diff options
| author | taca <taca@pkgsrc.org> | 2012-10-10 03:07:12 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-10-10 03:07:12 +0000 |
| commit | ad40a0067d0dc95c4cc4d4a208757699b9bbe362 (patch) | |
| tree | 6dcfe43cf116b4f9a96fc2f66800b914faea1958 /net | |
| parent | 6cc4eedcdac4f119b303002ceab5788259131012 (diff) | |
| download | pkgsrc-ad40a0067d0dc95c4cc4d4a208757699b9bbe362.tar.gz | |
Update bind99 to 9.9.2 (BIND 9.9.2).
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.
Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with UDP
clients, but could be a significant problem for a server handling a steady
rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone, or which
DLV records should be published in a DLV zone, and queries the DNS to ensure
that it exists. (Note: This tool depends on python; it will not be built or
installed on systems that do not have a python interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking
for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
to specify the maximum rsa exponent size that will be accepted when
validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
Diffstat (limited to 'net')
| -rw-r--r-- | net/bind99/Makefile | 5 | ||||
| -rw-r--r-- | net/bind99/PLIST | 5 | ||||
| -rw-r--r-- | net/bind99/distinfo | 14 | ||||
| -rw-r--r-- | net/bind99/patches/patch-bin_tests_system_Makefile.in | 8 | ||||
| -rw-r--r-- | net/bind99/patches/patch-configure | 20 | ||||
| -rw-r--r-- | net/bind99/patches/patch-configure.in | 18 |
6 files changed, 46 insertions, 24 deletions
diff --git a/net/bind99/Makefile b/net/bind99/Makefile index b7866047d87..eb88075bf15 100644 --- a/net/bind99/Makefile +++ b/net/bind99/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.12 2012/10/03 21:56:52 wiz Exp $ +# $NetBSD: Makefile,v 1.13 2012/10/10 03:07:12 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} -PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ @@ -17,7 +16,7 @@ PKG_DESTDIR_SUPPORT= user-destdir MAKE_JOBS_SAFE= no -BIND_VERSION= 9.9.1-P3 +BIND_VERSION= 9.9.2 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind99/PLIST b/net/bind99/PLIST index 85436fa6f73..30062e8de7b 100644 --- a/net/bind99/PLIST +++ b/net/bind99/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2012/05/22 03:31:07 taca Exp $ +@comment $NetBSD: PLIST,v 1.3 2012/10/10 03:07:12 taca Exp $ bin/dig bin/host bin/isc-config.sh @@ -302,6 +302,7 @@ man/man8/dnssec-keygen.8 man/man8/dnssec-revoke.8 man/man8/dnssec-settime.8 man/man8/dnssec-signzone.8 +man/man8/dnssec-verify.8 man/man8/genrandom.8 man/man8/isc-hmac-fixup.8 man/man8/lwresd.8 @@ -321,6 +322,7 @@ sbin/dnssec-keygen sbin/dnssec-revoke sbin/dnssec-settime sbin/dnssec-signzone +sbin/dnssec-verify sbin/genrandom sbin/isc-hmac-fixup sbin/lwresd @@ -356,6 +358,7 @@ share/doc/bind9/arm/man.dnssec-keygen.html share/doc/bind9/arm/man.dnssec-revoke.html share/doc/bind9/arm/man.dnssec-settime.html share/doc/bind9/arm/man.dnssec-signzone.html +share/doc/bind9/arm/man.dnssec-verify.html share/doc/bind9/arm/man.genrandom.html share/doc/bind9/arm/man.host.html share/doc/bind9/arm/man.isc-hmac-fixup.html diff --git a/net/bind99/distinfo b/net/bind99/distinfo index a9d3cd24868..3df81b1e9b8 100644 --- a/net/bind99/distinfo +++ b/net/bind99/distinfo @@ -1,15 +1,15 @@ -$NetBSD: distinfo,v 1.8 2012/09/13 01:35:56 taca Exp $ +$NetBSD: distinfo,v 1.9 2012/10/10 03:07:12 taca Exp $ -SHA1 (bind-9.9.1-P3.tar.gz) = 1c890f69f627ffbc76460c766bafefde408ed799 -RMD160 (bind-9.9.1-P3.tar.gz) = 23c2081af02eea7a0b7f5e903edf0727f5df2237 -Size (bind-9.9.1-P3.tar.gz) = 7217415 bytes +SHA1 (bind-9.9.2.tar.gz) = eb9fa7b497d67ce61a120cb96c302381bc385324 +RMD160 (bind-9.9.2.tar.gz) = 80118091f62a5f44565c86ab1ce4461c2c6d890b +Size (bind-9.9.2.tar.gz) = 7285050 bytes SHA1 (patch-bin_dig_Makefile.in) = d2c2a0b137be7e31fdc15438d107116fc38a38b9 SHA1 (patch-bin_dig_dighost.c) = 186cdc70605242afb0211dc8802ec75677a65614 SHA1 (patch-bin_nsupdate_Makefile.in) = 42b39d60468ffa8ed13f77259755b217966de664 -SHA1 (patch-bin_tests_system_Makefile.in) = 3224a66b7d29f6f17d02de1663c61b5e57b91d20 +SHA1 (patch-bin_tests_system_Makefile.in) = 1f268808c55223ac11d1794039503424a51ee71b SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 -SHA1 (patch-configure) = 8997a0a2881b7c4a576ea67f6c27016421034772 -SHA1 (patch-configure.in) = c815126eb9175e4404fb44a8639a0e091c68f192 +SHA1 (patch-configure) = a9f5f75fafc9f0b756adcbbf6bee257fd5d4567e +SHA1 (patch-configure.in) = f07381d79ef45a7356d0657c220fcec3ffc6741d SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f SHA1 (patch-lib_bind9_Makefile.in) = 89e21d21fa512f11a2fdb8d7455abd5d95f20ba5 SHA1 (patch-lib_dns_Makefile.in) = 1770a8bd86901c618b11d255f3af54748d04b759 diff --git a/net/bind99/patches/patch-bin_tests_system_Makefile.in b/net/bind99/patches/patch-bin_tests_system_Makefile.in index 3e92da440d3..77c29b07591 100644 --- a/net/bind99/patches/patch-bin_tests_system_Makefile.in +++ b/net/bind99/patches/patch-bin_tests_system_Makefile.in @@ -1,15 +1,15 @@ -$NetBSD: patch-bin_tests_system_Makefile.in,v 1.2 2012/05/22 03:31:07 taca Exp $ +$NetBSD: patch-bin_tests_system_Makefile.in,v 1.3 2012/10/10 03:07:12 taca Exp $ Build fix for DragonFly while linking of driver.so. ---- bin/tests/system/Makefile.in.orig 2011-11-01 18:35:53.000000000 +0000 +--- bin/tests/system/Makefile.in.orig 2012-09-27 00:35:19.000000000 +0000 +++ bin/tests/system/Makefile.in @@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@ @BIND9_MAKE_INCLUDES@ --SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss -+SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss +-SUBDIRS = dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss ++SUBDIRS = filter-aaaa lwresd rpz rsabigexponent tkey tsiggss TARGETS = @BIND9_MAKE_RULES@ diff --git a/net/bind99/patches/patch-configure b/net/bind99/patches/patch-configure index c6f987c9496..7bf7ee04bd0 100644 --- a/net/bind99/patches/patch-configure +++ b/net/bind99/patches/patch-configure @@ -1,10 +1,11 @@ -$NetBSD: patch-configure,v 1.2 2012/07/10 10:23:03 sbd Exp $ +$NetBSD: patch-configure,v 1.3 2012/10/10 03:07:12 taca Exp $ * Add DragonFly support. * Link proper postgresql library. * Use separate @LIBREADLINE@ AC_SUBST. +* Avoid using "==" for argument of test(1). ---- configure.orig 2012-06-01 15:29:52.000000000 +0000 +--- configure.orig 2012-09-27 00:35:19.000000000 +0000 +++ configure @@ -1341,6 +1341,7 @@ LWRES_PLATFORM_NEEDVSNPRINTF ISC_PLATFORM_NEEDVSNPRINTF @@ -14,7 +15,16 @@ $NetBSD: patch-configure,v 1.2 2012/07/10 10:23:03 sbd Exp $ ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSTRLCPY GENRANDOMLIB -@@ -22166,6 +22167,8 @@ case $host in +@@ -19754,7 +19755,7 @@ done + + ;; + esac +- if test "X$PYTHON" == "X" ++ if test "X$PYTHON" = "X" + then + case "$use_python" in + unspec) +@@ -22390,6 +22391,8 @@ case $host in use_threads=false ;; *-freebsd*) use_threads=true ;; @@ -23,7 +33,7 @@ $NetBSD: patch-configure,v 1.2 2012/07/10 10:23:03 sbd Exp $ *-bsdi[234]*) # Thread signals do not work reliably on some versions of BSD/OS. use_threads=false ;; -@@ -24800,23 +24803,47 @@ no) ;; +@@ -25024,23 +25027,47 @@ no) ;; then readline=-lreadline fi @@ -86,7 +96,7 @@ $NetBSD: patch-configure,v 1.2 2012/07/10 10:23:03 sbd Exp $ ;; esac -@@ -27148,7 +27175,7 @@ $as_echo "no" >&6; } +@@ -27372,7 +27399,7 @@ $as_echo "no" >&6; } fi if test -n "-L$use_dlz_postgres_lib -lpq" then diff --git a/net/bind99/patches/patch-configure.in b/net/bind99/patches/patch-configure.in index 0f4e2d99856..275092c56bb 100644 --- a/net/bind99/patches/patch-configure.in +++ b/net/bind99/patches/patch-configure.in @@ -1,10 +1,20 @@ -$NetBSD: patch-configure.in,v 1.1 2012/07/10 10:23:03 sbd Exp $ +$NetBSD: patch-configure.in,v 1.2 2012/10/10 03:07:12 taca Exp $ -Use separate @LIBREADLINE@ AC_SUBST. +* Use separate @LIBREADLINE@ AC_SUBST. +* Avoid using "==" for argument of test(1). ---- configure.in.orig 2012-06-01 15:29:52.000000000 +0000 +--- configure.in.orig 2012-09-27 00:35:19.000000000 +0000 +++ configure.in -@@ -2223,23 +2223,18 @@ AC_SUBST(ISC_PLATFORM_NEEDSTRLCAT) +@@ -157,7 +157,7 @@ case "$use_python" in + AC_PATH_PROGS(PYTHON, $use_python) + ;; + esac +- if test "X$PYTHON" == "X" ++ if test "X$PYTHON" = "X" + then + case "$use_python" in + unspec) +@@ -2322,23 +2322,18 @@ AC_SUBST(ISC_PLATFORM_NEEDSTRLCAT) AC_ARG_WITH(readline, [ --with-readline[=LIBSPEC] specify readline library [default -lreadline]], |