diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2020-08-28 15:57:47 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2020-08-28 15:57:47 +0000 |
commit | 86015bf5ee57f801a30b422e566411fdf4f20798 (patch) | |
tree | b72694d7778bc15d33d1a05c9f0ff965958ec2e7 | |
parent | 7192789b84bbe7c050c0c2ca0f07e708d726e9ae (diff) | |
download | pkgsrc-86015bf5ee57f801a30b422e566411fdf4f20798.tar.gz |
Pullup ticket #6311 - requested by taca
net/bind911: security fix
Revisions pulled up:
- net/bind911/Makefile 1.29
- net/bind911/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 21 16:09:44 UTC 2020
Modified Files:
pkgsrc/net/bind911: Makefile distinfo
Log Message:
net/bind911: update to 9.11.22
Update bind911 to 9.11.22 (BIND 9.11.22).
--- 9.11.22 released ---
5481. [security] "update-policy" rules of type "subdomain" were
incorrectly treated as "zonesub" rules, which allowed
keys used in "subdomain" rules to update names outside
of the specified subdomains. The problem was fixed by
making sure "subdomain" rules are again processed as
described in the ARM. (CVE-2020-8624) [GL #2055]
5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623)
[GL #2037]
5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622) [GL #2028]
5475. [bug] Wildcard RPZ passthru rules could incorrectly be
overridden by other rules that were loaded from RPZ
zones which appeared later in the "response-policy"
statement. This has been fixed. [GL #1619]
5474. [bug] dns_rdata_hip_next() failed to return ISC_R_NOMORE
when it should have. [GL !3880]
5465. [func] Added fallback to built-in trust-anchors, managed-keys,
or trusted-keys if the bindkeys-file (bind.keys) cannot
be parsed. [GL #1235]
5463. [bug] Address a potential NULL pointer dereference when out of
memory in dnstap.c. [GL #2010]
5462. [bug] Move LMDB locking from LMDB itself to named. [GL #1976]
-rw-r--r-- | net/bind911/Makefile | 4 | ||||
-rw-r--r-- | net/bind911/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/net/bind911/Makefile b/net/bind911/Makefile index 14bdf5736d6..0f1680121b9 100644 --- a/net/bind911/Makefile +++ b/net/bind911/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.28 2020/06/18 14:06:21 taca Exp $ +# $NetBSD: Makefile,v 1.28.2.1 2020/08/28 15:57:47 bsiegert Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} @@ -14,7 +14,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.11.20 +BIND_VERSION= 9.11.22 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind911/distinfo b/net/bind911/distinfo index dcccf39ced7..b6fbc84c78e 100644 --- a/net/bind911/distinfo +++ b/net/bind911/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.20 2020/06/18 14:06:21 taca Exp $ +$NetBSD: distinfo,v 1.20.2.1 2020/08/28 15:57:47 bsiegert Exp $ -SHA1 (bind-9.11.20.tar.gz) = ff6ad0d3f9282a77786e93eb889154008ef1ccdf -RMD160 (bind-9.11.20.tar.gz) = ce7f8bb446d63c1b4dbdccf7e6294b87fdba6101 -SHA512 (bind-9.11.20.tar.gz) = 249710a35dfd340abf8d07c526fb9dd05ab3ed186641f33b697f9a59a866965f43d77e6d0c77b3690698eb6d451a15506cedc5da18aff666c9d95a864268dd25 -Size (bind-9.11.20.tar.gz) = 8244703 bytes +SHA1 (bind-9.11.22.tar.gz) = 10104100e265bc9e4b8975b3dc6266cd2d40b597 +RMD160 (bind-9.11.22.tar.gz) = 142024c9808b981544048676ce57cfbf47170f48 +SHA512 (bind-9.11.22.tar.gz) = 8ed2ed661b87705bbb7ddde3076a132b4e53971d669600997abfa104404e0c8b4bf04cc04c6be1c2c701123db5e0d4645ab797e5a985a18f5a1d68824a3df3ed +Size (bind-9.11.22.tar.gz) = 8248081 bytes SHA1 (patch-bin_named_Makefile.in) = 3e5b98e3e0bdb701be679d3580d6d2d7609d655b SHA1 (patch-bin_named_server.c) = 0294d74eb3039049c4672a3de6eb371407bb382d SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = ca2671a5e3216a08a212cf893e070b01705ef9ee |