pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/56315 CVS commit: [pkgsrc-2021Q2] pkgsrc/net/bind916
The following reply was made to PR pkg/56315; it has been noted by GNATS.
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc:
Subject: PR/56315 CVS commit: [pkgsrc-2021Q2] pkgsrc/net/bind916
Date: Sat, 28 Aug 2021 09:22:55 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Aug 28 09:22:55 UTC 2021
Modified Files:
pkgsrc/net/bind916 [pkgsrc-2021Q2]: Makefile distinfo
pkgsrc/net/bind916/patches [pkgsrc-2021Q2]:
patch-lib_dns_include_dns_zone.h patch-lib_dns_zone.c
patch-lib_isc_stats.c patch-lib_ns_include_ns_client.h
Added Files:
pkgsrc/net/bind916/patches [pkgsrc-2021Q2]:
patch-lib_isc_include_isc_types.h patch-lib_ns_client.c
Log Message:
Pullup ticket #6493 - requested by taca
net/bind916: security fix
Revisions pulled up:
- net/bind916/Makefile 1.20-1.25
- net/bind916/distinfo 1.17-1.21
- net/bind916/patches/patch-lib_dns_include_dns_zone.h 1.2
- net/bind916/patches/patch-lib_dns_zone.c 1.3-1.4
- net/bind916/patches/patch-lib_isc_include_isc_types.h 1.3
- net/bind916/patches/patch-lib_isc_stats.c 1.2
- net/bind916/patches/patch-lib_ns_client.c 1.4
- net/bind916/patches/patch-lib_ns_include_ns_client.h 1.2
---
Module Name: pkgsrc
Committed By: rin
Date: Tue Jul 20 06:39:45 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
pkgsrc/net/bind916/patches: patch-lib_dns_include_dns_zone.h
patch-lib_dns_zone.c patch-lib_isc_stats.c
patch-lib_ns_include_ns_client.h
Added Files:
pkgsrc/net/bind916/patches: patch-lib_isc_include_isc_types.h
patch-lib_ns_client.c
Log Message:
net/bind916 Use atomic 32-bit integers where appropriate, revision++
Mostly taken from NetBSD base:
- For counters, make sure to use 32-bit integers for !_LP64 platforms.
In the previous revisions, this is partially done, i.e., incomplete.
- For flags fit within 32-bit width, use 32-bit integers for everyone.
In the previous, this is incomplete, and restricted for __NetBSD__.
Fix and generalize to everyone.
- Make comments in patches more helpful.
Fix build for ILP32 platforms as reported in PR pkg/56315.
Thanks jklos@ for testing.
---
Module Name: pkgsrc
Committed By: rin
Date: Tue Jul 20 06:41:46 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile
Log Message:
net/bind916 --disable-atomic is no longer supported
---
Module Name: pkgsrc
Committed By: rin
Date: Tue Jul 20 07:23:04 UTC 2021
Modified Files:
pkgsrc/net/bind916: distinfo
pkgsrc/net/bind916/patches: patch-lib_dns_zone.c
Log Message:
net/bind916: Oops, fix reversed ``#if''
---
Module Name: pkgsrc
Committed By: he
Date: Thu Jul 22 13:30:24 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
Upgrade net/bind916 to version 9.16.19.
Upstream changes:
--- 9.16.19 released ---
5671. [bug] A race condition could occur where two threads were
competing for the same set of key file locks, leading to
a deadlock. This has been fixed. [GL #2786]
5670. [bug] create_keydata() created an invalid placeholder keydata
record upon a refresh failure, which prevented the
database of managed keys from subsequently being read
back. This has been fixed. [GL #2686]
5669. [func] KASP support was extended with the "check DS" feature.
Zones with "dnssec-policy" and "parental-agents"
configured now check for DS presence and can perform
automatic KSK rollovers. [GL #1126]
5668. [bug] Rescheduling a setnsec3param() task when a zone failed
to load on startup caused a hang on shutdown. This has
been fixed. [GL #2791]
5667. [bug] The configuration-checking code failed to account for
the inheritance rules of the "dnssec-policy" option.
This has been fixed. [GL #2780]
5666. [doc] The safe "edns-udp-size" value was tweaked to match the
probing value from BIND 9.16 for better compatibility.
[GL #2183]
5665. [bug] If nsupdate sends an SOA request and receives a REFUSED
response, it now fails over to the next available
server. [GL #2758]
5664. [func] For UDP messages larger than the path MTU, named now
sends an empty response with the TC (TrunCated) bit set.
In addition, setting the DF (Don't Fragment) flag on
outgoing UDP sockets was re-enabled. [GL #2790]
5662. [bug] Views with recursion disabled are now configured with a
default cache size of 2 MB unless "max-cache-size" is
explicitly set. This prevents cache RBT hash tables from
being needlessly preallocated for such views. [GL #2777]
5661. [bug] Change 5644 inadvertently introduced a deadlock: when
locking the key file mutex for each zone structure in a
different view, the "in-view" logic was not considered.
This has been fixed. [GL #2783]
5658. [bug] Increasing "max-cache-size" for a running named instance
(using "rndc reconfig") did not cause the hash tables
used by cache databases to be grown accordingly. This
has been fixed. [GL #2770]
5655. [bug] Signed, insecure delegation responses prepared by named
either lacked the necessary NSEC records or contained
duplicate NSEC records when both wildcard expansion and
CNAME chaining were required to prepare the response.
This has been fixed. [GL #2759]
5653. [bug] A bug that caused the NSEC3 salt to be changed on every
restart for zones using KASP has been fixed. [GL #2725]
---
Module Name: pkgsrc
Committed By: jklos
Date: Mon Aug 2 18:45:35 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile
Log Message:
Fixed COMMENT because package is at 9.16.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 19 03:33:49 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.20
This update contains security fix: CVE-2021-25218.
--- 9.16.20 released ---
5689. [security] An assertion failure occurred when named attempted to
send a UDP packet that exceeded the MTU size, if
Response Rate Limiting (RRL) was enabled.
(CVE-2021-25218) [GL #2856]
5688. [bug] Zones using KASP and inline-signed zones failed to apply
changes from the unsigned zone to the signed zone under
certain circumstances. This has been fixed. [GL #2735]
5687. [bug] "rndc reload <zonename>" could trigger a redundant
reload for an inline-signed zone whose zone file was not
modified since the last "rndc reload". This has been
fixed. [GL #2855]
5686. [func] The number of internal data structures allocated for
each zone was reduced. [GL #2829]
5685. [bug] named failed to check the opcode of responses when
performing zone refreshes, stub zone updates, and UPDATE
forwarding. This has been fixed. [GL #2762]
5682. [bug] Some changes to "zone-statistics" settings were not
properly processed by "rndc reconfig". This has been
fixed. [GL #2820]
5681. [func] Relax the checks in the dns_zone_cdscheck() function to
allow CDS and CDNSKEY records in the zone that do not
match an existing DNSKEY record, as long as the
algorithm matches. This allows a clean rollover from one
provider to another in a multi-signer DNSSEC
configuration. [GL #2710]
5679. [func] Thread affinity is no longer set. [GL #2822]
5678. [bug] The "check DS" code failed to release all resources upon
named shutdown when a refresh was in progress. This has
been fixed. [GL #2811]
5672. [bug] Authentication of rndc messages could fail if a
"controls" statement was configured with multiple key
algorithms for the same listener. This has been fixed.
[GL #2756]
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 21 03:55:54 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: add patch for map zone file problem
Add patch: <https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17>.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.18.2.1 pkgsrc/net/bind916/Makefile
cvs rdiff -u -r1.16 -r1.16.2.1 pkgsrc/net/bind916/distinfo
cvs rdiff -u -r1.1 -r1.1.8.1 \
pkgsrc/net/bind916/patches/patch-lib_dns_include_dns_zone.h \
pkgsrc/net/bind916/patches/patch-lib_isc_stats.c \
pkgsrc/net/bind916/patches/patch-lib_ns_include_ns_client.h
cvs rdiff -u -r1.2 -r1.2.4.1 pkgsrc/net/bind916/patches/patch-lib_dns_zone.c
cvs rdiff -u -r0 -r1.3.2.2 \
pkgsrc/net/bind916/patches/patch-lib_isc_include_isc_types.h
cvs rdiff -u -r0 -r1.4.2.2 pkgsrc/net/bind916/patches/patch-lib_ns_client.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index