diff options
| author | taca <taca@pkgsrc.org> | 2013-09-21 15:57:50 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2013-09-21 15:57:50 +0000 |
| commit | 624ae6a145c5a97ff275cca59de6c4877faee493 (patch) | |
| tree | 3f0ca7c579286b90d76b2392b65c02563a6e018c | |
| parent | ade6aecdf7031d6b02de546a682626bc9be030a0 (diff) | |
| download | pkgsrc-624ae6a145c5a97ff275cca59de6c4877faee493.tar.gz | |
Update bind96 to bind-9.6.3.1.ESV.10 (BIND 9.6-ESV-R10).
(CVE-2013-3919 is already fixed in pkgsrc).
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
| -rw-r--r-- | net/bind96/Makefile | 5 | ||||
| -rw-r--r-- | net/bind96/PLIST | 4 | ||||
| -rw-r--r-- | net/bind96/distinfo | 12 | ||||
| -rw-r--r-- | net/bind96/patches/patch-ab | 6 | ||||
| -rw-r--r-- | net/bind96/patches/patch-ad | 10 |
5 files changed, 19 insertions, 18 deletions
diff --git a/net/bind96/Makefile b/net/bind96/Makefile index 5646d1a9d05..b9c1359bb92 100644 --- a/net/bind96/Makefile +++ b/net/bind96/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.41 2013/07/12 10:44:58 jperkin Exp $ +# $NetBSD: Makefile,v 1.42 2013/09/21 15:57:50 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-ESV/.3.1.ESV/:S/-R/./:S/-P/pl/} -PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ @@ -15,7 +14,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.6-ESV-R9-P1 +BIND_VERSION= 9.6-ESV-R10 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind96/PLIST b/net/bind96/PLIST index 8a91d735933..85cca76d343 100644 --- a/net/bind96/PLIST +++ b/net/bind96/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.9 2012/04/05 00:41:10 taca Exp $ +@comment $NetBSD: PLIST,v 1.10 2013/09/21 15:57:50 taca Exp $ bin/dig bin/host bin/isc-config.sh @@ -139,11 +139,13 @@ include/isc/resource.h include/isc/result.h include/isc/resultclass.h include/isc/rwlock.h +include/isc/safe.h include/isc/serial.h include/isc/sha1.h include/isc/sha2.h include/isc/sockaddr.h include/isc/socket.h +include/isc/stat.h include/isc/stdio.h include/isc/stdlib.h include/isc/stdtime.h diff --git a/net/bind96/distinfo b/net/bind96/distinfo index 96d0ea2901b..e4f62a550b9 100644 --- a/net/bind96/distinfo +++ b/net/bind96/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.22 2013/06/06 02:57:58 taca Exp $ +$NetBSD: distinfo,v 1.23 2013/09/21 15:57:50 taca Exp $ -SHA1 (bind-9.6-ESV-R9-P1.tar.gz) = 739cd279243308af616179dcf3d84fbe8a57e9c3 -RMD160 (bind-9.6-ESV-R9-P1.tar.gz) = 252d221d4d811d84642c432a920b139d10341ae3 -Size (bind-9.6-ESV-R9-P1.tar.gz) = 6410296 bytes -SHA1 (patch-ab) = 6cec876c8caa7082f97365863f3f88c4f168da48 +SHA1 (bind-9.6-ESV-R10.tar.gz) = 7ea36aa59d2c5dc6a46fb88b138c3797fd543267 +RMD160 (bind-9.6-ESV-R10.tar.gz) = 68d6106ed706674a1d58b5610ce3af48ac7106b5 +Size (bind-9.6-ESV-R10.tar.gz) = 6420776 bytes +SHA1 (patch-ab) = 33a515cd29cd7a534d65d34facb69fd4dca92180 SHA1 (patch-ac) = 074649e1514870a3154c623a5f6d1507b72b5b05 -SHA1 (patch-ad) = 3fcfac007f7823d48573459e57810f442c5b7d2f +SHA1 (patch-ad) = 767e98199b26695c1f41d724879771e6806d6b45 SHA1 (patch-ag) = ffc547b444f01f51a12a01cfa884916a9a411a88 SHA1 (patch-am) = a52d847354cd83b2474d5420925925e4614c966f diff --git a/net/bind96/patches/patch-ab b/net/bind96/patches/patch-ab index 3f6d2d6d047..157c8b2ca48 100644 --- a/net/bind96/patches/patch-ab +++ b/net/bind96/patches/patch-ab @@ -1,6 +1,6 @@ -$NetBSD: patch-ab,v 1.2 2009/07/26 09:07:58 obache Exp $ +$NetBSD: patch-ab,v 1.3 2013/09/21 15:57:50 taca Exp $ ---- lib/lwres/getnameinfo.c.orig 2007-06-19 23:47:22.000000000 +0000 +--- lib/lwres/getnameinfo.c.orig 2013-09-05 05:40:13.000000000 +0000 +++ lib/lwres/getnameinfo.c @@ -121,6 +121,10 @@ #include <lwres/netdb.h> @@ -13,7 +13,7 @@ $NetBSD: patch-ab,v 1.2 2009/07/26 09:07:58 obache Exp $ #include "assert_p.h" #define SUCCESS 0 -@@ -271,13 +275,10 @@ lwres_getnameinfo(const struct sockaddr +@@ -272,13 +276,10 @@ lwres_getnameinfo(const struct sockaddr ((const struct sockaddr_in6 *)sa)->sin6_scope_id) { char *p = numaddr + strlen(numaddr); const char *stringscope = NULL; diff --git a/net/bind96/patches/patch-ad b/net/bind96/patches/patch-ad index 7c3a043742c..8cdb20acc03 100644 --- a/net/bind96/patches/patch-ad +++ b/net/bind96/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-ad,v 1.6 2012/04/05 00:41:10 taca Exp $ +$NetBSD: patch-ad,v 1.7 2013/09/21 15:57:50 taca Exp $ ---- configure.orig 2012-03-26 16:14:28.000000000 +0000 +--- configure.orig 2013-09-05 05:40:13.000000000 +0000 +++ configure -@@ -21923,6 +21923,8 @@ case $host in +@@ -14354,6 +14354,8 @@ case $host in use_threads=false ;; *-freebsd*) use_threads=false ;; @@ -11,7 +11,7 @@ $NetBSD: patch-ad,v 1.6 2012/04/05 00:41:10 taca Exp $ *-bsdi[234]*) # Thread signals do not work reliably on some versions of BSD/OS. use_threads=false ;; -@@ -23239,9 +23241,9 @@ case $use_libtool in +@@ -15678,9 +15680,9 @@ case $use_libtool in O=lo A=la LIBTOOL_MKDEP_SED='s;\.o;\.lo;' @@ -23,7 +23,7 @@ $NetBSD: patch-ad,v 1.6 2012/04/05 00:41:10 taca Exp $ case "$host" in *) LIBTOOL_ALLOW_UNDEFINED= ;; esac -@@ -26420,7 +26422,7 @@ $as_echo "no" >&6; } +@@ -18892,7 +18894,7 @@ $as_echo "no" >&6; } fi if test -n "-L$use_dlz_postgres_lib -lpq" then |