diff options
| author | spz <spz> | 2017-02-12 21:59:29 +0000 |
|---|---|---|
| committer | spz <spz> | 2017-02-12 21:59:29 +0000 |
| commit | 7b8e660c55ee12a9e25e284b06a6f0bbc050abb2 (patch) | |
| tree | 45a7bfffabc21dbef0b51445a6da15d0549f345f | |
| parent | bbf72c5485c9985373be68c1d2bf7e456c1ab560 (diff) | |
| download | pkgsrc-7b8e660c55ee12a9e25e284b06a6f0bbc050abb2.tar.gz | |
Pullup ticket #5211 - requested by taca
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.63
- net/bind99/distinfo 1.43
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 9 00:50:15 UTC 2017
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).
Security Fixes
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non- absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
Feature Changes
* None.
Porting Changes
* None.
Bug Fixes
* A synthesized CNAME record appearing in a response before the
associated DNAME could be cached, when it should not have been.
This was a regression introduced while addressing CVE-2016-8864.
[RT #44318]
* Windows installs were failing due to triggering UAC without the
installation binary being signed.
* A race condition in rbt/rbtdb was leading to INSISTs being
triggered.
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/bind99/distinfo
| -rw-r--r-- | net/bind99/Makefile | 4 | ||||
| -rw-r--r-- | net/bind99/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/net/bind99/Makefile b/net/bind99/Makefile index e2535247af0..4074b165df3 100644 --- a/net/bind99/Makefile +++ b/net/bind99/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.61.2.1 2017/01/13 20:21:02 bsiegert Exp $ +# $NetBSD: Makefile,v 1.61.2.2 2017/02/12 21:59:29 spz Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} @@ -13,7 +13,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.9.9-P5 +BIND_VERSION= 9.9.9-P6 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind99/distinfo b/net/bind99/distinfo index 2d05106f9b2..ef59512bba6 100644 --- a/net/bind99/distinfo +++ b/net/bind99/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.41.2.1 2017/01/13 20:21:02 bsiegert Exp $ +$NetBSD: distinfo,v 1.41.2.2 2017/02/12 21:59:29 spz Exp $ -SHA1 (bind-9.9.9-P5.tar.gz) = f76ce1f513a2f245f14ad1ae103e09ebc86d2c0a -RMD160 (bind-9.9.9-P5.tar.gz) = 2643a6a6173b5cb3bd12c68750929ccd996bc4bb -SHA512 (bind-9.9.9-P5.tar.gz) = cd055a69bd52b44824dc214a649e8175805274a7ec84c4070779330b3d7c42ae8efc37e09750b4f2c0eb4a22e95786894116df42d6a5070bfb12ecd94d289072 -Size (bind-9.9.9-P5.tar.gz) = 8770509 bytes +SHA1 (bind-9.9.9-P6.tar.gz) = 620ffa8c7b2e6b650c4c76fe29dba75bc9281037 +RMD160 (bind-9.9.9-P6.tar.gz) = f7a96e6407769b6577e457a4f03a137ffb050d44 +SHA512 (bind-9.9.9-P6.tar.gz) = f8bddaf278af8b255714249ee8eee13b5fca7560ac77243444010139af1575676ebfdb37c726755ece69c16eb60a5272597b1778156cb9a1eb72375cbb3a2d3c +Size (bind-9.9.9-P6.tar.gz) = 8778790 bytes SHA1 (patch-bin_dig_dighost.c) = a4bc9558c5dbedcc6bb0f87ea309358ca098d42a SHA1 (patch-bin_tests_system_Makefile.in) = 19d90050acfbe3da838dbd4c1436b5581039b71f SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 |