CVS commit: [pkgsrc-2020Q2] pkgsrc/net/bind911

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2020Q2] pkgsrc/net/bind911
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Fri, 28 Aug 2020 15:57:47 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Aug 28 15:57:47 UTC 2020

Modified Files:
        pkgsrc/net/bind911 [pkgsrc-2020Q2]: Makefile distinfo

Log Message:
Pullup ticket #6311 - requested by taca
net/bind911: security fix

Revisions pulled up:
- net/bind911/Makefile                                          1.29
- net/bind911/distinfo                                          1.21

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Aug 21 16:09:44 UTC 2020

   Modified Files:
        pkgsrc/net/bind911: Makefile distinfo

   Log Message:
   net/bind911: update to 9.11.22

   Update bind911 to 9.11.22 (BIND 9.11.22).

        --- 9.11.22 released ---

   5481.        [security]      "update-policy" rules of type "subdomain" were
                        incorrectly treated as "zonesub" rules, which allowed
                        keys used in "subdomain" rules to update names outside
                        of the specified subdomains. The problem was fixed by
                        making sure "subdomain" rules are again processed as
                        described in the ARM. (CVE-2020-8624) [GL #2055]

   5480.        [security]      When BIND 9 was compiled with native PKCS#11 support, it
                        was possible to trigger an assertion failure in code
                        determining the number of bits in the PKCS#11 RSA public
                        key with a specially crafted packet. (CVE-2020-8623)
                        [GL #2037]

   5476.        [security]      It was possible to trigger an assertion failure when
                        verifying the response to a TSIG-signed request.
                        (CVE-2020-8622) [GL #2028]

   5475.        [bug]           Wildcard RPZ passthru rules could incorrectly be
                        overridden by other rules that were loaded from RPZ
                        zones which appeared later in the "response-policy"
                        statement. This has been fixed. [GL #1619]

   5474.        [bug]           dns_rdata_hip_next() failed to return ISC_R_NOMORE
                        when it should have. [GL !3880]

   5465.        [func]          Added fallback to built-in trust-anchors, managed-keys,
                        or trusted-keys if the bindkeys-file (bind.keys) cannot
                        be parsed. [GL #1235]

   5463.        [bug]           Address a potential NULL pointer dereference when out of
                        memory in dnstap.c. [GL #2010]

   5462.        [bug]           Move LMDB locking from LMDB itself to named. [GL #1976]


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.28.2.1 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.20 -r1.20.2.1 pkgsrc/net/bind911/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/bind911/Makefile
diff -u pkgsrc/net/bind911/Makefile:1.28 pkgsrc/net/bind911/Makefile:1.28.2.1
--- pkgsrc/net/bind911/Makefile:1.28    Thu Jun 18 14:06:21 2020
+++ pkgsrc/net/bind911/Makefile Fri Aug 28 15:57:47 2020
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.28 2020/06/18 14:06:21 taca Exp $
+# $NetBSD: Makefile,v 1.28.2.1 2020/08/28 15:57:47 bsiegert Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
@@ -14,7 +14,7 @@ CONFLICTS+=   host-[0-9]*
 
 MAKE_JOBS_SAFE=        no
 
-BIND_VERSION=  9.11.20
+BIND_VERSION=  9.11.22
 
 .include "../../mk/bsd.prefs.mk"
 

Index: pkgsrc/net/bind911/distinfo
diff -u pkgsrc/net/bind911/distinfo:1.20 pkgsrc/net/bind911/distinfo:1.20.2.1
--- pkgsrc/net/bind911/distinfo:1.20    Thu Jun 18 14:06:21 2020
+++ pkgsrc/net/bind911/distinfo Fri Aug 28 15:57:47 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.20 2020/06/18 14:06:21 taca Exp $
+$NetBSD: distinfo,v 1.20.2.1 2020/08/28 15:57:47 bsiegert Exp $
 
-SHA1 (bind-9.11.20.tar.gz) = ff6ad0d3f9282a77786e93eb889154008ef1ccdf
-RMD160 (bind-9.11.20.tar.gz) = ce7f8bb446d63c1b4dbdccf7e6294b87fdba6101
-SHA512 (bind-9.11.20.tar.gz) = 249710a35dfd340abf8d07c526fb9dd05ab3ed186641f33b697f9a59a866965f43d77e6d0c77b3690698eb6d451a15506cedc5da18aff666c9d95a864268dd25
-Size (bind-9.11.20.tar.gz) = 8244703 bytes
+SHA1 (bind-9.11.22.tar.gz) = 10104100e265bc9e4b8975b3dc6266cd2d40b597
+RMD160 (bind-9.11.22.tar.gz) = 142024c9808b981544048676ce57cfbf47170f48
+SHA512 (bind-9.11.22.tar.gz) = 8ed2ed661b87705bbb7ddde3076a132b4e53971d669600997abfa104404e0c8b4bf04cc04c6be1c2c701123db5e0d4645ab797e5a985a18f5a1d68824a3df3ed
+Size (bind-9.11.22.tar.gz) = 8248081 bytes
 SHA1 (patch-bin_named_Makefile.in) = 3e5b98e3e0bdb701be679d3580d6d2d7609d655b
 SHA1 (patch-bin_named_server.c) = 0294d74eb3039049c4672a3de6eb371407bb382d
 SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = ca2671a5e3216a08a212cf893e070b01705ef9ee

Prev by Date: CVS commit: [pkgsrc-2020Q2] pkgsrc/lang/mozjs60
Next by Date: CVS commit: pkgsrc/textproc/split-thai
Previous by Thread: CVS commit: [pkgsrc-2020Q2] pkgsrc/lang/mozjs60
Next by Thread: CVS commit: pkgsrc/textproc/split-thai
Indexes:

Home | Main Index | Thread Index | Old Index