.7.2-P3 (#623122)
• patch bind97-managed-keyfile.patch replaced by bind97-compat-keysdir.patch
• patches merged
  • bind97-rh554316.patch
  • bind97-rh576906.patch
    [32:9.7.0-5.P2]
• update to 9.7.0-P2
  [32:9.7.0-4.P1]
• fix occassional crash on keytable.c:286 (#554316)
• active query might be destroyed in resume_dslookup() which triggered REQUIRE
  failure (#507429)
  [32:9.7.0-3.P1]
• update to 9.7.0-P1 release
  [32:9.7.0-2]
• improve automatic DNSSEC reconfiguration trigger
• initscript now returns 2 in case that action doesn’t exist (#523435)
• enable/disable chroot when bind-chroot is installed/uninstalled
  [32:9.7.0-1]
• update to production 9.7.0 release
  [32:9.7.0-0.14.rc2]
• obsolete dnssec-conf
• automatically update configuration from old dnssec-conf based
• improve default configuration; enable DLV by default
• remove obsolete triggerpostun from bind-libs subpackage
  [32:9.7.0-0.13.rc2]
• update to 9.7.0rc2 bugfix release (CVE-2010-0097 and CVE-2010-0290)
  [32:9.7.0-0.12.rc1]
• initscript LSB related fixes (#523435)
• revert the ‘DEBUG’ feature (#510283), it causes too many problems (#545128)
  [32:9.7.0-0.11.rc1]
• disable PKCS11 support. PKCS11 support in openssl is not available in RHEL6
  [32:9.7.0-0.10.rc1]
• update to 9.7.0rc1
• bind97-headers.patch merged
• update default configuration
  [32:9.7.0-0.9.b3]
• update to 9.7.0b3
  [32:9.7.0-0.8.b2]
• install isc/namespace.h header
  [32:9.7.0-0.7.b2]
• update to 9.7.0b2
  [32:9.7.0-0.6.b1]
• update to 9.7.0b1
• add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC
  keys
  [32:9.7.0-0.5.a3]
• don’t package named-bootconf utility, it is very outdated and unneeded
  [32:9.7.0-0.4.a3]
• determine file size via instead of 32_details
  32_list
  32_list_to_copy
  32_list_to_copy_details
  32_list_to_copy_details.out
  32_list_to_copy_details.out_1
  32_list_to_remove_and_ln
  64_details
  64_list
  64_list_to_copy
  64_list_to_copy_details
  64_list_to_copy_details.out
  64_list_to_copy_details.out_1
  64_list_to_remove_and_ln
  6.6
  67_32_list
  67_32_list_1
  67_64_list
  67_64_list_1
  67_src_list
  67_src_list_1
  bak
  baselist
  baselist.out
  ctllist.ELBA-2020-5554-6
  ctllist.ELSA-2022-9117-6
  ctllist.RHBA-2020-3543-6
  ctllist.RHSA-2019-3756-6
  i386_rpms
  k
  next.ctllist.ELSA-2015-3055-6
  pending
  sav.ctllist.RHBA-2017-3213-6a
  src_32_list_to_copy_details
  src_32_list_to_copy_details.out
  src_32_list_to_copy_details.out_1
  src_64_list_to_copy_details
  src_64_list_to_copy_details.out
  src_64_list_to_copy_details.out_1
  src_details
  src_list
  src_list_to_copy
  src_list_to_copy_32
  src_list_to_copy_64
  src_list_to_remove_and_ln
  src_list_to_remove_and_ln_64
  src_rpms
  x86_64_rpms (#523682)
  [32:9.7.0-0.3.a3]
• update to 9.7.0a3
  [32:9.7.0-0.2.a2]
• improve chroot related documentation (#507795)
• add NetworkManager dispatcher script to reload named when network interface is
  activated/deactivated (#490275)
• don’t set/unset named_write_master_zones SELinux boolean every time in
  initscript, modify it only when it’s actually needed
  [32:9.7.0-0.1.a2]
• update to 9.7.0a2
• merged patches
  • bind-96-db_unregister.patch
  • bind96-rh507469.patch
    [32:9.6.1-9.P1]
• next attempt to fix the postun trigger (#520385)
• remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch
  [32:9.6.1-8.P1]
• rebuilt with new openssl
  [32:9.6.1-7.P1]
• update the patch for dynamic loading of database backends
  [32:9.6.1-6.P1]
• 9.6.1-P1 release (CVE-2009-0696)
• fix postun trigger (#513016, hopefully)
  [32:9.6.1-5]
• Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
  [32:9.6.1-4]
• remove useless bind-9.3.3rc2-rndckey.patch
  [32:9.6.1-3]
• fix broken symlinks in bind-libs (#509635)
• fix typos in /etc/sysconfig/named (#509650)
• add DEBUG option to /etc/sysconfig/named (#510283)
  [32:9.6.1-2]
• improved ‘chroot automount’ patches (#504596)
• host should fail if specified server doesn’t respond (#507469)
  [32:9.6.1-1]
• 9.6.1 release
• simplify chroot maintenance. Important files and directories are mounted into
  chroot (see /etc/sysconfig/named for more info, #504596)
• fix doc/named.conf.default perms
  [32:9.6.1-0.4.rc1]
• 9.6.1rc1 release
  [32:9.6.1-0.3.b1]
• update the patch for dynamic loading of database backends
• create %{_libdir}/bind directory
• copy default named.conf to doc directory, shared with s-c-bind (atkac)
  [32:9.6.1-0.2.b1]
• update the patch for dynamic loading of database backends
• fix dns_db_unregister()
• useradd now takes ‘-N’ instead of ‘-n’ (atkac, #495726)
• print nicer error msg when zone file is actually a directory (atkac, #490837)
  [32:9.6.1-0.1.b1]
• 9.6.1b1 release
• patches merged
  • bind-96-isc_header.patch
  • bind-95-rh469440.patch
  • bind-96-realloc.patch
  • bind9-fedora-0001.diff
• use -version-number instead of -version-info libtool param
  [32:9.6.0-11.1.P1]
• logrotate configuration file now points to /var/named/data/named.run by
  default (#489986)
  [32:9.6.0-11.P1]
• fall back to insecure mode when no supported DNSSEC algorithm is found
  instead of SERVFAIL
• don’t fall back to non-EDNS0 queries when DO bit is set
  [32:9.6.0-10.P1]
• enable DNSSEC only if it is enabled in sysconfig/dnssec
  [32:9.6.0-9.P1]
• add DNSSEC support to initscript, enabled it per default
• add requires dnssec-conf
  [32:9.6.0-8.P1]
• fire away libbind, it is now separate package
  [32:9.6.0-7.P1]
• fixed some read buffer overflows (upstream)
  [32:9.6.0-6.P1]
• Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
  [32:9.6.0-5.P1]
• update the patch for dynamic loading of database backends
• include iterated_hash.h
  [32:9.6.0-4.P1]
• rebuild for dependencies
  [32:9.6.0-3.P1]
• rebuild against new openssl
  [32:9.6.0-2.P1]
• 9.6.0-P1 release (CVE-2009-0025)
  [32:9.6.0-1]
• Happy new year
• 9.6.0 release
  [32:9.6.0-0.7.rc2]
• 9.6.0rc2 release
• bind-96-rh475120.patch merged
  [32:9.6.0-0.6.rc1]
• add patch for dynamic loading of database backends
  [32:9.6.0-0.5.1.rc1]
• allow to reuse address for non-random query-source ports (#475120)
  [32:9.6.0-0.5.rc1]
• 9.6.0rc1 release
• patches merged
  • bind-9.2.0rc3-varrun.patch
  • bind-95-sdlz-include.patch
  • bind-96-libxml2.patch
• fixed rare use-after-free problem in host utility (#452060)
• enabled chase of DNSSEC signature chains in dig
  [32:9.6.0-0.4.1.b1]
• improved sample config file (#473586)
  [32:9.6.0-0.4.b1]
• reverted previous change, koji doesn’t like it
  [32:9.6.0-0.3.b1]
• build bind-chroot as noarch
  [32:9.6.0-0.2.1.b1]
• updates due libtool 2.2.6
• don’t pass -DLDAP_DEPRECATED to cpp, handle it directly in sources
  [32:9.6.0-0.2.b1]
• make statistics http server working, patch backported from 9.6 HEAD
  [32:9.6.0-0.1.b1]
• 9.6.0b1 release
• don’t build ODBC and Berkeley DB DLZ drivers
• end of bind-chroot-admin script, copy config files to chroot manually
• /proc doesn’t have to be mounted to chroot
• temporary use libbind from 9.5 series, noone has been released for 9.6 yet
  [32:9.5.1-0.8.4.b2]
• dig/host: use only IPv4 addresses when -4 option is specified (#469440)
  [32:9.5.1-0.8.2.b2]
• removed unneeded bind-9.4.1-ldap-api.patch
  [32:9.5.1-0.8.1.b2]
• ship dns/{s,}dlz.h and isc/radix.h in bind-devel
  [32:9.5.1-0.8.b2]
• removed bind-9.4.0-dnssec-directory.patch, it is wrong
  [32:9.5.1-0.7.b2]
• 9.5.1b2 release
• patches merged
  • bind95-rh454783.patch
  • bind-9.5-edns.patch
  • bind95-rh450995.patch
  • bind95-rh457175.patch
    [32:9.5.1-0.6.b1]
• IDN output strings didn’t honour locale settings (#461409)
  [32:9.5.1-0.5.b1]
• disable transfer stats on DLZ zones (#454783)
  [32:9.5.1-0.4.b1]
• add forgotten patch for #457175
• build with -O2
  [32:9.5.1-0.3.b1]
• static libraries are no longer supported
• IP acls weren’t merged correctly (#457175)
• use fPIE on sparcv9/sparc64 (Dennis Gilmore)
• add sparc64 to list of 64bit arches in spec (Dennis Gilmore)
  [32:9.5.1-0.2.b1]
• updated patches due new rpm (–fuzz=0 patch parameter)
  [32:9.5.1-0.1.1.b1]
• use %patch0 for Patch0 (#455061)
• correct source address (#455118)
  [32:9.5.1-0.1.b1]
• 9.5.1b1 release (CVE-2008-1447)
• dropped bind-9.5-recv-race.patch because upstream doesn’t want it
  [32:9.5.0-37.1]
• update default named.conf statements (#452708)
  [32:9.5.0-37]
• some compat changes to fix building on RHEL4
  [32:9.5.0-36.3]
• fixed typo in %posttrans script
  [32:9.5.0-36.2]
• parse inner acls correctly (#450995)
  [32:9.5.0-36.1]
• removed dns-keygen utility in favour of rndc-confgen -a (#449287)
• some minor sample fixes (#449274)
  [32:9.5.0-36]
• updated to 9.5.0 final
• use getifaddrs to find available interfaces
  [32:9.5.0-35.rc1]
• make /var/run/named writable by named (#448277)
• fixed one non-utf8 file
  [32:9.5.0-34.rc1]
• fixes needed to pass package review (#225614)
  [32:9.5.0-33.1.rc1]
• bind-chroot now depends on bind (#446477)
  [32:9.5.0-33.rc1]
• updated to 9.5.0rc1
• merged patches
  • bind-9.5-libcap.patch
• make binaries readable by others (#427826)
  [32:9.5.0-32.b3]
• reverted ‘any’ patch, upstream says not needed
• log EDNS failure only when we really switch to plain EDNS (#275091)
• detect configuration file better
  [32:9.5.0-31.1.b3]
• addresses 0.0.0.0 and ::0 really match any (#275091, comment #28)
  [32:9.5.0-31.b3]
• readded bind-9.5-libcap.patch
• added bind-9.5-recv-race.patch from F8 branch (#400461)
  [32:9.5.0-30.1.b3]
• build Berkeley DB DLZ backend
  [32:9.5.0-30.b3]
• 9.5.0b3 release
• dropped patches (upstream)
  • bind-9.5-transfer-segv.patch
  • bind-9.5-mudflap.patch
  • bind-9.5.0-generate-xml.patch
  • bind-9.5-libcap.patch
    [32:9.5.0-29.3.b2]
• fixed named.conf.sample file (#437569)
  [32:9.5.0-29.2.b2]
• fixed URLs
  [32:9.5.0-29.1.b2]
• BuildRequires cleanup
  [32:9.5.0-29.b2]
• rebuild without mudflap (#434159)
  [32:9.5.0-28.b2]
• port named to use libcap library, enable threads (#433102)
• removed some unneeded Requires
  [32:9.5.0-27.b2]
• removed conditional build with libefence (use -fmudflapth instead)
• fixed building of DLZ stuff (#432497)
• do not build Berkeley DB DLZ backend
• temporary build with --disable-linux-caps and without threads (#433102)
• update named.ca file to affect IPv6 changes in root zone
  [32:9.5.0-26.b2]
• build with -D_GNU_SOURCE (#431734)
• improved fix for #253537, posttrans script is now used
• improved fix for #400461
• 9.5.0b2
  • bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch
    • only named, named-sdb and lwresd are PIE
  • bind-9.5-sdb.patch has been updated
  • bind-9.5-libidn.patch has been updated
  • bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch
  • removed bind-9.5-gssapi-header.patch (upstream)
  • removed bind-9.5-CVE-2008-0122.patch (upstream)
• removed bind-9.2.2-nsl.patch
• improved sdb_tools Makefile.in
  [32:9.5.0-25.b1]
• fixed segfault during sending notifies (#400461)
• rebuild with gcc 4.3 series
  [32:9.5.0-24.b1]
• removed bind-9.3.2-prctl_set_dumpable.patch (upstream)
• allow parallel building of libdns library
• CVE-2008-0122
  [32:9.5.0-23.b1]
• fixed initscript wait loop (#426382)
• removed dependency on policycoreutils and libselinux (#426515)
  [32:9.5.0-22.b1]
• fixed regression caused by libidn2 patch (#426348)
  [32:9.5.0-21.b1]
• fixed typo in post section (CVE-2007-6283)
  [32:9.5.0-20.b1]
• removed obsoleted triggers
• CVE-2007-6283
  [32:9.5.0-19.2.b1]
• added dst/gssapi.h to -devel subpackage (#419091)
• improved fix for (#417431)
  [32:9.5.0-19.1.b1]
• fixed shutdown with initscript when rndc doesn’t work (#417431)
• fixed IDN patch (#412241)
  [32:9.5.0-19.b1]
• 9.5.0b1 (#405281, #392491)
  [32:9.5.0-18.6.a7]
• Rebuild for deps
  [32:9.5.0-18.5.a7]
• build with -O0
  [32:9.5.0-18.4.a7]
• bind-9.5-random_ports.patch was removed because upstream doesn’t
  like it. query-source{,v6} options are sufficient (#391931)
• bind-chroot-admin called restorecon on /proc filesystem (#405281)
  [32:9.5.0-18.3.a7]
• removed edns patch to keep compatibility with vanilla bind
  (#275091, comment #20)
  [32:9.5.0-18.2.a7]
• use system port selector instead ISC’s (#391931)
  [32:9.5.0-18.a7]
• removed statement from initscript which passes -D to named
  [32:9.5.0-17.a7]
• 9.5.0a7
• dropped patches (upstream)
  • bind-9.5-update.patch
  • bind-9.5-pool_badfree.patch
  • bind-9.5-_res_errno.patch
    [32:9.5.0-16.5.a6]
• added bind-sdb again, contains SDB modules and DLZ modules
• bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch
  [32:9.5.0-16.4.a6]
• removed Requires: openldap, postgresql, mysql, db4, unixODBC
• new L.ROOT-SERVERS.NET address
  [32:9.5.0-16.3.a6]
• completely disable DBUS
  [32:9.5.0-16.2.a6]
• minor cleanup in bind-chroot-admin
  [32:9.5.0-16.1.a6]
• fixed typo in initscript
  [32:9.5.0-16.a6]
• disabled DBUS (dhcdbd doesn’t exist & #339191)
  [32:9.5.0-15.1.a6]
• fixed missing va_end () functions (#336601)
• fixed memory leak when dbus initialization fails
  [32:9.5.0-15.a6]
• corrected named.5 SDB statement (#326051)
  [32:9.5.0-14.a6]
• added edns patch again (#275091)
  [32:9.5.0-13.a6]
• removed bind-9.3.3-edns.patch patch (see #275091 for reasons)
  [32:9.5.0-12.4.a6]
• build with O2
• removed ‘autotools’ patch
• bugfixing in bind-chroot-admin (#279901)
  [32:9.5.0-12.a6]
• bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are
  obsoleted by upstream bind-9.5-_res_errno.patch
  [32:9.5.0-11.9.a6]
• fixed wrong resolver’s dispatch pool cleanup (#275011, patch from
  tmraz redhat com)
  [32:9.5.0-11.3.a6]
• initscript failure message is now printed correctly (#277981,
  Quentin Armitage (quentin armitage org uk) )
  [32:9.5.0-11.2.a6]
• temporary revert ISC 2119 change and add ‘libbind-errno’ patch
  (#254501) again
  [32:9.5.0-11.1.a6]
• removed end dots from Summary sections ([email protected])
• fixed wrong file creation by autotools patch ([email protected])
  [32:9.5.0-11.a6]
• start using --disable-isc-spnego configure option
  • remove bind-9.5-spnego-memory_management.patch (source isn’t
    compiled)
    [32:9.5.0-10.2.a6]
• added new initscript option KEYTAB_FILE which specified where
  is located kerberos .keytab file for named service
• obsolete temporary bind-9.5-spnego-memory_management.patch by
  bind-9.5-gssapictx-free.patch which conforms BIND coding standards
  (#251853)
  [32:9.5.0-10.a6]
• dropped direct dependency to /etc/openldap/schema directory
• changed hardcoded paths to macros
• fired away code which configure LDAP server
  [32:9.5.0-9.1.a6]
• named could crash with SRV record UPDATE (#251336)
  [32:9.5.0-9.a6]
• disable 64bit dlz driver patch on alpha and ia64 (#251298)
• remove wrong malloc functions from lib/dns/spnego.c (#251853)
  [32:9.5.0-8.2.a6]
• changed licence from BSD-like to ISC
  [32:9.5.0-8.1.a6]
• disabled named on all runlevels by default
  [32:9.5.0-8.a6]
• minor next improvements on autotools patch
• dig and host utilities now using libidn instead idnkit for
  IDN support
  [32:9.5.0-7.a6]
• binutils/gcc bug rebuild (#249435)
  [32:9.5.0-6.a6]
• updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and
  CVE-2007-2926
• fixed building on 64bits
  [31:9.5.0a5-5]
• integrated ‘autotools’ patch for testing purposes (upstream will
  accept it in future, for easier building)
  [31:9.5.0a5-4.1]
• fixed DLZ drivers building on 64bit systems
  [31:9.5.0a5-4]
• fixed relation between logrotated and chroot-ed named
  [31:9.5.0a5-3.9]
• removed bind-sdb package (default named has compiled SDB backend now)
• integrated DLZ (Dynamically loadable zones) drivers
• integrated GSS-TSIG support (RFC 3645)
• build with -O0 (many new features, potential core dumps will be more useful)
  [31:9.5.0a5-3.2]
• initscript should be ready for parallel booting (#246878)
  [31:9.5.0a5-3]
• handle integer overflow in isc_time_secondsastimet function gracefully (#247856)
  [31:9.5.0a5-2.2]
• moved chroot configfiles into chroot subpackage (#248306)
  [31:9.5.0a5-2]
• minor changes in default configuration
• fix h_errno assigment during resolver initialization (unbounded recursion, #245857)
• removed wrong patch to #150288
  [31:9.5.0a5-1]
• updated to latest upstream
  [31:9.4.1-7]
• marked caching-nameserver as obsolete (#244604)
• fixed typo in initscript (causes that named doesn’t detect NetworkManager
  correctly)
• next cleanup in configuration - moved configfiles into config.tar
• removed delay between start & stop in restart function in named.init
  [31:9.4.1-6]
• major changes in initscript. Could be LSB compatible now
• removed caching-nameserver subpackage. Move configs from this
  package to main bind package as default configuration and major
  configuration cleanup
  [31:9.4.1-5]
• very minor compatibility change in bind-chroot-admin (line 215)
• enabled IDN support by default and don’t distribute IDN libraries
• specfile cleanup
• add dynamic directory to /var/named. This directory will be primarily used for
  dynamic DNS zones. ENABLE_ZONE_WRITE and SELinux’s named_write_master_zones no longer exist
  [31:9.4.1-4]
• removed ldap-api patch and start using deprecated API
• fixed minor problem in bind-chroot-admin script (#241103)
  [31:9.4.1-3]
• fixed bind-chroot-admin dynamic DNS handling (#239149)
• updated zone-freeze patch to latest upstream
• ldap sdb has been rewriten to latest api (#239802)
  [31:9.4.1-2.fc7]
• test build on new build system
  [31:9.4.1-1.fc7]
• updated to 9.4.1 which contains fix to CVE-2007-2241
  [31:9.4.0-8.fc7]
• improved ‘zone freeze patch’ - if multiple zone with same name exists
  no zone is freezed
• minor cleanup in caching-nameserver’s config file
• fixed race-condition in dbus code (#235809)
• added forgotten restorecon statement in bind-chroot-admin
  [31:9.4.0-7.fc7]
• removed DEBUGINFO option because with this option (default) was bind
  builded with -O0 and without this flag no debuginfo package was produced.
  (I want faster bind => -O2 + debuginfo)
• fixed zone finding (#236426)
  [31:9.4.0-6.fc7]
• added idn support (still under development with upstream, disabled by default)
  [31:9.4.0-5.fc7]
• dnssec-signzone utility now doesn’t ignore -d parameter
  [31:9.4.0-4.fc7]
• removed query-source[-v6] options from caching-nameserver config
  (#209954, increase security)
• throw away idn. It won’t be ready in fc7
  [31:9.4.0-3.fc7]
• prepared bind to merge review
• added experimental idn support to bind-utils utils (not enabled by default yet)
• change chroot policy in caching-nameserver post section
• fixed bug in bind-chroot-admin - rootdir function is called properly now
  [31:9.4.0-2.fc7]
• added experimental SQLite support (written by John Boyd
  )
• moved bind-chroot-admin script to chroot package
• bind-9.3.2-redhat_doc.patch is always applied (#231738)
  [31:9.4.0-1.fc7]
• updated to 9.4.0
• bind-chroot-admin now sets EAs correctly (#213926)
• throw away next_server_on_referral and no_servfail_stops patches (fixed in 9.4.0)
  [31:9.3.4-7.fc7]
• minor cleanup in bind-chroot-admin script
  [31:9.3.4-6.fc7]
• fixed broken bind-chroot-admin script (#227995)
  [31:9.3.4-5.fc7]
• bind-chroot-admin now uses correct chroot path (#227600)
  [31:9.3.4-4.fc7]
• fixed conflict between bind-sdb and ldap
• removed duplicated bind directory in bind-libs
  [31:9.3.4-3.fc7]
• fixed building without libbind
• fixed post section (selinux commands is now in if-endif statement)
• prever macro has been removed from version
  [31:9.3.4-2.fc7]
• redirected output from bind-chroot prep and %preun stages to /dev/null
  [31:9.3.4-1.fc7]
• updated to version 9.3.4 which contains security bugfixes
  [31:9.3.3-5.fc7]
• package bind-libbind-devel has been marked as obsolete
  [31:9.3.3-4.fc7]
• package bind-libbind-devel has beed removed (libs has been moved to bind-devel & bind-libs)
• Resolves: #214208
  [31:9.3.3-3]
• fixed a multi-lib issue
• Resolves: rhbz#222717
  [31:9.3.3-2]
• added namedGetForwarders written in shell (#176100),
  created by Baris Cicek
  .
  [31:9.3.3-1]
• update to 9.3.3 final
• fix for #219069: file included twice in src.rpm
  [31:9.3.3-0.1.rc3]
• added back an interval to restart
• renamed package, it should meet the N-V-R criteria
• fix for #216185: bind-chroot-admin able to change root mode 750
• added fix from #215997: incorrect permissions on dnszone.schema
• added a notice to init script when /etc/named.conf doesn’t exist (#216075)
  [30:9.3.3-6]
• fix for #200465: named-checkzone and co. cannot be run as non-root user
• fix for #212348: chroot’d named causes df permission denied error
• fix for #211249, #211083 - problems with stopping named
• fix for #212549: init script does not unmount /proc filesystem
• fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1,
  added edns-enable options to named configuration file which can suppress
  EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options)
• fix for #212961: bind-chroot doesn’t clean up its mess on %preun
• update to 9.3.3rc3, removed already merged patches
  [30:9.3.3-5]
• fix for #209359: bind-libs from compatlayer CD will not
  install on ia64
  [30:9.3.3-4]
• added fix for #210096: warning: group named does not exist - using root
  [30:9.3.3-3]
• added fix from #209400 - Bind Init Script does not create
  the PID file always, created by Jeff Means
• added timeout to stop section of init script.
  The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT
  shell variable.
  [30:9.3.3-2]
• removed chcon from %post script, replaced by restorecon
  (Bug 202547, comment no. 37)
  [30:9.3.3-1]
• updated to the latest upstream (9.3.3rc2)
  [30:9.3.2-41]
• added upstream patch for correct SIG handling - CVE-2006-4095
  [30:9.3.2-40]
• suppressed messages from bind-chroot-admin
• cleared notes about bind-config
  [30:9.3.2-39]
• added fix for #203522 - ‘bind-chroot-admin -e’ command fails
  [30:9.3.2-38]
• fix for #203194 - tmpfile usage
  [30:9.3.2-37]
• fix for #202542 - /usr/sbin/bind-chroot-admin: No such file or directory
• fix for #202547 - file_contexts: invalid context
  [30:9.3.2-36]
• added Provides: bind-config
  [30:9.3.2-35]
• fix bug 197493: renaming subpackage bind-config to caching-nameserver
  [30:9.3.2-34]
• fix bug 199876: make ‘%exclude libbbind.*’ conditional on %{LIBBIND}
  [30:9.3.2-33]
• fix #195881, perms are not packaged correctly
  [30:9.3.2-32]
• fix addenda to bug 189789:
  determination of selinux enabled was still not 100% correct in bind-chroot-admin
• fix addenda to bug 196398:
  make named.init test for NetworkManager being enabled AFTER testing for -D absence;
  named.init now supports a ‘DISABLE_NAMED_DBUS’ /etc/sysconfig/named setting to disable
  auto-enable of named dbus support if NetworkManager enabled.
  [30:9.3.2-30]
• fix bug 196398 - Enable -D option automatically in initscript
  if NetworkManager enabled in any runlevel.
• fix namedGetForwarders for new dbus
• fix bug 195881 - libbind.so should be owned by bind-libbind-devel
  [30:9.3.2-28.FC6]
• Rebuild against new dbus
  [30:9.3.2-27.FC6]
• rebuild with fixed glibc-kernheaders
  [30:9.3.2-26.FC6.1]
• rebuild
  [30:9.3.2-26.FC6]
• fix bugs 191093, 189789
• backport selected fixes from upstream bind9 ‘v9_3_3b1’ CVS version:
  ( see http://www.isc.org/sw/bind9.3.php ‘Fixes’ ):
  o change 2024 / bug 16027:
  named emitted spurious ‘zone serial unchanged’ messages on reload
  o change 2013 / bug 15941:
  handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully
  o change 2009 / bug 15808: coverity fixes
  o change 1997 / bug 15818:
  named was failing to replace negative cache entries when a positive one
  for the type was learnt
  o change 1994 / bug 15694: OpenSSL 0.9.8 support
  o change 1991 / bug 15813:
  The configuration data, once read, should be treated as readonly.
  o misc. validator fixes
  o misc. resolver fixes
  o misc. dns fixes
  o misc. isc fixes
  o misc. libbind fixes
  o misc. isccfg fix
  o misc. lwres fix
  o misc. named fixes
  o misc. dig fixes
  o misc. nsupdate fix
  o misc. tests fixes
  [30:9.3.2-24.FC6]
• and actually put the devel symlinks in the right subpackage
  [30:9.3.2-23.FC6]
• rebuild for -devel deps
  [30:9.3.2-22]
• apply upstream patch for ncache_adderesult segfault bug 173961 addenda
• fix bug 188382: rpm --verify permissions inconsistencies
• fix bug 189186: use /sbin/service instead of initscript
• rebuild for new gcc, glibc-kernheaders
  [30:9.3.2-20]
• fix resolver.c ncache_adderesult segfault reported in addenda to bug 173961
  (upstream bugs #15642, #15528 ?)
• allow named ability to generate core dumps after setuid (upstream bug #15753)
  [30:9.3.2-18]
• fix bug 187529: make bind-chroot-admin deal with subdirectories properly
  [30:9.3.2-16]
• fix bug 187286:
  prevent host(1) printing duplicate ‘is an alias for’ messages
  for the default AAAA and MX lookups as well as for the A lookup
  (it now uses the CNAME returned for the A lookup for the AAAA and MX lookups).
  This is upstream bug #15702 fixed in the unreleased bind-9.3.3
• fix bug 187333: fix SOURCE24 and SOURCE25 transposition
  [30:9.3.2-14]
• fix bug 186577: remove -L/usr/lib from libbind.pc and more .spec file cleanup
• add ‘%doc’ sample configuration files in /usr/share/doc/bind*/sample
• rebuild with new gcc and glibc
  [30:9.3.2-12]
• fix typo in initscript
• fix Requires(post): policycoreutils in sub-packages
  [30.9.3.2-10]
• fix bug 185969: more .spec file cleanup
  [30.9.3.2-8]
• Do not allow package to be installed if named:25 userid creation fails
• Give libbind a pkg-config file
• remove restorecon from bind-chroot-admin (not required).
• fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };)
  [30:9.3.2-7]
• fix issues with bind-chroot-admin
  [30:9.3.2-6]
• replace caching-nameserver with bind-config sub-package
• fix bug 177595: handle case where is a link in initscript
• fix bug 177001: bind-config creates symlinks OK now
• fix bug 176388: named.conf is now never replaced by any RPM
• fix bug 176248: remove unecessary creation of rpmsave links
• fix bug 174925: no replacement of named.conf
• fix bug 173963: existing named.conf never modified
• major .spec file cleanup
  [30:9.3.2-4.1]
• bump again for double-long bug on ppc(64)
  [30:9.3.2-4]
• regenerate redhat_doc patch for non-DBUS builds
• allow dbus builds to work with dbus version < 0.6 (bz #179816)
  [30:9.3.2-3]
• try supporting without dbus support
  [30:9.3.2-2.1]
• Rebuild for new gcc, glibc, glibc-kernheaders
  [30:9.3.2-2]
• fix bug 177854: temporary fix for broken kernel-2.6.15-1854+
  /proc/net/if_inet6 format
  [30:9.3.2-1]
• Upgrade to 9.3.2, released today
  [28:9.3.2rc1-2]
• fix bug 176100: do not Require: perl just for namedGetForwarders !

• Fri Dec 09 2005 Jesse Keating

• rebuilt
  [28:9.3.2rc-1]
• Upgrade to upstream version 9.3.2rc1
• fix namedSetForwarders -> namedGetForwarders SOURCE14 typo
  [24:9.3.1-26]
• rebuild for new dbus 0.6 dependency; remove use of
  DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT
  [24:9.3.1-24]
• allow D-BUS support to work in bind-chroot environment:
  workaround latest selinux policy by mounting /var/run/dbus/
  under chroot instead of /var/run/dbus/system-bus-socket
  [24:9.3.1-22]
• fix bug 172632 - remove .la files
• ship namedGetForwarders and namedSetForwarders scripts
• fix detection of -D option in chroot
  [24:9.3.1-21]
• rebuilt with new openssl
  [24.9.3.1-20]
• Allow the -D enable D-BUS option to be used within bind-chroot .
• fix bug 171226: supply some documentation for pgsql SDB .
  [24:9.3.1-18]
• fix bug 169969: do NOT call dbus_svc_dispatch() in dbus_mgr_init_dbus() -
  task->state != task_ready and will cause Abort in task.c if process
  is waiting for NameOwnerChanged to do a SetForwarders
  [24:9.3.1-16]
• Fix reconnecting to dbus-daemon after it stops & restarts .
  [24:9.3.1-14]
• When forwarder nameservers are changed with D-BUS, flush the cache.
  [24:9.3.1-12]
• fix bug 168302: use %{__cc} for compiling dns-keygen
• fix bug 167682: bind-chroot directory permissions
• fix issues with -D dbus option when dbus service not running or disabled
  [24:9.3.1-12]
• fix bug 167062: named should be started after syslogd by default
  [24:9.3.1-11]
• fix bug 166227: host: don’t do default AAAA and MX lookups with ‘-t a’ option
  [24:9.3.1-10]
• Build with D-BUS patch by default; D-BUS support enabled with named -D option
• Enable D-BUS for named_sdb also
• fix sdb pgsql’s zonetodb.c: must use isc_hash_create() before dns_db_create()
• update fix for bug 160914 : test for RD=1 and ARCOUNT=0 also before trying next server
• fix named.init script to handle named_sdb properly
• fix named.init script checkconfig() to handle named ‘-c’ option
  and make configtest, test, check configcheck synonyms
  [24:9.3.1-8]
• fix named.init script bugs 163598, 163409, 151852(addendum)
  [24:9.3.1-7]
• fix bug 160914: resolver utilities should try next server on empty referral
  (now that glibc bug 162625 is fixed)
  host and nslookup now by default try next server on SERVFAIL
  (host now has ‘-s’ option to disable, and nslookup given
  ‘[no]fail’ option similar to dig’s [no]fail option).
• rebuild and re-test with new glibc & gcc (all tests passed).
  [24:9.3.1-6]
• fix bug 157950: dig / host / nslookup should reject invalid resolv.conf
  files and not use uninitialized garbage nameserver values
  (ISC bug 14841 raised).
  [24:9.3.1-4_FC4]
• Fix SDB LDAP
  [24:9.3.1-4]
• Fix bug 157601: give named.init a configtest function
• Fix bug 156797: named.init should check SELinux booleans.local before booleans
• Fix bug 154335: if no controls in named.conf, stop named with -TERM sig, not rndc
• Fix bug 155848: add NOTES section to named.8 man-page with info on all Red Hat
  BIND quirks and SELinux DDNS / slave zone file configuration
• D-BUS patches NOT applied until dhcdbd is in FC
  [24:9.3.1-4_dbus]
• Enhancement to allow dynamic forwarder table management and
• DHCP forwarder auto-configuration with D-BUS
  [24:9.3.1-2_FC4]
• Rebuild for bind-sdb libpq.so.3 dependency
• fix bug 150981: don’t install libbind man-pages if no libbind
• fix bug 151852: mount proc on /proc to allow sysconf(…)
  to work and correct number of CPUs to be determined
  [24:9.3.1-1_FC4]
• Upgrade to ISC BIND 9.3.1 (final release) released today.
  [22.9.3.1rc1-5]
• fix bug 150288: h_errno not being accessed / set correctly in libbind
• add libbind man-pages from bind-8.4.6
  [22:9.3.1rc1-4]
• Rebuild with gcc4 / glibc-2.3.4-14.
  [22:9.3.1rc1-3]
• configure with --with-pic to get PIC libraries
  [22:9.3.1rc1-2]
• fix bug 149183: don’t use getifaddrs() .
  [22:9.3.1rc1-1]
• Upgrade to 9.3.1rc1
• Add Simplified Database Backend (SDB) sub-package ( bind-sdb )

• add named_sdb - ldap + pgsql + dir database backend support with
  

• 'ENABLE_SDB' named.sysconfig option
  

• Add BIND resolver library & includes sub-package ( libbind-devel)
• fix bug 147824 / 147073 / 145664: ENABLE_ZONE_WRITE in named.init
• fix bug 146084 : shutup restorecon
  [22:9.3.0-2]
• Fix bug 143438: named.init will now make correct ownership of /var/named

•             based on 'named_write_master_zones' SELinux boolean.
  

• Fix bug 143744: dig & nsupdate IPv6 timeout (dup of 140528)
  [9.3.0-1]
• Upgrade BIND to 9.3.0 in Rawhide / FC4 (bugs 134529, 133654…)
  [20:9.2.4-4]
• Fix bugs 140528 and 141113:
• 2 second timeouts when IPv6 not configured and root nameserver’s
• AAAA addresses are queried
  [20:9.2.4-2]
• Fix bug 136243: bind-chroot %post must run restorecon -R /var/named/chroot
• Fix bug 135175: named.init must return non-zero if named is not run
• Fix bug 134060: bind-chroot %post must use mktemp, not /tmp/named
• Fix bug 133423: bind-chroot %files entries should have been %dirs
  [20:9.2.4-1]
• BIND 9.2.4 (final release) released - source code actually
• identical to 9.2.4rc8, with only version number change.
  [10:9.2.4rc8-14]
• Upgrade to upstream bind-9.2.4rc8 .
• Progress: Finally! Hooray! ISC bind now distributes:
• o named.conf(5) and nslookup(8) manpages
• ‘bind-manpages.bz2’ source can now disappear
• (could this have something to do with ISC bug I raised about this?)
• o ‘deprecation_msg’ global has vanished

• bind-9.2.3rc3-deprecation_msg_shut_up.diff.bz2 can disappear
  

[10:9.2.4rc8-14]

• Fix bug 106572/132385: copy /etc/localtime to chroot on start
  [10:9.2.4rc7-12_EL3]
• Fix bug 132303: if ROOTDIR line was replaced after upgrade from
• bind-chroot-9.2.2-21, restart named
  [10:9.2.4rc7-11_EL3]
• Fix bug 131803: replace ROOTDIR line removed by broken
• bind-chroot 9.2.2-21’s ‘%postun’; added %triggerpostun for bind-chroot
  [10:9.2.4rc7-10_EL3]
• Fix bugs 130121 & 130981 for RHEL-3
  [10:9.2.4rc7-10]
• Fix bug 130121: add ‘%ghost’ entries for files included in previous
• bind-chroot & not in current - ie. named.conf, rndc.key, dev/* -
• that RPM removed after upgrade .

• Thu Aug 26 2004 Jason Vas Dias

• Fix bug 130981: add ‘-t’ option to named-checkconf invocation in
• named.init if chroot installed.

• Wed Aug 25 2004 Jason Vas Dias

• Remove resolver(5) manpage now in man-pages (bug 130792);
• Don’t create /dev/ entries in bind-chroot if already there (bug 127556);
• fix bind-devel Requires (bug 130919)
• Set default location for dumpdb & stats files to /var/named/data

• Tue Aug 24 2004 Jason Vas Dias

• Fix devel Requires for bug 130738 & fix version

• Tue Aug 24 2004 Jason Vas Dias

• Fix errors on clean install if named group does not exist
• (bug 130777)

• Thu Aug 19 2004 Jason Vas Dias

• Upgrade to bind-9.2.4rc7; applied initscript fix
• for bug 102035.

• Mon Aug 09 2004 Jason Vas Dias

• Fixed bug 129289: bind-chroot install / deinstall
• on install, existing config files 'safe_replace’d
• with links to chroot copies; on uninstall, moved back.

• Fri Aug 06 2004 Jason Vas Dias

• Fixed bug 129258: ‘/var/tmp’ typo in spec

• Wed Jul 28 2004 Jason Vas Dias

• Fixed bug 127124 : ‘Requires: kernel >= 2.4’
• causes problems with Linux VServers

• Tue Jul 27 2004 Jason Vas Dias

• Fixed bug 127555 : chroot tar missing var/named/slaves

• Fri Jul 16 2004 Jason Vas Dias

• Upgraded to ISC version 9.2.4rc6

• Fri Jul 16 2004 Jason Vas Dias

• Fixed named.init generation of error messages on
• ‘service named stop’ and ‘service named reload’
• as per bug 127775
  [9.2.3-19]
• Bump for rhel 3.0 U3
  [9.2.3-18]
• remove disable-linux-caps
  [9.2.3-17]
• Update RHEL3 to latest bind

• Tue Jun 15 2004 Elliot Lee

• rebuilt
  [9.2.3-15]
• Remove device files from chroot, Named uses the system one
  [9.2.3-14]
• Move RFC to devel package
  [9.2.3-13]
• Fix location of restorecon
  [9.2.3-12]
• Tighten security on config files. Should be owned by root
  [9.2.3-11]
• Update key patch to include conf-keygen
  [9.2.3-10]
• fix chroot to only happen once.
• fix init script to do kill insteall of killall
  [9.2.3-9]
• Add fix for SELinux security context

• Tue Mar 02 2004 Elliot Lee

• rebuilt

• Sat Feb 28 2004 Florian La Roche

• run ldconfig for libs subrpm

• Mon Feb 23 2004 Tim Waugh

• Use ‘:’ instead of ‘.’ as separator for chown.
  [9.2.3-7]
• Add COPYRIGHT

• Fri Feb 13 2004 Elliot Lee

• rebuilt
  [9.2.3-5]
• Add defattr to libs
  [9.2.3-4]
• Break out library package
  [9.2.3-3]
• Fix condrestart
  [9.2.3-2]
• Move libisc and libdns to bind from bind-util
  [9.2.3-1]
• Move to 9.2.3
  [9.2.2.P3-10]
• Add PIE support
  [9.2.2.P3-9]
• Add /var/named/slaves directory

• Sun Oct 12 2003 Florian La Roche

• do not link against libnsl, not needed for Linux
  [9.2.2.P3-6]
• Fix local time in log file
  [9.2.2.P3-5]
• Try again
  [9.2.2.P3-4]
• Fix handling of chroot -/dev/random
  [9.2.2.P3-3]
• Stop hammering stuff on update of chroot environment
  [9.2.2.P3-2]
• Fix chroot directory to grab all subdirectories
  [9.2.2.P3-1]
• New patch to support for ‘delegation-only’
  [9.2.2-23]
• patch support for ‘delegation-only’
  [9.2.2-22]
• Update to build on RHL
  [9.2.2-21]
• Install libraries as exec so debug info will be pulled
  [9.2.2-20]
• Remove BSDCOMPAT (BZ 99454)
  [9.2.2-19]
• Update to build on RHL
  [9.2.2-18]
• Change protections on /var/named and /var/chroot/named
  [9.2.2-17]
• Update to build on RHL
  [9.2.2-16]
• Update to build on RHEL

• Wed Jun 04 2003 Elliot Lee

• rebuilt
  [9.2.2-14]
• Update to build on RHEL
  [9.2.2-13]
• Fix config description of named.conf in chroot
• Change named.init script to check for existence of /etc/sysconfig/network
  [9.2.2-12]
• Update to build on RHEL
  [9.2.2-11]
• Update to build on RHEL
  [9.2.2-10]
• Fix echo OK on starting/stopping service
  [9.2.2-9]
• Update to build on RHEL
  [9.2.2-8]
• Fix echo on startup
  [9.2.2-7]
• Fix problems with chroot environment
• Eliminate posix threads
  [9.2.2-6]
• Fix build problems
  [9.2.2-5]
• Fix build on beehive
  [9.2.2-4]
• build bind-chroot kit
  [9.2.2-3]
• Change configure to use proper threads model
  [9.2.2-2]
• update to 9.2.2
  [9.2.2-1]
• update to 9.2.2
  [9.2.1-16]
• Put a sleep in restart to make sure stop completes

• Wed Jan 22 2003 Tim Powers

• rebuilt
  [9.2.1-14]
• Separate /etc/rndc.key to separate file
  [9.2.1-13]
• Use openssl’s pkgconfig data, if available, at build-time.
  [9.2.1-12]
• Fix log rotate to use service named reload
• Change service named reload to give success/failure message [73770]
• Fix File checking [75710]
• Begin change to automatically run in CHROOT environment
  [9.2.1-10]
• Fix startup script to work like all others.
  [9.2.1-9]
• Fix configure to build on x86_64 platforms

• Wed Aug 07 2002 Karsten Hopp

• fix #70583, doesn’t build on IA64
  [9.2.1-8]
• bind-utils shouldn’t require bind
  [9.2.1-7]
• fix name of pidfine in logrotate script (#68842)
• fix owner of logfile in logrotate script (#41391)
• fix nslookup and named.conf man pages (output on stderr)
  (#63553, #63560, #63561, #54889, #57457)
• add rfc1912 (#50005)
• gzip all rfc’s
• fix typo in keygen.c (#54870)
• added missing manpages (#64065)
• shutdown named properly with rndc stop (#62492)
• /sbin/nologin instead of /bin/false (#68607)
• move nsupdate to bind-utils (where the manpage already was) (#66209, #66381)
• don’t kill initscript when rndc fails (reload) (#58750)
  [9.2.1-5]
• Fix #65975

• Fri Jun 21 2002 Tim Powers

• automated rebuild

• Thu May 23 2002 Tim Powers

• automated rebuild
  [9.2.1-2]
• Move libisccc, lib isccfg and liblwres from bind-utils to bind,
  they’re not required if you aren’t running a nameserver.

• Fri May 03 2002 Florian La Roche

• update to 9.2.1 release
  [9.2.0-8]
• Merge 30+ bug fixes from 9.2.1rc1 code
  [9.2.0-7]
• Don’t exit if /etc/named.conf doesn’t exist if we’re running
  chroot (#60868)
• Revert Elliot’s changes, we do require specific glibc/glibc-kernheaders
  versions or bug #58335 will be back. ‘It compiles, therefore it works’
  isn’t always true.
  [9.2.0-6]
• Fix BuildRequires (we don’t need specific glibc/glibc-kernheaders
  versions).
• Use _smp_mflags
  [9.2.0-4]
• rebuild, require recent autoconf, automake (#58335)

• Fri Jan 25 2002 Tim Powers

• rebuild against new libssl

• Wed Jan 09 2002 Tim Powers

• automated rebuild
  [9.2.0-1]
• 9.2.0
  [9.2.0-0.rc10.2]
• 9.2.0rc10
  [9.2.0-0.rc8.2]
• Fix up rndc.conf (#55574)
  [9.2.0-0.rc8.1]
• rc8
• Enforce --enable-threads
  [9.2.0-0.rc7.1]
• 9.2.0rc7
• Use rndc status for ‘service named status’, it’s supposed to actually
  work in 9.2.x.
  [9.2.0-0.rc5.1]
• 9.2.0rc5
• Fix rpm --rebuild with ancient libtool versions (#53938, #54257)
  [9.2.0-0.rc4.1]
• 9.2.0rc4
  [9.2.0-0.rc3.1]
• 9.2.0rc3
• remove ttl patch, I don’t think we need this for 8.0.
• remove dig.1.bz2 from the bind8-manpages tar file, 9.2 has a new dig man page
• add lwres* man pages to -devel
  [9.1.3-4]
• Make sure /etc/rndc.conf isn’t world-readable even after the
  %post script inserted a random key (#53009)
  [9.1.3-3]
• Add build dependencies (#49368)
• Make sure running service named start several times doesn’t create
  useless processes (#47596)
• Work around the named parent process returning 0 even if the config
  file is broken (it’s parsed later by the child processes) (#45484)
  [9.1.3-2]
• Don’t use rndc status, it’s not yet implemented (#48839)

• Sun Jul 08 2001 Florian La Roche

• update to 9.1.3 release
  [9.1.3-0.rc3.1]
• Fix up rndc configuration and improve security (#46586)
  [9.1.3-0.rc2.2]
• Sync with caching-nameserver-7.1-6
  [9.1.3-0.rc2.1]
• Update to rc2
  [9.1.3-0.rc1.3]
• Remove resolv.conf(5) man page, it’s now in man-pages
  [9.1.3-0.rc1.2]
• Add named.conf man page from bind 8.x (outdated, but better than nothing,
  • Rename the rndc key (#42895)
• Add dnssec* man pages
  [9.1.3-0.rc1.1]
• 9.1.3rc1
• s/Copyright/License/
  [9.1.2-1]
• 9.1.2 final. No changes between 9.1.2-0.rc1.1 and this one, except for
  the version number, though.
  [9.1.2-0.rc1.1]
• 9.1.2rc1
  [9.1.1-1]
• 9.1.1
  [9.1.0-10]
• Merge fixes from 9.1.1rc5
  [9.1.0-9]
• Work around bind 8 -> bind 9 migration problem when using buggy zone files:
  accept zones without a TTL, but spew out a big fat warning. (#31393)

• Thu Mar 08 2001 Bernhard Rosenkraenzer

• Add fixes from rc4

• Fri Mar 02 2001 Nalin Dahyabhai

• rebuild in new environment

• Thu Mar 01 2001 Bernhard Rosenkraenzer

• killall -HUP named if rndc reload fails (#30113)

• Tue Feb 27 2001 Bernhard Rosenkraenzer

• Merge some fixes from 9.1.1rc3

• Tue Feb 20 2001 Bernhard Rosenkraenzer

• Don’t use the standard rndc key from the documentation, instead, create a random one
  at installation time (#26358)
• Make /etc/rndc.conf readable by user named only, it contains secret keys

• Tue Feb 20 2001 Bernhard Rosenkraenzer

• 9.1.1 probably won’t be out in time, revert to 9.1.0 and apply fixes
  from 9.1.1rc2
• bind requires bind-utils (#28317)

• Tue Feb 13 2001 Bernhard Rosenkraenzer

• Update to rc2, fixes 2 more bugs
• Fix build with glibc >= 2.2.1-7

• Thu Feb 08 2001 Bernhard Rosenkraenzer

• Update to 9.1.1rc1; fixes 17 bugs (14 of them affecting us;
  1 was fixed in a Red Hat patch already, 2 others are portability
  improvements)

• Wed Feb 07 2001 Bernhard Rosenkraenzer

• Remove initscripts 5.54 requirement (#26489)

• Mon Jan 29 2001 Bernhard Rosenkraenzer

• Add named-checkconf, named-checkzone (#25170)

• Mon Jan 29 2001 Trond Eivind Glomsrod

• use echo, not gprintf

• Wed Jan 24 2001 Bernhard Rosenkraenzer

• Fix problems with
  Patch from Daniel Roesen
  Bug #24890

• Thu Jan 18 2001 Bernhard Rosenkraenzer

• 9.1.0 final

• Sat Jan 13 2001 Bernhard Rosenkraenzer

• 9.1.0rc1
• i18nify init script
• bzip2 source to save space

• Thu Jan 11 2001 Bernhard Rosenkraenzer

• Fix %postun script

• Tue Jan 09 2001 Bernhard Rosenkraenzer

• 9.1.0b3

• Mon Jan 08 2001 Bernhard Rosenkraenzer

• Add named.conf man page from bind8 (#23503)

• Sun Jan 07 2001 Bernhard Rosenkraenzer

• Make /etc/rndc.conf and /etc/sysconfig/named noreplace
• Make devel require bind = %{version} rather than just bind

• Sun Jan 07 2001 Bernhard Rosenkraenzer

• Fix init script for real

• Sat Jan 06 2001 Bernhard Rosenkraenzer

• Fix init script when ROOTDIR is not set

• Thu Jan 04 2001 Bernhard Rosenkraenzer

• Add hooks for setting up named to run chroot (RFE #23246)
• Fix up requirements

• Fri Dec 29 2000 Bernhard Rosenkraenzer

• 9.1.0b2

• Wed Dec 20 2000 Bernhard Rosenkraenzer

• Move run files to /var/run/named/ - /var/run isn’t writable
  by the user we’re running as. (Bug #20665)

• Tue Dec 19 2000 Bernhard Rosenkraenzer

• Fix reverse lookups (#22272)
• Run ldconfig in %post utils

• Tue Dec 12 2000 Karsten Hopp

• fixed logrotate script (wrong path to kill)
• include header files in -devel package
• bugzilla #22049, #19147, 21606

• Fri Dec 08 2000 Bernhard Rosenkraenzer

• 9.1.0b1 (9.1.0 is in our timeframe and less buggy)

• Mon Nov 13 2000 Bernhard Rosenkraenzer

• 9.0.1

• Mon Oct 30 2000 Bernhard Rosenkraenzer

• Fix initscript (Bug #19956)
• Add sample rndc.conf (Bug #19956)
• Fix build with tar 1.13.18

• Tue Oct 10 2000 Bernhard Rosenkraenzer

• Add some missing man pages (taken from bind8) (Bug #18794)

• Sun Sep 17 2000 Bernhard Rosenkraenzer

• 9.0.0 final

• Wed Aug 30 2000 Bernhard Rosenkraenzer

• rc5
• fix up nslookup

• Thu Aug 24 2000 Bernhard Rosenkraenzer

• rc4

• Thu Jul 13 2000 Bernhard Rosenkraenzer

• 9.0.0rc1

• Wed Jul 12 2000 Prospector

• automatic rebuild

• Sun Jul 09 2000 Florian La Roche

• add ‘exit 0’ for uninstall case

• Fri Jul 07 2000 Florian La Roche

• add prereq init.d and cleanup install section

• Fri Jun 30 2000 Trond Eivind Glomsrod

• fix the init script

• Wed Jun 28 2000 Nalin Dahyabhai

• make libbind.a and nslookup.help readable again by setting INSTALL_LIB to ‘’

• Mon Jun 26 2000 Bernhard Rosenkranzer

• Fix up the initscript (Bug #13033)
• Fix build with current glibc (Bug #12755)
• /etc/rc.d/init.d -> /etc/init.d
• use %{_mandir} rather than /usr/share/man

• Mon Jun 19 2000 Bill Nottingham

• fix conflict with man-pages
• remove compatibilty chkconfig links
• initscript munging

• Wed Jun 14 2000 Nalin Dahyabhai

• modify logrotate setup to use PID file
• temporarily disable optimization by unsetting at build-time
• actually bump the release this time

• Sun Jun 04 2000 Bernhard Rosenkraenzer

• FHS compliance

• Mon Apr 17 2000 Nalin Dahyabhai

• clean up restart patch

• Mon Apr 10 2000 Nalin Dahyabhai

• provide /var/named (fix for bugs #9847, #10205)
• preserve args when restarted via ndc(8) (bug #10227)
• make resolv.conf(5) a link to resolver(5) (bug #10245)
• fix SYSTYPE bug in all makefiles
• move creation of named user from %post into %pre

• Mon Feb 28 2000 Bernhard Rosenkranzer

• Fix TTL (patch from ISC, Bug #9820)

• Wed Feb 16 2000 Bernhard Rosenkranzer

• fix typo in spec (it’s %post, without a leading blank) introduced in -6
• change SYSTYPE to linux

• Fri Feb 11 2000 Bill Nottingham

• pick a standard < 100 uid/gid for named

• Fri Feb 04 2000 Elliot Lee

• Pass named a ‘-u named’ parameter by default, and add/remove user.

• Thu Feb 03 2000 Bernhard Rosenkraenzer

• fix host mx bug (Bug #9021)

• Mon Jan 31 2000 Cristian Gafton

• rebuild to fix dependencies
• man pages are compressed

• Wed Jan 19 2000 Bernhard Rosenkraenzer

• It’s /usr/bin/killall, not /usr/sbin/killall (Bug #8063)

• Mon Jan 17 2000 Bernhard Rosenkraenzer

• Fix up location of named-bootconf.pl and make it executable
  (Bug #8028)
• bind-devel requires bind

• Mon Nov 15 1999 Bernhard Rosenkraenzer

• update to 8.2.2-P5

• Wed Nov 10 1999 Bill Nottingham

• update to 8.2.2-P3

• Tue Oct 12 1999 Cristian Gafton

• add patch to stop a cache only server from complaining about lame servers
  on every request.

• Fri Sep 24 1999 Preston Brown

• use real stop and start in named.init for restart, not ndc restart, it has
  problems when named has changed during a package update… (# 4890)

• Fri Sep 10 1999 Bill Nottingham

• chkconfig --del in %preun, not %postun

• Mon Aug 16 1999 Bill Nottingham

• initscript munging

• Mon Jul 26 1999 Bill Nottingham

• fix installed chkconfig links to match init file

• Sat Jul 03 1999 Jeff Johnson

• conflict with new (in man-1.24) man pages (#3876,#3877).

• Tue Jun 29 1999 Bill Nottingham

• fix named.logrotate (wrong %SOURCE)

• Fri Jun 25 1999 Jeff Johnson

• update to 8.2.1.
• add named.logrotate (#3571).
• hack around egcs-1.1.2 -m486 bug (#3413, #3485).
• vet file list.

• Fri Jun 18 1999 Bill Nottingham

• don’t run by default

• Sun May 30 1999 Jeff Johnson

• nslookup fixes (#2463).
• missing files (#3152).

• Sat May 01 1999 Stepan Kasal

• nslookup patched:
  to count numRecords properly
  to fix subsequent calls to ls -d
  to parse ‘view’ and ‘finger’ commands properly
  the view hack updated for bind-8 (using sed)

• Wed Mar 31 1999 Bill Nottingham

• add ISC patch
• add quick hack to make host not crash
• add more docs

• Fri Mar 26 1999 Cristian Gafton

• add probing information in the init file to keep linuxconf happy
• dont strip libbind

• Sun Mar 21 1999 Cristian Gafton

• auto rebuild in the new build environment (release 3)

• Wed Mar 17 1999 Preston Brown

• removed ‘done’ output at named shutdown.

• Tue Mar 16 1999 Cristian Gafton

• version 8.2

• Wed Dec 30 1998 Cristian Gafton

• patch to use the __FDS_BITS macro
• build for glibc 2.1

• Wed Sep 23 1998 Jeff Johnson

• change named.restart to /usr/sbin/ndc restart

• Sat Sep 19 1998 Jeff Johnson

• install man pages correctly.
• change K10named to K45named.

• Wed Aug 12 1998 Jeff Johnson

• don’t start if /etc/named.conf doesn’t exist.

• Sat Aug 08 1998 Jeff Johnson

• autmagically create /etc/named.conf from /etc/named.boot in %post
• remove echo in %post

• Wed Jun 10 1998 Jeff Johnson

• merge in 5.1 mods

• Sun Apr 12 1998 Manuel J. Galan

• Several essential modifications to build and install correctly.
• Modified ‘ndc’ to avoid deprecated use of ‘-’

• Mon Dec 22 1997 Scott Lampert

• Used buildroot
• patched bin/named/ns_udp.c to use
  for include
  on Redhat 5.0 instead of