CVS commit: [pkgsrc-2016Q4] pkgsrc/net/bind99

["S.P.Zeidler" <spz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   spz
Date:           Sun Feb 12 21:59:29 UTC 2017

Modified Files:
        pkgsrc/net/bind99 [pkgsrc-2016Q4]: Makefile distinfo

Log Message:
Pullup ticket #5211 - requested by taca
net/bind99: security update

Revisions pulled up:
- net/bind99/Makefile                                           1.63
- net/bind99/distinfo                                           1.43

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Thu Feb  9 00:50:15 UTC 2017

   Modified Files:
        pkgsrc/net/bind99: Makefile distinfo

   Log Message:
   Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).

   Security Fixes

        * If a server is configured with a response policy zone (RPZ) that
          rewrites an answer with local data, and is also configured for
          DNS64 address mapping, a NULL pointer can be read triggering a
          server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
        * named could mishandle authority sections with missing RRSIGs,
          triggering an assertion failure. This flaw is disclosed in
          CVE-2016-9444. [RT #43632]
        * named mishandled some responses where covering RRSIG records were
          returned without the requested data, resulting in an assertion
          failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
        * named incorrectly tried to cache TKEY records which could trigger
          an assertion failure when there was a class mismatch. This flaw is
          disclosed in CVE-2016-9131. [RT #43522]
        * It was possible to trigger assertions when processing responses
          containing answers of type DNAME. This flaw is disclosed in
          CVE-2016-8864. [RT #43465]
        * It was possible to trigger an assertion when rendering a message
          using a specially crafted request. This flaw is disclosed in
          CVE-2016-2776. [RT #43139]
        * Calling getrrsetbyname() with a non- absolute name could trigger an
          infinite recursion bug in lwresd or named with lwres configured if,
          when combined with a search list entry from resolv.conf, the
          resulting name is too long. This flaw is disclosed in
          CVE-2016-2775. [RT #42694]

   Feature Changes

        * None.

   Porting Changes

        * None.

   Bug Fixes

        * A synthesized CNAME record appearing in a response before the
          associated DNAME could be cached, when it should not have been.
          This was a regression introduced while addressing CVE-2016-8864.
          [RT #44318]
        * Windows installs were failing due to triggering UAC without the
          installation binary being signed.
        * A race condition in rbt/rbtdb was leading to INSISTs being
          triggered.

   To generate a diff of this commit:
   cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/bind99/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/bind99/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.61.2.1 -r1.61.2.2 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.41.2.1 -r1.41.2.2 pkgsrc/net/bind99/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/bind99/Makefile
diff -u pkgsrc/net/bind99/Makefile:1.61.2.1 pkgsrc/net/bind99/Makefile:1.61.2.2
--- pkgsrc/net/bind99/Makefile:1.61.2.1 Fri Jan 13 20:21:02 2017
+++ pkgsrc/net/bind99/Makefile  Sun Feb 12 21:59:29 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.61.2.1 2017/01/13 20:21:02 bsiegert Exp $
+# $NetBSD: Makefile,v 1.61.2.2 2017/02/12 21:59:29 spz Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
@@ -13,7 +13,7 @@ CONFLICTS+=   host-[0-9]*
 
 MAKE_JOBS_SAFE=        no
 
-BIND_VERSION=  9.9.9-P5
+BIND_VERSION=  9.9.9-P6
 
 .include "../../mk/bsd.prefs.mk"
 

Index: pkgsrc/net/bind99/distinfo
diff -u pkgsrc/net/bind99/distinfo:1.41.2.1 pkgsrc/net/bind99/distinfo:1.41.2.2
--- pkgsrc/net/bind99/distinfo:1.41.2.1 Fri Jan 13 20:21:02 2017
+++ pkgsrc/net/bind99/distinfo  Sun Feb 12 21:59:29 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.41.2.1 2017/01/13 20:21:02 bsiegert Exp $
+$NetBSD: distinfo,v 1.41.2.2 2017/02/12 21:59:29 spz Exp $
 
-SHA1 (bind-9.9.9-P5.tar.gz) = f76ce1f513a2f245f14ad1ae103e09ebc86d2c0a
-RMD160 (bind-9.9.9-P5.tar.gz) = 2643a6a6173b5cb3bd12c68750929ccd996bc4bb
-SHA512 (bind-9.9.9-P5.tar.gz) = cd055a69bd52b44824dc214a649e8175805274a7ec84c4070779330b3d7c42ae8efc37e09750b4f2c0eb4a22e95786894116df42d6a5070bfb12ecd94d289072
-Size (bind-9.9.9-P5.tar.gz) = 8770509 bytes
+SHA1 (bind-9.9.9-P6.tar.gz) = 620ffa8c7b2e6b650c4c76fe29dba75bc9281037
+RMD160 (bind-9.9.9-P6.tar.gz) = f7a96e6407769b6577e457a4f03a137ffb050d44
+SHA512 (bind-9.9.9-P6.tar.gz) = f8bddaf278af8b255714249ee8eee13b5fca7560ac77243444010139af1575676ebfdb37c726755ece69c16eb60a5272597b1778156cb9a1eb72375cbb3a2d3c
+Size (bind-9.9.9-P6.tar.gz) = 8778790 bytes
 SHA1 (patch-bin_dig_dighost.c) = a4bc9558c5dbedcc6bb0f87ea309358ca098d42a
 SHA1 (patch-bin_tests_system_Makefile.in) = 19d90050acfbe3da838dbd4c1436b5581039b71f
 SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2