Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 369507A295 for ; Thu, 9 Feb 2017 00:50:17 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id DD93185640; Thu, 9 Feb 2017 00:50:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6D90C8562E for ; Thu, 9 Feb 2017 00:50:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id UDI01bV3B2AX for ; Thu, 9 Feb 2017 00:50:15 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id DCAA684CE3 for ; Thu, 9 Feb 2017 00:50:15 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id DAB69FBA3; Thu, 9 Feb 2017 00:50:15 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1486601415168280" MIME-Version: 1.0 Date: Thu, 9 Feb 2017 00:50:15 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/net/bind99 To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20170209005015.DAB69FBA3@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk This is a multi-part message in MIME format. --_----------=_1486601415168280 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Thu Feb 9 00:50:15 UTC 2017 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6). Security Fixes * If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] * named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632] * named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. This flaw is disclosed in CVE-2016-9147. [RT #43548] * named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522] * It was possible to trigger assertions when processing responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465] * It was possible to trigger an assertion when rendering a message using a specially crafted request. This flaw is disclosed in CVE-2016-2776. [RT #43139] * Calling getrrsetbyname() with a non- absolute name could trigger an infinite recursion bug in lwresd or named with lwres configured if, when combined with a search list entry from resolv.conf, the resulting name is too long. This flaw is disclosed in CVE-2016-2775. [RT #42694] Feature Changes * None. Porting Changes * None. Bug Fixes * A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318] * Windows installs were failing due to triggering UAC without the installation binary being signed. * A race condition in rbt/rbtdb was leading to INSISTs being triggered. To generate a diff of this commit: cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/bind99/Makefile cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/bind99/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1486601415168280 Content-Disposition: inline Content-Length: 1890 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/bind99/Makefile diff -u pkgsrc/net/bind99/Makefile:1.62 pkgsrc/net/bind99/Makefile:1.63 --- pkgsrc/net/bind99/Makefile:1.62 Thu Jan 12 00:05:46 2017 +++ pkgsrc/net/bind99/Makefile Thu Feb 9 00:50:15 2017 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.62 2017/01/12 00:05:46 taca Exp $ +# $NetBSD: Makefile,v 1.63 2017/02/09 00:50:15 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} @@ -13,7 +13,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.9.9-P5 +BIND_VERSION= 9.9.9-P6 .include "../../mk/bsd.prefs.mk" Index: pkgsrc/net/bind99/distinfo diff -u pkgsrc/net/bind99/distinfo:1.42 pkgsrc/net/bind99/distinfo:1.43 --- pkgsrc/net/bind99/distinfo:1.42 Thu Jan 12 00:05:46 2017 +++ pkgsrc/net/bind99/distinfo Thu Feb 9 00:50:15 2017 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.42 2017/01/12 00:05:46 taca Exp $ +$NetBSD: distinfo,v 1.43 2017/02/09 00:50:15 taca Exp $ -SHA1 (bind-9.9.9-P5.tar.gz) = f76ce1f513a2f245f14ad1ae103e09ebc86d2c0a -RMD160 (bind-9.9.9-P5.tar.gz) = 2643a6a6173b5cb3bd12c68750929ccd996bc4bb -SHA512 (bind-9.9.9-P5.tar.gz) = cd055a69bd52b44824dc214a649e8175805274a7ec84c4070779330b3d7c42ae8efc37e09750b4f2c0eb4a22e95786894116df42d6a5070bfb12ecd94d289072 -Size (bind-9.9.9-P5.tar.gz) = 8770509 bytes +SHA1 (bind-9.9.9-P6.tar.gz) = 620ffa8c7b2e6b650c4c76fe29dba75bc9281037 +RMD160 (bind-9.9.9-P6.tar.gz) = f7a96e6407769b6577e457a4f03a137ffb050d44 +SHA512 (bind-9.9.9-P6.tar.gz) = f8bddaf278af8b255714249ee8eee13b5fca7560ac77243444010139af1575676ebfdb37c726755ece69c16eb60a5272597b1778156cb9a1eb72375cbb3a2d3c +Size (bind-9.9.9-P6.tar.gz) = 8778790 bytes SHA1 (patch-bin_dig_dighost.c) = a4bc9558c5dbedcc6bb0f87ea309358ca098d42a SHA1 (patch-bin_tests_system_Makefile.in) = 19d90050acfbe3da838dbd4c1436b5581039b71f SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 --_----------=_1486601415168280--