--- - branch: pkgsrc-2023Q1 date: Mon Jun 26 09:34:44 UTC 2023 files: - new: 1.8.2.1 old: '1.8' path: pkgsrc/net/bind918/Makefile pathrev: pkgsrc/net/bind918/Makefile@1.8.2.1 type: modified - new: 1.3.2.1 old: '1.3' path: pkgsrc/net/bind918/PLIST pathrev: pkgsrc/net/bind918/PLIST@1.3.2.1 type: modified - new: 1.6.2.1 old: '1.6' path: pkgsrc/net/bind918/distinfo pathrev: pkgsrc/net/bind918/distinfo@1.6.2.1 type: modified - new: 1.1.4.1 old: '1.1' path: pkgsrc/net/bind918/options.mk pathrev: pkgsrc/net/bind918/options.mk@1.1.4.1 type: modified id: 20230626T093444Z.731693f36c5e3f680aafc9ec347ee575a7565335 log: "Pullup ticket #6764 - requested by taca\nnet/bind918: security fix\n\nRevisions pulled up:\n- net/bind918/Makefile 1.10-1.12\n- net/bind918/PLIST 1.4\n- net/bind918/distinfo \ 1.7-1.9\n- net/bind918/options.mk 1.2\n\n---\n \ Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tMon Apr 24 13:48:06 UTC 2023\n\n Modified Files:\n \tpkgsrc/net/bind918: Makefile PLIST distinfo options.mk\n\n Log Message:\n net/bind918: update to 9.18.14\n\n pkgsrc change: reduce some pkglint warnings.\n\n --- 9.18.14 released ---\n\n 6145.\t[bug]\t\tFix a possible use-after-free bug in the\n \t\t\tdns__catz_done_cb() function. [GL #3997]\n\n 6143.\t[bug]\t\tA reference counting problem on the error path in\n \ \t\t\tthe xfrin_connect_done() might cause an assertion\n \t\t\tfailure on shutdown. [GL #3989]\n\n 6142.\t[bug]\t\tReduce the number of dns_dnssec_verify calls made\n \t\t\tdetermining if revoked keys needs to be removed from\n \t\t\tthe trust anchors. [GL #3981]\n\n 6141.\t[bug]\t\tFix several issues in nsupdate timeout handling and\n \t\t\tupdate the -t option's documentation. [GL #3674]\n\n \ 6138.\t[doc]\t\tFix the DF-flag documentation on the outgoing\n \t\t\tUDP packets. [GL #3710]\n\n 6136.\t[cleanup]\tRemove the isc_fsaccess API in favor of creating\n \t\t\ttemporary file first and atomically replace the key\n \t\t\twith non-truncated content. [GL #3982]\n\n 6132.\t[doc]\t\tRemove a dead link in the DNSSEC guide. [GL #3967]\n\n 6129.\t[cleanup]\tValue stored to 'source' during its initialization is\n \t\t\tnever read. [GL #3965]\n\n 6128.\t[bug]\t\tFix an omission in an earlier commit to avoid a race\n \t\t\tbetween the 'dns__catz_update_cb()' and\n \t\t\t'dns_catz_dbupdate_callback()' functions. [GL #3968]\n\n 6126.\t[cleanup]\tDeprecate zone type \"delegation-only\" and the\n \t\t\t\"delegation-only\" and \"root-delegation-only\"\n \ \t\t\toptions. [GL #3953]\n\n 6125.\t[bug]\t\tHold a catz reference while the update process is\n \t\t\trunning, so that the catalog zone is not destroyed\n \ \t\t\tduring shutdown until the update process is finished or\n \t\t\tproperly canceled by the activated 'shuttingdown' flag.\n \t\t\t[GL #3955]\n\n 6124.\t[bug]\t\tWhen changing from a NSEC3 capable DNSSEC algorithm to\n \t\t\tan NSEC3 incapable DNSSEC algorithm using KASP the zone\n \t\t\tcould sometimes be incompletely signed. [GL #3937]\n\n 6121.\t[bug]\t\tFix BIND and dig zone transfer hanging when\n \t\t\tdownloading large zones over TLS from a primary server,\n \t\t\tespecially over unstable connections. [GL #3867]\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tWed May 17 13:43:52 UTC 2023\n\n Modified Files:\n \tpkgsrc/net/bind918: Makefile distinfo\n\n Log Message:\n net/bind918: update to 9.18.15\n\n \t--- 9.18.15 released ---\n\n 6164.\t[bug]\t\tSet the rndc idle read timeout back to 60 seconds,\n \t\t\tfrom the netmgr default of 30 seconds, in order to\n \ \t\t\tmatch the behavior of 9.16 and earlier. [GL #4046]\n\n 6161.\t[bug]\t\tFix log file rotation when using absolute path as\n \t\t\tfile. [GL #3991]\n\n 6157.\t[bug]\t\tWhen removing delegations in an OPTOUT range\n \t\t\tempty-non-terminal NSEC3 records generated by\n \t\t\tthose delegations were not removed. [GL #4027]\n\n 6156.\t[bug]\t\tReimplement the maximum and idle timeouts for incoming\n \t\t\tzone tranfers. [GL #4004]\n\n \ 6155.\t[bug]\t\tTreat ISC_R_INVALIDPROTO as a networking error\n \t\t\tin the dispatch code to avoid retrying with the\n \t\t\tsame server. [GL #4005]\n\n \ 6152.\t[bug]\t\tIn dispatch, honour the configured source-port\n \t\t\tselection when UDP connection fails with address\n \t\t\tin use error.\n\n \t\t\tAlso treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.\n \t\t\t[GL #3986]\n\n 6149.\t[test]\t\tAs a workaround, include an OpenSSL header file before\n \t\t\tincluding cmocka.h in the unit tests, because OpenSSL\n \t\t\t3.1.0 uses __attribute__(malloc), conflicting with a\n \t\t\tredefined malloc in cmocka.h. [GL #4000]\n\n---\n \ Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tWed Jun 21 14:42:23 UTC 2023\n\n Modified Files:\n \tpkgsrc/net/bind918: Makefile distinfo\n\n \ Log Message:\n net/bind918: update to 9.18.16\n\n 9.18.16 (2023-06-21)\n\n \ Security release:\n\n - CVE-2023-2828\n - CVE-2023-2911\n\n 6192.\t[security]\tA query that prioritizes stale data over lookup\n \t\t\ttriggers a fetch to refresh the stale data in cache.\n \t\t\tIf the fetch is aborted for exceeding the recursion\n \ \t\t\tquota, it was possible for 'named' to enter an infinite\n \t\t\tcallback loop and crash due to stack overflow. This has\n \t\t\tbeen fixed. (CVE-2023-2911) [GL #4089]\n\n 6190.\t[security]\tImprove the overmem cleaning process to prevent the\n \t\t\tcache going over the configured limit. (CVE-2023-2828)\n \t\t\t[GL #4055]\n\n 6188.\t[performance]\tReduce memory consumption by allocating properly\n \ \t\t\tsized send buffers for stream-based transports.\n \t\t\t[GL #4038]\n\n \ 6186.\t[bug]\t\tFix a 'clients-per-query' miscalculation bug. When the\n \t\t\t'stale-answer-enable' options was enabled and the\n \t\t\t'stale-answer-client-timeout' option was enabled and\n \t\t\tlarger than 0, named was taking two places from the\n \t\t\t'clients-per-query' limit for each client and was\n \t\t\tfailing to gradually auto-tune its value, as configured.\n \t\t\t[GL #4074]\n\n 6185.\t[func]\t\tAdd \"ClientQuota\" statistics channel counter, which\n \t\t\tindicates the number of the resolver's spilled queries\n \t\t\tdue to reaching the clients per query quota. [GL !7978]\n\n \ 6183.\t[bug]\t\tFix a serve-stale bug where a delegation from cache\n \t\t\tcould be returned to the client. [GL #3950]\n\n 6182.\t[cleanup]\tRemove configure checks for epoll, kqueue and\n \t\t\t/dev/poll. [GL #4098]\n\n 6181.\t[func]\t\tThe \"tkey-dhkey\" option has been deprecated; a\n \t\t\twarning will be logged when it is used. In a future\n \t\t\trelease, Diffie-Hellman TKEY mode will be removed.\n \t\t\t[GL #3905]\n\n 6180.\t[bug]\t\tThe session key object could be incorrectly added\n \t\t\tto multiple different views' keyrings. [GL #4079]\n\n 6179.\t[bug]\t\tFix an interfacemgr use-after-free error in\n \t\t\tzoneconf.c:isself(). [GL #3765]\n\n 6176.\t[test]\t\tAdd support for using pytest & pytest-xdist to\n \t\t\texecute the system test suite. [GL #3978]\n\n 6174.\t[bug]\t\tBIND could get stuck on reconfiguration when a\n \t\t\t'listen' statement for HTTP is removed from the\n \t\t\tconfiguration. That has been fixed. [GL #4071]\n\n \ 6173.\t[bug]\t\tProperly process extra \"nameserver\" lines in\n \t\t\tresolv.conf otherwise the next line is not properly\n \t\t\tprocessed. [GL #4066]\n\n 6169.\t[bug]\t\tnamed could crash when deleting inline-signing zones\n \t\t\twith \"rndc delzone\". [GL #4054]\n\n 6165.\t[bug]\t\tFix a logic error in dighost.c which could call the\n \t\t\tdighost_shutdown() callback twice and cause problems\n \t\t\tif the callback function was not idempotent. [GL #4039]\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2023Q1] pkgsrc/net/bind918' unixtime: '1687772084' user: bsiegert