From ${URL} : It turns out that most DNS server implementations do not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server. Some references: https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 PowerDNS is reportedly affected as well, but I did not find a public bug for this issue. @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
commit 71006dc98d472ee4b0842f4da61de340bc6903b4 (HEAD -> master, origin/master, origin/HEAD) Author: Pierre-Olivier Mercier <nemunaire@nemunai.re> AuthorDate: Thu Aug 25 21:49:29 2016 +0200 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Tue Aug 30 18:32:10 2016 +0200 net-dns/knot: version bump + clean up. * bump to EAPI=6 * call eapply_user * generate only HTML documentation * parallel testing have been fixed * backport a patch fixing tests on big-endian arch Gentoo-Bug: https://bugs.gentoo.org/581568 Gentoo-Bug: https://bugs.gentoo.org/588654 Gentoo-Bug: https://bugs.gentoo.org/589166 Package-Manager: portage-2.3.0 Closes: https://github.com/gentoo/gentoo/pull/2117 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> net-dns/knot/Manifest | 4 +- .../1.6.3-dont-create-extra-directories.patch | 15 -- .../2.0.2-dont-create-extra-directories.patch | 15 -- ...ire-format-when-writing-FNV64-hash-values.patch | 216 +++++++++++++++++++++ net-dns/knot/files/knot-2.1.0-nettle.patch | 26 --- net-dns/knot/knot-1.6.6.ebuild | 95 --------- net-dns/knot/knot-1.6.8.ebuild | 76 ++++++++ net-dns/knot/knot-2.1.0.ebuild | 98 ---------- net-dns/knot/knot-2.3.0.ebuild | 82 ++++++++ 9 files changed, 376 insertions(+), 251 deletions(-) delete mode 100644 net-dns/knot/files/1.6.3-dont-create-extra-directories.patch delete mode 100644 net-dns/knot/files/2.0.2-dont-create-extra-directories.patch create mode 100644 net-dns/knot/files/2.3.0-added-conversion-to-wire-format-when-writing-FNV64-hash-values.patch delete mode 100644 net-dns/knot/files/knot-2.1.0-nettle.patch delete mode 100644 net-dns/knot/knot-1.6.6.ebuild create mode 100644 net-dns/knot/knot-1.6.8.ebuild delete mode 100644 net-dns/knot/knot-2.1.0.ebuild create mode 100644 net-dns/knot/knot-2.3.0.ebuild
woops. knot has been bumped. sec team, please proceed.
commit f0b7094db10de1ef3c9d171b0fb79dbe46bdac71 (HEAD -> master, origin/master, origin/HEAD) Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: Tue Aug 30 18:52:47 2016 +0200 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Tue Aug 30 18:52:47 2016 +0200 net-dns/knot: remove vulnerable version. Gentoo-Bug: https://bugs.gentoo.org/588654 Package-Manager: portage-2.2.28 net-dns/knot/Manifest | 1 - net-dns/knot/knot-1.6.8.ebuild | 76 ------------------------------------------ net-dns/knot/metadata.xml | 19 +++++------ 3 files changed, 8 insertions(+), 88 deletions(-) delete mode 100644 net-dns/knot/knot-1.6.8.ebuild
