diff options
| author | taca <taca@pkgsrc.org> | 2021-04-29 05:55:54 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2021-04-29 05:55:54 +0000 |
| commit | 1f19c0a46853302d8f2a9277d1903c3b7d1d813d (patch) | |
| tree | 21c44370da40861d35736fcfac6a276660a5755d /net/bind916 | |
| parent | 2471b27f28fdcafb6be96d17f4856ec1416d598b (diff) | |
| download | pkgsrc-1f19c0a46853302d8f2a9277d1903c3b7d1d813d.tar.gz | |
net/bind916: update to 9.16.15
Security release.
--- 9.16.15 released ---
5621. [bug] Due to a backporting mistake in change 5609, named
binaries built against a Kerberos/GSSAPI library whose
header files did not define the GSS_SPNEGO_MECHANISM
preprocessor macro were not able to start if their
configuration included the "tkey-gssapi-credential"
option. This has been fixed. [GL #2634]
5620. [bug] If zone journal files written by BIND 9.16.11 or earlier
were present when BIND was upgraded, the zone file for
that zone could have been inadvertently rewritten with
the current zone contents. This caused the original zone
file structure (e.g. comments, $INCLUDE directives) to
be lost, although the zone data itself was preserved.
This has been fixed. [GL #2623]
--- 9.16.14 released ---
5617. [security] A specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO.
(CVE-2021-25216) [GL #2604]
5616. [security] named crashed when a DNAME record placed in the ANSWER
section during DNAME chasing turned out to be the final
answer to a client query. (CVE-2021-25215) [GL #2540]
5615. [security] Insufficient IXFR checks could result in named serving a
zone without an SOA record at the apex, leading to a
RUNTIME_CHECK assertion failure when the zone was
subsequently refreshed. This has been fixed by adding an
owner name check for all SOA records which are included
in a zone transfer. (CVE-2021-25214) [GL #2467]
5614. [bug] Ensure all resources are properly cleaned up when a call
to gss_accept_sec_context() fails. [GL #2620]
5613. [bug] It was possible to write an invalid transaction header
in the journal file for a managed-keys database after
upgrading. This has been fixed. Invalid headers in
existing journal files are detected and named is able
to recover from them. [GL #2600]
5611. [func] Set "stale-answer-client-timeout" to "off" by default.
[GL #2608]
5610. [bug] Prevent a crash which could happen when a lookup
triggered by "stale-answer-client-timeout" was attempted
right after recursion for a client query finished.
[GL #2594]
5609. [func] The ISC implementation of SPNEGO was removed from BIND 9
source code. It was no longer necessary as all major
contemporary Kerberos/GSSAPI libraries include support
for SPNEGO. [GL #2607]
5608. [bug] When sending queries over TCP, dig now properly handles
"+tries=1 +retry=0" by not retrying the connection when
the remote server closes the connection prematurely.
[GL #2490]
5607. [bug] As "rndc dnssec -checkds" and "rndc dnssec -rollover"
commands may affect the next scheduled key event,
reconfiguration of zone keys is now triggered after
receiving either of these commands to prevent
unnecessary key rollover delays. [GL #2488]
5606. [bug] CDS/CDNSKEY DELETE records are now removed when a zone
transitions from a secure to an insecure state.
named-checkzone also no longer reports an error when
such records are found in an unsigned zone. [GL #2517]
5605. [bug] "dig -u" now uses the CLOCK_REALTIME clock source for
more accurate time reporting. [GL #2592]
5603. [bug] Fix a memory leak that occurred when named failed to
bind a UDP socket to a network interface. [GL #2575]
5602. [bug] Fix TCPDNS and TLSDNS timers in Network Manager. This
makes the "tcp-initial-timeout" and "tcp-idle-timeout"
options work correctly again. [GL #2583]
5601. [bug] Zones using KASP could not be thawed after they were
frozen using "rndc freeze". This has been fixed.
[GL #2523]
Diffstat (limited to 'net/bind916')
| -rw-r--r-- | net/bind916/Makefile | 5 | ||||
| -rw-r--r-- | net/bind916/distinfo | 10 |
2 files changed, 7 insertions, 8 deletions
diff --git a/net/bind916/Makefile b/net/bind916/Makefile index 7c7569c97e7..154e4c18be3 100644 --- a/net/bind916/Makefile +++ b/net/bind916/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.12 2021/04/21 11:42:23 adam Exp $ +# $NetBSD: Makefile,v 1.13 2021/04/29 05:55:54 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} -PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ EXTRACT_SUFX= .tar.xz @@ -16,7 +15,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.16.13 +BIND_VERSION= 9.16.15 BUILD_DEFS+= BIND_DIR VARBASE diff --git a/net/bind916/distinfo b/net/bind916/distinfo index 7756c43d3ac..40311d2d256 100644 --- a/net/bind916/distinfo +++ b/net/bind916/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.11 2021/03/21 04:16:17 taca Exp $ +$NetBSD: distinfo,v 1.12 2021/04/29 05:55:54 taca Exp $ -SHA1 (bind-9.16.13.tar.xz) = 5120b0e7fcc8b7d3e1c9d1414c5c3888640c3b40 -RMD160 (bind-9.16.13.tar.xz) = 95ca9bcf95ecf996d3bfe97a2bad602f35a63b3e -SHA512 (bind-9.16.13.tar.xz) = 1f3c8f54dd2c9e18cd9b67cfebb645d0a8e8f566add07fc4690cb8820bf81640c33b2b0685cb8be095e0f9ac84b2cf78176aea841a30c27d547b569b8353b07b -Size (bind-9.16.13.tar.xz) = 5028340 bytes +SHA1 (bind-9.16.15.tar.xz) = 5d68bbd1ff452708d45f2d4ef832faa3a1690fc7 +RMD160 (bind-9.16.15.tar.xz) = 5697b6b0a0d67022f1e279f27c413b739fa2de4d +SHA512 (bind-9.16.15.tar.xz) = 30dad6e2144b3ac53ef0a2d1ed3c8342120f148fc0eb6409113a6d5ed3444eecb917915fdf39c26fd223396fc1e873410a50da305f0b870864f7fbbdccec8033 +Size (bind-9.16.15.tar.xz) = 5025688 bytes SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb |