diff options
| author | taca <taca@pkgsrc.org> | 2011-09-01 03:44:35 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2011-09-01 03:44:35 +0000 |
| commit | 3d06126e784cfbfaa5f1ca2e3f04019bad69a981 (patch) | |
| tree | da83cac3d4e3e4b5425f28660b1953a02cb9d958 /net/bind98 | |
| parent | 150bd0477a9c3b0deafb44dd513e2ef1b0308021 (diff) | |
| download | pkgsrc-3d06126e784cfbfaa5f1ca2e3f04019bad69a981.tar.gz | |
Update bind98 package to 9.8.1.
pkgsrc change: add a patch to fix build problem with some PKG_OPTIONS,
such as "ldap".
New Features
9.8.1
* Added a new include file with function typedefs for the DLZ
"dlopen" driver. [RT #23629]
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
* The root key is now provided in the file bind.keys allowing DNSSEC
validation to be switched on at start up by adding
"dnssec-validation auto;" to named.conf. If the root key provided
has expired, named will log the expiration and validation will not
work. More information and the most current copy of bind.keys can
be found at http://www.isc.org/bind-keys. *Please note this feature
was actually added in 9.8.0 but was not included in the 9.8.0
release notes. [RT #21727]
Security Fixes
9.8.1
* If named is configured with a response policy zone (RPZ) and a
query of type RRSIG is received for a name configured for RRset
replacement in that RPZ, it will trigger an INSIST and crash the
server. RRSIG. [RT #24280]
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
query type independant. [RT #24715]
* Using Response Policy Zone (RPZ) with DNAME records and querying
the subdomain of that label can cause named to crash. Now logs that
DNAME is not supported. [RT #24766]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.8.1
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* The DLZ "dlopen" driver is now built by default, no longer
requiring a configure option. To disable it, use "configure
--without-dlopen". (Note: driver not supported on win32.) [RT
#23467]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
* Make --with-gssapi default for ./configure. [RT #23738]
* Improved the startup time for an authoritative server with a large
number of zones by making the zone task table of variable size
rather than fixed size. This means that authoritative servers with
lots of zones will be serving that zone data much sooner. [RT
#24406]
* Per RFC 6303, RFC 1918 reverse zones are now part of the built-in
list of empty zones. [RT #24990]
Diffstat (limited to 'net/bind98')
| -rw-r--r-- | net/bind98/Makefile | 4 | ||||
| -rw-r--r-- | net/bind98/PLIST | 10 | ||||
| -rw-r--r-- | net/bind98/distinfo | 11 | ||||
| -rw-r--r-- | net/bind98/patches/patch-configure | 10 | ||||
| -rw-r--r-- | net/bind98/patches/patch-contrib_dlz_drivers_sdlz__helper.c | 13 |
5 files changed, 32 insertions, 16 deletions
diff --git a/net/bind98/Makefile b/net/bind98/Makefile index d38288255c9..3be15e1e6d7 100644 --- a/net/bind98/Makefile +++ b/net/bind98/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.4 2011/07/05 13:35:29 taca Exp $ +# $NetBSD: Makefile,v 1.5 2011/09/01 03:44:35 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} @@ -16,7 +16,7 @@ PKG_DESTDIR_SUPPORT= user-destdir MAKE_JOBS_SAFE= no -BIND_VERSION= 9.8.0-P4 +BIND_VERSION= 9.8.1 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind98/PLIST b/net/bind98/PLIST index 1f966fce3fe..6729b278679 100644 --- a/net/bind98/PLIST +++ b/net/bind98/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2011/03/04 03:52:15 taca Exp $ +@comment $NetBSD: PLIST,v 1.2 2011/09/01 03:44:35 taca Exp $ bin/dig bin/host bin/isc-config.sh @@ -57,6 +57,7 @@ include/dns/request.h include/dns/resolver.h include/dns/result.h include/dns/rootns.h +include/dns/rpz.h include/dns/sdb.h include/dns/sdlz.h include/dns/secalg.h @@ -362,6 +363,7 @@ share/doc/bind9/arm/man.nsupdate.html share/doc/bind9/arm/man.rndc-confgen.html share/doc/bind9/arm/man.rndc.conf.html share/doc/bind9/arm/man.rndc.html +share/doc/bind9/draft/draft-faltstrom-uri-06.txt share/doc/bind9/draft/draft-ietf-6man-text-addr-representation-07.txt share/doc/bind9/draft/draft-ietf-behave-address-format-07.txt share/doc/bind9/draft/draft-ietf-behave-dns64-11.txt @@ -371,13 +373,12 @@ share/doc/bind9/draft/draft-ietf-dnsext-dnssec-bis-updates-12.txt share/doc/bind9/draft/draft-ietf-dnsext-dnssec-registry-fixes-06.txt share/doc/bind9/draft/draft-ietf-dnsext-ecc-key-07.txt share/doc/bind9/draft/draft-ietf-dnsext-interop3597-02.txt -share/doc/bind9/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt +share/doc/bind9/draft/draft-ietf-dnsext-rfc2671bis-edns0-05.txt share/doc/bind9/draft/draft-ietf-dnsext-rfc2672bis-dname-19.txt share/doc/bind9/draft/draft-ietf-dnsext-rfc3597-bis-02.txt share/doc/bind9/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt share/doc/bind9/draft/draft-ietf-dnsop-bad-dns-res-05.txt -share/doc/bind9/draft/draft-ietf-dnsop-default-local-zones-10.txt -share/doc/bind9/draft/draft-ietf-dnsop-dnssec-key-timing-00.txt +share/doc/bind9/draft/draft-ietf-dnsop-dnssec-key-timing-02.txt share/doc/bind9/draft/draft-ietf-dnsop-dnssec-trust-history-01.txt share/doc/bind9/draft/draft-ietf-dnsop-inaddr-required-07.txt share/doc/bind9/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt @@ -514,6 +515,7 @@ share/doc/bind9/rfc/rfc5507.txt share/doc/bind9/rfc/rfc5625.txt share/doc/bind9/rfc/rfc5702.txt share/doc/bind9/rfc/rfc5933.txt +share/doc/bind9/rfc/rfc6303.txt share/doc/bind9/rfc/rfc952.txt share/examples/rc.d/lwresd share/examples/rc.d/named9 diff --git a/net/bind98/distinfo b/net/bind98/distinfo index 7d83bbb4ed8..6ac995871d6 100644 --- a/net/bind98/distinfo +++ b/net/bind98/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.4 2011/07/05 13:35:29 taca Exp $ +$NetBSD: distinfo,v 1.5 2011/09/01 03:44:35 taca Exp $ -SHA1 (bind-9.8.0-P4.tar.gz) = 969864200c1516a8bea54266de60f316d79182b4 -RMD160 (bind-9.8.0-P4.tar.gz) = cd44fe00d5f052ab441c16b2e735ad5771b4230a -Size (bind-9.8.0-P4.tar.gz) = 7703981 bytes +SHA1 (bind-9.8.1.tar.gz) = 7e6ed6ebc896b1de33a9f440233066c60539de4c +RMD160 (bind-9.8.1.tar.gz) = a1a49ce0b1b6a5c6dd339fe160920cd4f39e2372 +Size (bind-9.8.1.tar.gz) = 8450567 bytes SHA1 (patch-config.threads.in) = 3d8ee03230fdb6aca545a67759ba7aacda52bb61 -SHA1 (patch-configure) = edf5a32b5c05aea110316f877264c22a2c4344ba +SHA1 (patch-configure) = 81a83d750f5c6d21abb30a743a4aa09e7d91711e +SHA1 (patch-contrib_dlz_drivers_sdlz__helper.c) = d6e9a7145449874ad00a0b28b1582df5a2516965 SHA1 (patch-lib_dns_rbt.c) = 29fb5c24ff3558f1621e93ea16419e32dbc695b7 SHA1 (patch-lib_lwres_getaddrinfo.c) = 9585a26a376d32f80ac8266eb7967c00b433f14d SHA1 (patch-lib_lwres_getnameinfo.c) = c26dcff4637b7beb16b66c32b304d0f187390eed diff --git a/net/bind98/patches/patch-configure b/net/bind98/patches/patch-configure index 8b13fd62fd4..df8a1625cd0 100644 --- a/net/bind98/patches/patch-configure +++ b/net/bind98/patches/patch-configure @@ -1,8 +1,8 @@ -$NetBSD: patch-configure,v 1.1.1.1 2011/03/04 03:52:15 taca Exp $ +$NetBSD: patch-configure,v 1.2 2011/09/01 03:44:35 taca Exp $ ---- configure.orig 2011-02-03 05:52:35.000000000 +0000 +--- configure.orig 2011-07-26 22:11:37.000000000 +0000 +++ configure -@@ -21402,6 +21402,8 @@ case $host in +@@ -22134,6 +22134,8 @@ case $host in use_threads=false ;; *-freebsd*) use_threads=false ;; @@ -11,7 +11,7 @@ $NetBSD: patch-configure,v 1.1.1.1 2011/03/04 03:52:15 taca Exp $ *-bsdi234*) # Thread signals do not work reliably on some versions of BSD/OS. use_threads=false ;; -@@ -22718,9 +22720,9 @@ case $use_libtool in +@@ -23450,9 +23452,9 @@ case $use_libtool in O=lo A=la LIBTOOL_MKDEP_SED='s;\.o;\.lo;' @@ -23,7 +23,7 @@ $NetBSD: patch-configure,v 1.1.1.1 2011/03/04 03:52:15 taca Exp $ case "$host" in *) LIBTOOL_ALLOW_UNDEFINED= ;; esac -@@ -26132,7 +26134,7 @@ $as_echo "no" >&6; } +@@ -27074,7 +27076,7 @@ $as_echo "no" >&6; } fi if test -n "-L$use_dlz_postgres_lib -lpq" then diff --git a/net/bind98/patches/patch-contrib_dlz_drivers_sdlz__helper.c b/net/bind98/patches/patch-contrib_dlz_drivers_sdlz__helper.c new file mode 100644 index 00000000000..386295650dc --- /dev/null +++ b/net/bind98/patches/patch-contrib_dlz_drivers_sdlz__helper.c @@ -0,0 +1,13 @@ +$NetBSD: patch-contrib_dlz_drivers_sdlz__helper.c,v 1.1 2011/09/01 03:44:35 taca Exp $ + +--- contrib/dlz/drivers/sdlz_helper.c.orig 2010-05-14 06:29:37.000000000 +0000 ++++ contrib/dlz/drivers/sdlz_helper.c +@@ -50,7 +50,7 @@ + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +-#ifdef DLZ ++#ifdef CONTRIB_DLZ + + #include <config.h> + |