pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2023Q1] pkgsrc/net/bind918
Module Name: pkgsrc
Committed By: bsiegert
Date: Mon Jun 26 09:34:44 UTC 2023
Modified Files:
pkgsrc/net/bind918 [pkgsrc-2023Q1]: Makefile PLIST distinfo options.mk
Log Message:
Pullup ticket #6764 - requested by taca
net/bind918: security fix
Revisions pulled up:
- net/bind918/Makefile 1.10-1.12
- net/bind918/PLIST 1.4
- net/bind918/distinfo 1.7-1.9
- net/bind918/options.mk 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 24 13:48:06 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile PLIST distinfo options.mk
Log Message:
net/bind918: update to 9.18.14
pkgsrc change: reduce some pkglint warnings.
--- 9.18.14 released ---
6145. [bug] Fix a possible use-after-free bug in the
dns__catz_done_cb() function. [GL #3997]
6143. [bug] A reference counting problem on the error path in
the xfrin_connect_done() might cause an assertion
failure on shutdown. [GL #3989]
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6141. [bug] Fix several issues in nsupdate timeout handling and
update the -t option's documentation. [GL #3674]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6136. [cleanup] Remove the isc_fsaccess API in favor of creating
temporary file first and atomically replace the key
with non-truncated content. [GL #3982]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6128. [bug] Fix an omission in an earlier commit to avoid a race
between the 'dns__catz_update_cb()' and
'dns_catz_dbupdate_callback()' functions. [GL #3968]
6126. [cleanup] Deprecate zone type "delegation-only" and the
"delegation-only" and "root-delegation-only"
options. [GL #3953]
6125. [bug] Hold a catz reference while the update process is
running, so that the catalog zone is not destroyed
during shutdown until the update process is finished or
properly canceled by the activated 'shuttingdown' flag.
[GL #3955]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
6121. [bug] Fix BIND and dig zone transfer hanging when
downloading large zones over TLS from a primary server,
especially over unstable connections. [GL #3867]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 17 13:43:52 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.15
--- 9.18.15 released ---
6164. [bug] Set the rndc idle read timeout back to 60 seconds,
from the netmgr default of 30 seconds, in order to
match the behavior of 9.16 and earlier. [GL #4046]
6161. [bug] Fix log file rotation when using absolute path as
file. [GL #3991]
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
6156. [bug] Reimplement the maximum and idle timeouts for incoming
zone tranfers. [GL #4004]
6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error
in the dispatch code to avoid retrying with the
same server. [GL #4005]
6152. [bug] In dispatch, honour the configured source-port
selection when UDP connection fails with address
in use error.
Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
[GL #3986]
6149. [test] As a workaround, include an OpenSSL header file before
including cmocka.h in the unit tests, because OpenSSL
3.1.0 uses __attribute__(malloc), conflicting with a
redefined malloc in cmocka.h. [GL #4000]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 21 14:42:23 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.16
9.18.16 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6188. [performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
6185. [func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6182. [cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
6181. [func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
6180. [bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
6179. [bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
6176. [test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
6174. [bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
6165. [bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.8.2.1 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.3 -r1.3.2.1 pkgsrc/net/bind918/PLIST
cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/net/bind918/distinfo
cvs rdiff -u -r1.1 -r1.1.4.1 pkgsrc/net/bind918/options.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/bind918/Makefile
diff -u pkgsrc/net/bind918/Makefile:1.8 pkgsrc/net/bind918/Makefile:1.8.2.1
--- pkgsrc/net/bind918/Makefile:1.8 Fri Mar 17 13:58:59 2023
+++ pkgsrc/net/bind918/Makefile Mon Jun 26 09:34:44 2023
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.8 2023/03/17 13:58:59 taca Exp $
+# $NetBSD: Makefile,v 1.8.2.1 2023/06/26 09:34:44 bsiegert Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
@@ -15,7 +15,7 @@ CONFLICTS+= host-[0-9]*
MAKE_JOBS_SAFE= no
-BIND_VERSION= 9.18.13
+BIND_VERSION= 9.18.16
BUILD_DEFS+= BIND_DIR VARBASE
Index: pkgsrc/net/bind918/PLIST
diff -u pkgsrc/net/bind918/PLIST:1.3 pkgsrc/net/bind918/PLIST:1.3.2.1
--- pkgsrc/net/bind918/PLIST:1.3 Fri Mar 17 13:58:59 2023
+++ pkgsrc/net/bind918/PLIST Mon Jun 26 09:34:44 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2023/03/17 13:58:59 taca Exp $
+@comment $NetBSD: PLIST,v 1.3.2.1 2023/06/26 09:34:44 bsiegert Exp $
bin/arpaname
bin/delv
bin/dig
@@ -150,7 +150,6 @@ include/isc/event.h
include/isc/eventclass.h
include/isc/file.h
include/isc/formatcheck.h
-include/isc/fsaccess.h
include/isc/fuzz.h
include/isc/glob.h
include/isc/hash.h
Index: pkgsrc/net/bind918/distinfo
diff -u pkgsrc/net/bind918/distinfo:1.6 pkgsrc/net/bind918/distinfo:1.6.2.1
--- pkgsrc/net/bind918/distinfo:1.6 Fri Mar 17 13:58:59 2023
+++ pkgsrc/net/bind918/distinfo Mon Jun 26 09:34:44 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.6 2023/03/17 13:58:59 taca Exp $
+$NetBSD: distinfo,v 1.6.2.1 2023/06/26 09:34:44 bsiegert Exp $
-BLAKE2s (bind-9.18.13.tar.xz) = ef77120b264e3355c151d73906353b70e897cbd0ac7a316199dca8db794c6621
-SHA512 (bind-9.18.13.tar.xz) = e385a285c5a23bac26155f8a3f3a826a6dec0fd2bf4e3e2270debc45d21031cecc41dc05350b1ec0aed5020e0e4ae75db6632e99deea6834519756af4eb69b3c
-Size (bind-9.18.13.tar.xz) = 5419040 bytes
+BLAKE2s (bind-9.18.16.tar.xz) = ee1af429db6cb8cc0ed6a993387ab139e14dddb9f96f05e8c3c6ef3c33acaf9c
+SHA512 (bind-9.18.16.tar.xz) = 90b510552e8fd0c358a627e32bd840eaafc946a2b3c5c4623d0e24aa167fb99aedd91ed19392a104ed5bfce341d9944bab02c680e19d312b59e6688f9546a1fd
+Size (bind-9.18.16.tar.xz) = 5462456 bytes
SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1
SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b
SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
Index: pkgsrc/net/bind918/options.mk
diff -u pkgsrc/net/bind918/options.mk:1.1 pkgsrc/net/bind918/options.mk:1.1.4.1
--- pkgsrc/net/bind918/options.mk:1.1 Sun Dec 11 01:57:55 2022
+++ pkgsrc/net/bind918/options.mk Mon Jun 26 09:34:44 2023
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.1 2022/12/11 01:57:55 sekiya Exp $
+# $NetBSD: options.mk,v 1.1.4.1 2023/06/26 09:34:44 bsiegert Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.bind
PKG_SUPPORTED_OPTIONS= bind-dig-sigchase bind-xml-statistics-server
@@ -13,10 +13,10 @@ PTHREAD_OPTS+= native
.include "../../mk/pthread.buildlink3.mk"
.if defined(PTHREAD_TYPE) && (${PTHREAD_TYPE} == "none") || \
- !empty(MACHINE_PLATFORM:MNetBSD-*-vax) || \
- !empty(MACHINE_PLATFORM:MNetBSD-*-sparc) || \
- !empty(MACHINE_PLATFORM:MNetBSD-*-sparc64) || \
- !empty(MACHINE_PLATFORM:MNetBSD-*-m68k)
+ ${MACHINE_PLATFORM:MNetBSD-*-vax} || \
+ ${MACHINE_PLATFORM:MNetBSD-*-sparc} || \
+ ${MACHINE_PLATFORM:MNetBSD-*-sparc64} || \
+ ${MACHINE_PLATFORM:MNetBSD-*-m68k}
# don't touch PKG_SUGGESTED_OPTIONS
.else
PKG_SUGGESTED_OPTIONS+= threads
Home |
Main Index |
Thread Index |
Old Index