--- - branch: pkgsrc-2020Q1 date: Wed May 20 19:35:46 UTC 2020 files: - new: 1.22.2.1 old: '1.22' path: pkgsrc/net/bind911/Makefile pathrev: pkgsrc/net/bind911/Makefile@1.22.2.1 type: modified - new: 1.2.4.1 old: '1.2' path: pkgsrc/net/bind911/PLIST pathrev: pkgsrc/net/bind911/PLIST@1.2.4.1 type: modified - new: 1.16.2.1 old: '1.16' path: pkgsrc/net/bind911/distinfo pathrev: pkgsrc/net/bind911/distinfo@1.16.2.1 type: modified id: 20200520T193546Z.ac7440a4ed1b8f3f1c515634fca78e47b39f6bef log: "Pullup ticket #6208 - requested by taca\nnet/bind911: security fix\n\nRevisions pulled up:\n- net/bind911/Makefile 1.23-1.24\n- net/bind911/PLIST 1.3\n- net/bind911/distinfo \ 1.17-1.18\n\n---\n Module Name:\tpkgsrc\n \ Committed By:\ttaca\n Date:\t\tSat Apr 18 06:12:28 UTC 2020\n\n Modified Files:\n \tpkgsrc/net/bind911: Makefile PLIST distinfo\n\n Log Message:\n \ net/bind911: update to 9.11.18\n\n Update bind911 to 9.11.18 (BIND 9.11.18).\n\n \ \t--- 9.11.18 released ---\n\n 5380.\t[contrib]\tFix building MySQL DLZ modules against MySQL 8\n \t\t\tlibraries. [GL #1678]\n\n 5379.\t[doc]\t\tClean up serve-stale related options that leaked into\n \t\t\tthe BIND 9.11 release. [GL !3265]\n\n 5378.\t[bug]\t\tReceiving invalid DNS data was triggering an assertion\n \t\t\tfailure in nslookup. [GL #1652]\n\n 5377.\t[feature]\tDetect atomic operations support on ppc64le. Thanks to\n \t\t\tPetr Men=A8=EDk. [GL !3295]\n\n 5376.\t[bug]\t\tFix ineffective DNS rebinding protection when BIND is\n \t\t\tconfigured as a forwarding DNS server. Thanks to Tobias\n \t\t\tKlein. [GL #1574]\n\n 5368.\t[bug]\t\tNamed failed to restart if 'rndc addzone' names\n \ \t\t\tcontained special characters (e.g. '/'). [GL #1655]\n\n \t--- 9.11.17 released ---\n\n 5358.\t[bug]\t\tInline master zones whose master files were touched\n \t\t\tbut otherwise unchanged and were subsequently reloaded\n \t\t\tmay have stopped re-signing. [GL !3135]\n\n 5357.\t[bug]\t\tNewly added RRSIG records with expiry times before\n \t\t\tthe previous earliest expiry times might not be\n \t\t\tre-signed in time. The was a side effect of 5315.\n \t\t\t[GL !3137]\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tTue May 19 10:21:25 UTC 2020\n\n Modified Files:\n \tpkgsrc/net/bind911: Makefile distinfo\n\n Log Message:\n net/bind911: update to 9.11.19\n\n Update bind911 to 9.11.19 (BIND 9.11.19).\n\n \t--- 9.11.19 released ---\n\n 5404.\t[bug]\t\t'named-checkconf -z' could incorrectly indicate\n \t\t\tsuccess if errors were found in one view but not in a\n \t\t\tsubsequent one. [GL #1807]\n\n 5398.\t[bug]\t\tNamed could fail to restart if a zone with a double\n \t\t\tquote (\") in its name was added with 'rndc addzone'.\n \t\t\t[GL #1695]\n\n 5395.\t[security]\tFurther limit the number of queries that can be\n \t\t\ttriggered from a request. Root and TLD servers\n \t\t\tare no longer exempt from max-recursion-queries.\n \t\t\tFetches for missing name server address records\n \t\t\tare limited to 4 for any domain. (CVE-2020-8616)\n \t\t\t[GL #1388]\n\n 5394.\t[cleanup]\tNamed formerly attempted to change the effective UID an=\n d\n \t\t\tGID in named_os_openfile(), which could trigger a\n \t\t\tspurious log message if they were already set to the\n \ \t\t\tdesired values. This has been fixed. [GL #1042]\n \t\t\t[GL #1090]\n\n \ 5390.\t[security]\tReplaying a TSIG BADTIME response as a request could\n \t\t\ttrigger an assertion failure. (CVE-2020-8617)\n \t\t\t[GL #1703]\n\n 5387.\t[func]\t\tWarn about AXFR streams with inconsistent message IDs.\n \t\t\t[GL #1674]\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2020Q1] pkgsrc/net/bind911' unixtime: '1590003346' user: bsiegert