Upgrade bind916 to version 9.16.7.

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: Upgrade bind916 to version 9.16.7.
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Thu, 01 Oct 2020 12:04:13 +0000
Module Name:	pkgsrc-wip
Committed By:	Havard Eidnes <he%NetBSD.org@localhost>
Pushed By:	he
Date:		Thu Oct 1 14:04:13 2020 +0200
Changeset:	0d23db68d877671a273f0059851bd970f09e6a41

Modified Files:
	bind916/Makefile
	bind916/distinfo
	bind916/patches/patch-bin_tests_system_kasp_tests.sh
Removed Files:
	bind916/patches/patch-lib_dns_spnego.c

Log Message:
Upgrade bind916 to version 9.16.7.

Pkgsrc changes:
 * Adapt patches

Upstream changes:

Notes for BIND 9.16.7
---------------------

New Features
~~~~~~~~~~~~

- Add a new ``rndc`` command, ``rndc dnssec -checkds``, which signals to
  ``named`` that a DS record for a given zone or key has been published
  or withdrawn from the parent. This command replaces the time-based
  ``parent-registration-delay`` configuration option. [GL #1613]

- Log when ``named`` adds a CDS/CDNSKEY to the zone. [GL #1748]

Bug Fixes
~~~~~~~~~

- In rare circumstances, ``named`` would exit with an assertion failure
  when the number of nodes stored in the red-black tree exceeded the
  maximum allowed size of the internal hash table. [GL #2104]

- Silence spurious system log messages for an EPROTO(71) error code that
  was seen on older operating systems, where unhandled ICMPv6 errors
  resulted in a generic protocol error being returned instead of a more
  specific error code. [GL #1928]

- With query name minimization enabled, ``named`` failed to resolve
  ``ip6.arpa.`` names that had extra labels to the left of the IPv6
  part. For example, when ``named`` attempted query name minimization on
  a name like ``A.B.1.2.3.4.(...).ip6.arpa.``, it stopped at the
  leftmost IPv6 label, i.e. ``1.2.3.4.(...).ip6.arpa.``, without
  considering the extra labels (``A.B``). That caused a query loop when
  resolving the name: if ``named`` received NXDOMAIN answers, then the
  same query was repeatedly sent until the number of queries sent
  reached the value of the ``max-recursion-queries`` configuration
  option. [GL #1847]

- Parsing of LOC records was made more strict by rejecting a sole period
  (``.``) and/or ``m`` as a value. These changes prevent zone files
  using such values from being loaded. Handling of negative altitudes
  which are not integers was also corrected. [GL #2074]

- Several problems found by `OSS-Fuzz`_ were fixed. (None of these are
  security issues.) [GL !3953] [GL !3975]

.. _OSS-Fuzz: https://github.com/google/oss-fuzz

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=0d23db68d877671a273f0059851bd970f09e6a41

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 bind916/Makefile                                   |  2 +-
 bind916/distinfo                                   | 11 +++++------
 .../patches/patch-bin_tests_system_kasp_tests.sh   | 22 +++++++++++-----------
 bind916/patches/patch-lib_dns_spnego.c             | 15 ---------------
 4 files changed, 17 insertions(+), 33 deletions(-)

diffs:
diff --git a/bind916/Makefile b/bind916/Makefile
index afe2d6e64f..a3393fa2f6 100644
--- a/bind916/Makefile
+++ b/bind916/Makefile
@@ -15,7 +15,7 @@ CONFLICTS+=	host-[0-9]*
 
 MAKE_JOBS_SAFE=	no
 
-BIND_VERSION=	9.16.6
+BIND_VERSION=	9.16.7
 
 # For libatomic and 64-bit operations
 #USE_PKGSRC_GCC=	yes
diff --git a/bind916/distinfo b/bind916/distinfo
index 064faa0b44..18517c6a42 100644
--- a/bind916/distinfo
+++ b/bind916/distinfo
@@ -1,9 +1,9 @@
 $NetBSD: distinfo,v 1.14 2020/02/20 16:37:06 taca Exp $
 
-SHA1 (bind-9.16.6.tar.xz) = f8a4c1bd074cc0305a4c50971e71da5a3b810d78
-RMD160 (bind-9.16.6.tar.xz) = 3b296d967a6a5a709b599efbffc9697060c5f91b
-SHA512 (bind-9.16.6.tar.xz) = 37f57db6d1633cc85a4d954a69bbb3372c65ac43fef965df5aee8dcdd32153bb5b0c6d0d5f00f353dd4464c71d74dc8e801937b930e2b8f6799fa77af5f243e0
-Size (bind-9.16.6.tar.xz) = 3228368 bytes
+SHA1 (bind-9.16.7.tar.xz) = 633667fac05ad1f87d89bddc504b3e1c3fe0549a
+RMD160 (bind-9.16.7.tar.xz) = 55a5a7cb173ff0bb2214f073c90c2e281daedbd1
+SHA512 (bind-9.16.7.tar.xz) = 176c84657e8a7b10a7ca93c939ca6a7fcdefb22f9200c3f01be59bcd8990dee27b8dc0970299225bcbe0f1aa8f49a67c80c4a9853895ffbcd685adb9674e7768
+Size (bind-9.16.7.tar.xz) = 3241476 bytes
 SHA1 (patch-bin_named_Makefile.in) = 8ef44cfa5b7c66562d9e26b0d3052ccd53388b6f
 SHA1 (patch-bin_named_main.c) = c62eb07ae859d022a77d2b3cbaa48df73e4fa8d4
 SHA1 (patch-bin_named_pfilter.c) = b54f872c883c8fbc2d9c04df65c185dc057cc36b
@@ -11,7 +11,7 @@ SHA1 (patch-bin_named_pfilter.h) = c14617cb266a4b5d33ba6e5db98562e806792833
 SHA1 (patch-bin_named_server.c) = 57f43d4556588447f44980c5acd36cb00cc528cc
 SHA1 (patch-bin_nsupdate_nsupdate.c) = f71213385ec7c78243c1f93a6940caa111cb5072
 SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
-SHA1 (patch-bin_tests_system_kasp_tests.sh) = 76d49ddc9781dd9f03420f1a0b212cc7d0a4e1e3
+SHA1 (patch-bin_tests_system_kasp_tests.sh) = 88402d84b337c864934618f2707bd6e91e3457e4
 SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28
 SHA1 (patch-bin_tests_system_rpz_tests.sh) = 1bc5e0d5c0cc50608e6314c2d2664bd1dc3f6e34
 SHA1 (patch-bin_tools_arpaname.c) = b17050df38ca9734f40351a37a6faf581481e2da
@@ -29,7 +29,6 @@ SHA1 (patch-lib_dns_rbt.c) = c18e79500cae16039020a4fcd8f11a0ced646edc
 SHA1 (patch-lib_dns_rbtdb.c) = 389a83f425050733cb90652ffcb515d7a53d76f2
 SHA1 (patch-lib_dns_request.c) = 890ca130eb515635fe099c92e653a942a91c5253
 SHA1 (patch-lib_dns_sdb.c) = 8a94a65785bb938d330d1446e0100e50fa5fa9bd
-SHA1 (patch-lib_dns_spnego.c) = 817e8d9eceb10a3e7d396ee76b218b4f0009be3f
 SHA1 (patch-lib_dns_validator.c) = 0487bc39326dd6bc9b327aff661045b7416a952d
 SHA1 (patch-lib_dns_view.c) = 54f498d5e2519652498b100789c9c6139a10db12
 SHA1 (patch-lib_isc_backtrace.c) = 5463d3174d1ed809e12e415109fd9b5ecdf8fe2b
diff --git a/bind916/patches/patch-bin_tests_system_kasp_tests.sh b/bind916/patches/patch-bin_tests_system_kasp_tests.sh
index e125bac928..fa21650aed 100644
--- a/bind916/patches/patch-bin_tests_system_kasp_tests.sh
+++ b/bind916/patches/patch-bin_tests_system_kasp_tests.sh
@@ -139,7 +139,7 @@ Portability in shell script, don't use == with test.
  		grep "Published: " "$STATE_FILE" > /dev/null && log_error "unexpected publish in $STATE_FILE"
  		grep "Active: " "$STATE_FILE" > /dev/null && log_error "unexpected active in $STATE_FILE"
  		grep "Retired: " "$STATE_FILE" > /dev/null && log_error "unexpected retired in $STATE_FILE"
-@@ -1324,7 +1324,7 @@ set_keytimes_algorithm_policy() {
+@@ -1589,7 +1589,7 @@ set_keytimes_algorithm_policy() {
  	set_keytime    "KEY1" "PUBLISHED" "${created}"
  	set_keytime    "KEY1" "ACTIVE"    "${created}"
  	# Key was pregenerated.
@@ -148,7 +148,7 @@ Portability in shell script, don't use == with test.
  		keyfile=$(key_get KEY1 BASEFILE)
  		grep "; Publish:" "${keyfile}.key" > published.test${n}.key1
  		published=$(awk '{print $3}' < published.test${n}.key1)
-@@ -1351,7 +1351,7 @@ set_keytimes_algorithm_policy() {
+@@ -1616,7 +1616,7 @@ set_keytimes_algorithm_policy() {
  	set_keytime    "KEY2" "PUBLISHED" "${created}"
  	set_keytime    "KEY2" "ACTIVE"    "${created}"
  	# Key was pregenerated.
@@ -157,7 +157,7 @@ Portability in shell script, don't use == with test.
  		keyfile=$(key_get KEY2 BASEFILE)
  		grep "; Publish:" "${keyfile}.key" > published.test${n}.key2
  		published=$(awk '{print $3}' < published.test${n}.key2)
-@@ -1374,7 +1374,7 @@ set_keytimes_algorithm_policy() {
+@@ -1639,7 +1639,7 @@ set_keytimes_algorithm_policy() {
  	set_keytime    "KEY3" "PUBLISHED" "${created}"
  	set_keytime    "KEY3" "ACTIVE"    "${created}"
  	# Key was pregenerated.
@@ -166,7 +166,7 @@ Portability in shell script, don't use == with test.
  		keyfile=$(key_get KEY3 BASEFILE)
  		grep "; Publish:" "${keyfile}.key" > published.test${n}.key3
  		published=$(awk '{print $3}' < published.test${n}.key3)
-@@ -2541,12 +2541,12 @@ rollover_predecessor_keytimes() {
+@@ -2822,12 +2822,12 @@ rollover_predecessor_keytimes() {
  	set_addkeytime  "KEY1" "PUBLISHED"   "${_created}" "${_addtime}"
  	set_addkeytime  "KEY1" "SYNCPUBLISH" "${_created}" "${_addtime}"
  	set_addkeytime  "KEY1" "ACTIVE"      "${_created}" "${_addtime}"
@@ -181,16 +181,16 @@ Portability in shell script, don't use == with test.
  }
  
  # Key properties.
-@@ -2994,7 +2994,7 @@ csk_rollover_predecessor_keytimes() {
- 	set_addkeytime      "KEY1" "PUBLISHED"   "${_created}" "${_addksktime}"
- 	set_addkeytime      "KEY1" "SYNCPUBLISH" "${_created}" "${_addzsktime}"
- 	set_addkeytime      "KEY1" "ACTIVE"      "${_created}" "${_addzsktime}"
+@@ -3306,7 +3306,7 @@ csk_rollover_predecessor_keytimes() {
+ 	set_addkeytime      "KEY1" "PUBLISHED"   "${_created}" "${_addtime}"
+ 	set_addkeytime      "KEY1" "SYNCPUBLISH" "${_created}" "${_addtime}"
+ 	set_addkeytime      "KEY1" "ACTIVE"      "${_created}" "${_addtime}"
 -	[ "$Lcsk" == 0 ] || set_retired_removed "KEY1" "${Lcsk}" "${IretCSK}"
 +	[ "$Lcsk" = 0 ] || set_retired_removed "KEY1" "${Lcsk}" "${IretCSK}"
  }
  
  #
-@@ -3908,8 +3908,8 @@ dnssec_verify
+@@ -4272,8 +4272,8 @@ dnssec_verify
  n=$((n+1))
  echo_i "check that of zone ${ZONE} migration to dnssec-policy uses the same keys ($n)"
  ret=0
@@ -201,7 +201,7 @@ Portability in shell script, don't use == with test.
  status=$((status+ret))
  
  # Test migration to dnssec-policy, existing keys do not match key algorithm.
-@@ -4024,8 +4024,8 @@ dnssec_verify
+@@ -4388,8 +4388,8 @@ dnssec_verify
  n=$((n+1))
  echo_i "check that of zone ${ZONE} migration to dnssec-policy keeps existing keys ($n)"
  ret=0
@@ -212,7 +212,7 @@ Portability in shell script, don't use == with test.
  status=$((status+ret))
  
  # Test migration to dnssec-policy, existing keys do not match key length.
-@@ -4141,8 +4141,8 @@ dnssec_verify
+@@ -4505,8 +4505,8 @@ dnssec_verify
  n=$((n+1))
  echo_i "check that of zone ${ZONE} migration to dnssec-policy keeps existing keys ($n)"
  ret=0
diff --git a/bind916/patches/patch-lib_dns_spnego.c b/bind916/patches/patch-lib_dns_spnego.c
deleted file mode 100644
index b024874382..0000000000
--- a/bind916/patches/patch-lib_dns_spnego.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-lib_dns_spnego.c,v 1.1 2019/04/30 03:34:34 taca Exp $
-
-* Avoid gcc warning.
-
---- lib/dns/spnego.c.orig	2019-04-06 20:09:59.000000000 +0000
-+++ lib/dns/spnego.c
-@@ -1503,7 +1503,7 @@ spnego_initial(OM_uint32 *minor_status,
- 	gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER;
- 	unsigned char *buf = NULL;
- 	size_t buf_size;
--	size_t len;
-+	size_t len = 0; /* XXX: gcc */
- 	int ret;
- 
- 	(void)mech_type;
Prev by Date: Various fixes for BIND 9.16.6: * Install *.rst instead of *.html doc files * Fix up change of test == to test =
Next by Date: py-conan: updated to 1.29.2, removed upper bound for py-deprecated dep.
Previous by Thread: Various fixes for BIND 9.16.6: * Install *.rst instead of *.html doc files * Fix up change of test == to test =
Next by Thread: py-conan: updated to 1.29.2, removed upper bound for py-deprecated dep.
Indexes:
Home | Main Index | Thread Index | Old Index