pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/bind99 Update bind99 to 9.9.2 (BIND 9.9.2).
details: https://anonhg.NetBSD.org/pkgsrc/rev/2d7eae0b367f
branches: trunk
changeset: 609772:2d7eae0b367f
user: taca <taca%pkgsrc.org@localhost>
date: Wed Oct 10 03:07:12 2012 +0000
description:
Update bind99 to 9.9.2 (BIND 9.9.2).
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.
Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with UDP
clients, but could be a significant problem for a server handling a steady
rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone, or which
DLV records should be published in a DLV zone, and queries the DNS to ensure
that it exists. (Note: This tool depends on python; it will not be built or
installed on systems that do not have a python interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking
for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
to specify the maximum rsa exponent size that will be accepted when
validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
diffstat:
net/bind99/Makefile | 5 +--
net/bind99/PLIST | 5 +++-
net/bind99/distinfo | 14 ++++++------
net/bind99/patches/patch-bin_tests_system_Makefile.in | 8 +++---
net/bind99/patches/patch-configure | 20 ++++++++++++++----
net/bind99/patches/patch-configure.in | 18 +++++++++++++---
6 files changed, 46 insertions(+), 24 deletions(-)
diffs (185 lines):
diff -r b7ccb5f6a17c -r 2d7eae0b367f net/bind99/Makefile
--- a/net/bind99/Makefile Wed Oct 10 03:06:37 2012 +0000
+++ b/net/bind99/Makefile Wed Oct 10 03:07:12 2012 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2012/10/03 21:56:52 wiz Exp $
+# $NetBSD: Makefile,v 1.13 2012/10/10 03:07:12 taca Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
-PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -17,7 +16,7 @@
MAKE_JOBS_SAFE= no
-BIND_VERSION= 9.9.1-P3
+BIND_VERSION= 9.9.2
.include "../../mk/bsd.prefs.mk"
diff -r b7ccb5f6a17c -r 2d7eae0b367f net/bind99/PLIST
--- a/net/bind99/PLIST Wed Oct 10 03:06:37 2012 +0000
+++ b/net/bind99/PLIST Wed Oct 10 03:07:12 2012 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2012/05/22 03:31:07 taca Exp $
+@comment $NetBSD: PLIST,v 1.3 2012/10/10 03:07:12 taca Exp $
bin/dig
bin/host
bin/isc-config.sh
@@ -302,6 +302,7 @@
man/man8/dnssec-revoke.8
man/man8/dnssec-settime.8
man/man8/dnssec-signzone.8
+man/man8/dnssec-verify.8
man/man8/genrandom.8
man/man8/isc-hmac-fixup.8
man/man8/lwresd.8
@@ -321,6 +322,7 @@
sbin/dnssec-revoke
sbin/dnssec-settime
sbin/dnssec-signzone
+sbin/dnssec-verify
sbin/genrandom
sbin/isc-hmac-fixup
sbin/lwresd
@@ -356,6 +358,7 @@
share/doc/bind9/arm/man.dnssec-revoke.html
share/doc/bind9/arm/man.dnssec-settime.html
share/doc/bind9/arm/man.dnssec-signzone.html
+share/doc/bind9/arm/man.dnssec-verify.html
share/doc/bind9/arm/man.genrandom.html
share/doc/bind9/arm/man.host.html
share/doc/bind9/arm/man.isc-hmac-fixup.html
diff -r b7ccb5f6a17c -r 2d7eae0b367f net/bind99/distinfo
--- a/net/bind99/distinfo Wed Oct 10 03:06:37 2012 +0000
+++ b/net/bind99/distinfo Wed Oct 10 03:07:12 2012 +0000
@@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.8 2012/09/13 01:35:56 taca Exp $
+$NetBSD: distinfo,v 1.9 2012/10/10 03:07:12 taca Exp $
-SHA1 (bind-9.9.1-P3.tar.gz) = 1c890f69f627ffbc76460c766bafefde408ed799
-RMD160 (bind-9.9.1-P3.tar.gz) = 23c2081af02eea7a0b7f5e903edf0727f5df2237
-Size (bind-9.9.1-P3.tar.gz) = 7217415 bytes
+SHA1 (bind-9.9.2.tar.gz) = eb9fa7b497d67ce61a120cb96c302381bc385324
+RMD160 (bind-9.9.2.tar.gz) = 80118091f62a5f44565c86ab1ce4461c2c6d890b
+Size (bind-9.9.2.tar.gz) = 7285050 bytes
SHA1 (patch-bin_dig_Makefile.in) = d2c2a0b137be7e31fdc15438d107116fc38a38b9
SHA1 (patch-bin_dig_dighost.c) = 186cdc70605242afb0211dc8802ec75677a65614
SHA1 (patch-bin_nsupdate_Makefile.in) = 42b39d60468ffa8ed13f77259755b217966de664
-SHA1 (patch-bin_tests_system_Makefile.in) = 3224a66b7d29f6f17d02de1663c61b5e57b91d20
+SHA1 (patch-bin_tests_system_Makefile.in) = 1f268808c55223ac11d1794039503424a51ee71b
SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2
-SHA1 (patch-configure) = 8997a0a2881b7c4a576ea67f6c27016421034772
-SHA1 (patch-configure.in) = c815126eb9175e4404fb44a8639a0e091c68f192
+SHA1 (patch-configure) = a9f5f75fafc9f0b756adcbbf6bee257fd5d4567e
+SHA1 (patch-configure.in) = f07381d79ef45a7356d0657c220fcec3ffc6741d
SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f
SHA1 (patch-lib_bind9_Makefile.in) = 89e21d21fa512f11a2fdb8d7455abd5d95f20ba5
SHA1 (patch-lib_dns_Makefile.in) = 1770a8bd86901c618b11d255f3af54748d04b759
diff -r b7ccb5f6a17c -r 2d7eae0b367f net/bind99/patches/patch-bin_tests_system_Makefile.in
--- a/net/bind99/patches/patch-bin_tests_system_Makefile.in Wed Oct 10 03:06:37 2012 +0000
+++ b/net/bind99/patches/patch-bin_tests_system_Makefile.in Wed Oct 10 03:07:12 2012 +0000
@@ -1,15 +1,15 @@
-$NetBSD: patch-bin_tests_system_Makefile.in,v 1.2 2012/05/22 03:31:07 taca Exp $
+$NetBSD: patch-bin_tests_system_Makefile.in,v 1.3 2012/10/10 03:07:12 taca Exp $
Build fix for DragonFly while linking of driver.so.
---- bin/tests/system/Makefile.in.orig 2011-11-01 18:35:53.000000000 +0000
+--- bin/tests/system/Makefile.in.orig 2012-09-27 00:35:19.000000000 +0000
+++ bin/tests/system/Makefile.in
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
--SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss
-+SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss
+-SUBDIRS = dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss
++SUBDIRS = filter-aaaa lwresd rpz rsabigexponent tkey tsiggss
TARGETS =
@BIND9_MAKE_RULES@
diff -r b7ccb5f6a17c -r 2d7eae0b367f net/bind99/patches/patch-configure
--- a/net/bind99/patches/patch-configure Wed Oct 10 03:06:37 2012 +0000
+++ b/net/bind99/patches/patch-configure Wed Oct 10 03:07:12 2012 +0000
@@ -1,10 +1,11 @@
-$NetBSD: patch-configure,v 1.2 2012/07/10 10:23:03 sbd Exp $
+$NetBSD: patch-configure,v 1.3 2012/10/10 03:07:12 taca Exp $
* Add DragonFly support.
* Link proper postgresql library.
* Use separate @LIBREADLINE@ AC_SUBST.
+* Avoid using "==" for argument of test(1).
---- configure.orig 2012-06-01 15:29:52.000000000 +0000
+--- configure.orig 2012-09-27 00:35:19.000000000 +0000
+++ configure
@@ -1341,6 +1341,7 @@ LWRES_PLATFORM_NEEDVSNPRINTF
ISC_PLATFORM_NEEDVSNPRINTF
@@ -14,7 +15,16 @@
ISC_PLATFORM_NEEDSTRLCAT
ISC_PLATFORM_NEEDSTRLCPY
GENRANDOMLIB
-@@ -22166,6 +22167,8 @@ case $host in
+@@ -19754,7 +19755,7 @@ done
+
+ ;;
+ esac
+- if test "X$PYTHON" == "X"
++ if test "X$PYTHON" = "X"
+ then
+ case "$use_python" in
+ unspec)
+@@ -22390,6 +22391,8 @@ case $host in
use_threads=false ;;
*-freebsd*)
use_threads=true ;;
@@ -23,7 +33,7 @@
*-bsdi[234]*)
# Thread signals do not work reliably on some versions of BSD/OS.
use_threads=false ;;
-@@ -24800,23 +24803,47 @@ no) ;;
+@@ -25024,23 +25027,47 @@ no) ;;
then
readline=-lreadline
fi
@@ -86,7 +96,7 @@
;;
esac
-@@ -27148,7 +27175,7 @@ $as_echo "no" >&6; }
+@@ -27372,7 +27399,7 @@ $as_echo "no" >&6; }
fi
if test -n "-L$use_dlz_postgres_lib -lpq"
then
diff -r b7ccb5f6a17c -r 2d7eae0b367f net/bind99/patches/patch-configure.in
--- a/net/bind99/patches/patch-configure.in Wed Oct 10 03:06:37 2012 +0000
+++ b/net/bind99/patches/patch-configure.in Wed Oct 10 03:07:12 2012 +0000
@@ -1,10 +1,20 @@
-$NetBSD: patch-configure.in,v 1.1 2012/07/10 10:23:03 sbd Exp $
+$NetBSD: patch-configure.in,v 1.2 2012/10/10 03:07:12 taca Exp $
-Use separate @LIBREADLINE@ AC_SUBST.
+* Use separate @LIBREADLINE@ AC_SUBST.
+* Avoid using "==" for argument of test(1).
---- configure.in.orig 2012-06-01 15:29:52.000000000 +0000
+--- configure.in.orig 2012-09-27 00:35:19.000000000 +0000
+++ configure.in
-@@ -2223,23 +2223,18 @@ AC_SUBST(ISC_PLATFORM_NEEDSTRLCAT)
+@@ -157,7 +157,7 @@ case "$use_python" in
+ AC_PATH_PROGS(PYTHON, $use_python)
+ ;;
+ esac
+- if test "X$PYTHON" == "X"
++ if test "X$PYTHON" = "X"
+ then
+ case "$use_python" in
+ unspec)
+@@ -2322,23 +2322,18 @@ AC_SUBST(ISC_PLATFORM_NEEDSTRLCAT)
AC_ARG_WITH(readline,
[ --with-readline[=LIBSPEC] specify readline library [default -lreadline]],
Home |
Main Index |
Thread Index |
Old Index