From ce744a19af22552ced7fde223c39ebf46ed74c6d Mon Sep 17 00:00:00 2001 From: taca Date: Fri, 29 Oct 2021 06:01:19 +0000 Subject: net/bind916: update to 9.16.22 This release contains security fix. --- 9.16.22 released --- 5736. [security] The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. (CVE-2021-25219) [GL #2899] 5724. [bug] Address a potential deadlock when checking zone content consistency. [GL #2908] 5723. [bug] Change 5709 broke backward compatibility for the "check-names master ..." and "check-names slave ..." options. This has been fixed. [GL #2911] 5720. [contrib] Old-style DLZ drivers that had to be enabled at build-time have been marked as deprecated. [GL #2814] 5719. [func] The "map" zone file format has been marked as deprecated. [GL #2882] 5717. [func] The "cache-file" option, which was documented as "for testing purposes only" and not to be used, has been removed. [GL #2903] 5716. [bug] Multiple library names were mistakenly passed to the krb5-config utility when ./configure was invoked with the --with-gssapi=[/path/to/]krb5-config option. This has been fixed by invoking krb5-config separately for each required library. [GL #2866] 5715. [func] Add a check for ports specified in "*-source(-v6)" options clashing with a global listening port. Such a configuration was already unsupported, but it failed silently; it is now treated as an error. [GL #2888] 5714. [bug] Remove the "adjust interface" mechanism which was responsible for setting up listeners on interfaces when the "*-source(-v6)" address and port were the same as the "listen-on(-v6)" address and port. Such a configuration is no longer supported; under certain timing conditions, that mechanism could prevent named from listening on some TCP ports. This has been fixed. [GL #2852] 5712. [doc] Add deprecation notice about removing native PKCS#11 support in the next major BIND 9 release. [GL #2691] --- net/bind916/Makefile | 5 ++--- net/bind916/distinfo | 8 ++++---- 2 files changed, 6 insertions(+), 7 deletions(-) (limited to 'net/bind916') diff --git a/net/bind916/Makefile b/net/bind916/Makefile index b14fca3daf4..57590428445 100644 --- a/net/bind916/Makefile +++ b/net/bind916/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.28 2021/10/24 06:40:28 taca Exp $ +# $NetBSD: Makefile,v 1.29 2021/10/29 06:01:19 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} -PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ EXTRACT_SUFX= .tar.xz @@ -16,7 +15,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.16.21 +BIND_VERSION= 9.16.22 BUILD_DEFS+= BIND_DIR VARBASE diff --git a/net/bind916/distinfo b/net/bind916/distinfo index 761a505b7db..87aded23ba6 100644 --- a/net/bind916/distinfo +++ b/net/bind916/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.25 2021/10/26 11:05:24 nia Exp $ +$NetBSD: distinfo,v 1.26 2021/10/29 06:01:19 taca Exp $ -BLAKE2s (bind-9.16.21.tar.xz) = 86e609635a167aaa650d2792c79283b2412fa46e665e36cea1501ef6b8175873 -SHA512 (bind-9.16.21.tar.xz) = 2cb71e50600fd7409ca7b7e2e9cf4ef6668b07faad7980ac8060e6a76f30a315182d75534ad1dcfb740c225cdf727b2bd6aa9ceb24ab77ffff09b7b5d6eaca2d -Size (bind-9.16.21.tar.xz) = 5057816 bytes +BLAKE2S (bind-9.16.22.tar.xz) = 4dac285f911a73ff523021ff2b09573b335dc78a166177c0edf48daf3ed5a97d +SHA512 (bind-9.16.22.tar.xz) = 586fb4d5a656d6539033dcdfdd230b36465a2d2e6ada651c1f1548d062a9050e7a962af87e2a56931fe24c65586d29012d4a041dcddbb28f42b4d01fe291d9d1 +Size (bind-9.16.22.tar.xz) = 5059000 bytes SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb -- cgit v1.2.3