Received: by mail.netbsd.org (Postfix, from userid 605)
	id 9A0EB850E4; Thu, 29 Apr 2021 05:55:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id D54AB850DF
	for <pkgsrc-changes@NetBSD.org>; Thu, 29 Apr 2021 05:55:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id peD8cpjK482O for <pkgsrc-changes@netbsd.org>;
	Thu, 29 Apr 2021 05:55:55 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id ECADC84D33
	for <pkgsrc-changes@NetBSD.org>; Thu, 29 Apr 2021 05:55:54 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id EA111FA95; Thu, 29 Apr 2021 05:55:54 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1619675754286350"
MIME-Version: 1.0
Date: Thu, 29 Apr 2021 05:55:54 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/net/bind916
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
X-Mailer: log_accum
Message-Id: <20210429055554.EA111FA95@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1619675754286350
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Apr 29 05:55:54 UTC 2021

Modified Files:
	pkgsrc/net/bind916: Makefile distinfo

Log Message:
net/bind916: update to 9.16.15

Security release.

	--- 9.16.15 released ---

5621.	[bug]		Due to a backporting mistake in change 5609, named
			binaries built against a Kerberos/GSSAPI library whose
			header files did not define the GSS_SPNEGO_MECHANISM
			preprocessor macro were not able to start if their
			configuration included the "tkey-gssapi-credential"
			option. This has been fixed. [GL #2634]

5620.	[bug]		If zone journal files written by BIND 9.16.11 or earlier
			were present when BIND was upgraded, the zone file for
			that zone could have been inadvertently rewritten with
			the current zone contents. This caused the original zone
			file structure (e.g. comments, $INCLUDE directives) to
			be lost, although the zone data itself was preserved.
			This has been fixed. [GL #2623]

	--- 9.16.14 released ---

5617.	[security]	A specially crafted GSS-TSIG query could cause a buffer
			overflow in the ISC implementation of SPNEGO.
			(CVE-2021-25216) [GL #2604]

5616.	[security]	named crashed when a DNAME record placed in the ANSWER
			section during DNAME chasing turned out to be the final
			answer to a client query. (CVE-2021-25215) [GL #2540]

5615.	[security]	Insufficient IXFR checks could result in named serving a
			zone without an SOA record at the apex, leading to a
			RUNTIME_CHECK assertion failure when the zone was
			subsequently refreshed. This has been fixed by adding an
			owner name check for all SOA records which are included
			in a zone transfer. (CVE-2021-25214) [GL #2467]

5614.	[bug]		Ensure all resources are properly cleaned up when a call
			to gss_accept_sec_context() fails. [GL #2620]

5613.	[bug]		It was possible to write an invalid transaction header
			in the journal file for a managed-keys database after
			upgrading. This has been fixed. Invalid headers in
			existing journal files are detected and named is able
			to recover from them. [GL #2600]

5611.	[func]		Set "stale-answer-client-timeout" to "off" by default.
			[GL #2608]

5610.	[bug]		Prevent a crash which could happen when a lookup
			triggered by "stale-answer-client-timeout" was attempted
			right after recursion for a client query finished.
			[GL #2594]

5609.	[func]		The ISC implementation of SPNEGO was removed from BIND 9
			source code. It was no longer necessary as all major
			contemporary Kerberos/GSSAPI libraries include support
			for SPNEGO. [GL #2607]

5608.	[bug]		When sending queries over TCP, dig now properly handles
			"+tries=1 +retry=0" by not retrying the connection when
			the remote server closes the connection prematurely.
			[GL #2490]

5607.	[bug]		As "rndc dnssec -checkds" and "rndc dnssec -rollover"
			commands may affect the next scheduled key event,
			reconfiguration of zone keys is now triggered after
			receiving either of these commands to prevent
			unnecessary key rollover delays. [GL #2488]

5606.	[bug]		CDS/CDNSKEY DELETE records are now removed when a zone
			transitions from a secure to an insecure state.
			named-checkzone also no longer reports an error when
			such records are found in an unsigned zone. [GL #2517]

5605.	[bug]		"dig -u" now uses the CLOCK_REALTIME clock source for
			more accurate time reporting. [GL #2592]

5603.	[bug]		Fix a memory leak that occurred when named failed to
			bind a UDP socket to a network interface. [GL #2575]

5602.	[bug]		Fix TCPDNS and TLSDNS timers in Network Manager. This
			makes the "tcp-initial-timeout" and "tcp-idle-timeout"
			options work correctly again. [GL #2583]

5601.	[bug]		Zones using KASP could not be thawed after they were
			frozen using "rndc freeze". This has been fixed.
			[GL #2523]


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/bind916/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/bind916/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1619675754286350
Content-Disposition: inline
Content-Length: 2004
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/bind916/Makefile
diff -u pkgsrc/net/bind916/Makefile:1.12 pkgsrc/net/bind916/Makefile:1.13
--- pkgsrc/net/bind916/Makefile:1.12	Wed Apr 21 11:42:23 2021
+++ pkgsrc/net/bind916/Makefile	Thu Apr 29 05:55:54 2021
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2021/04/21 11:42:23 adam Exp $
+# $NetBSD: Makefile,v 1.13 2021/04/29 05:55:54 taca Exp $
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
-PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
 EXTRACT_SUFX=	.tar.xz
@@ -16,7 +15,7 @@ CONFLICTS+=	host-[0-9]*
 
 MAKE_JOBS_SAFE=	no
 
-BIND_VERSION=	9.16.13
+BIND_VERSION=	9.16.15
 
 BUILD_DEFS+=	BIND_DIR VARBASE
 

Index: pkgsrc/net/bind916/distinfo
diff -u pkgsrc/net/bind916/distinfo:1.11 pkgsrc/net/bind916/distinfo:1.12
--- pkgsrc/net/bind916/distinfo:1.11	Sun Mar 21 04:16:17 2021
+++ pkgsrc/net/bind916/distinfo	Thu Apr 29 05:55:54 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.11 2021/03/21 04:16:17 taca Exp $
+$NetBSD: distinfo,v 1.12 2021/04/29 05:55:54 taca Exp $
 
-SHA1 (bind-9.16.13.tar.xz) = 5120b0e7fcc8b7d3e1c9d1414c5c3888640c3b40
-RMD160 (bind-9.16.13.tar.xz) = 95ca9bcf95ecf996d3bfe97a2bad602f35a63b3e
-SHA512 (bind-9.16.13.tar.xz) = 1f3c8f54dd2c9e18cd9b67cfebb645d0a8e8f566add07fc4690cb8820bf81640c33b2b0685cb8be095e0f9ac84b2cf78176aea841a30c27d547b569b8353b07b
-Size (bind-9.16.13.tar.xz) = 5028340 bytes
+SHA1 (bind-9.16.15.tar.xz) = 5d68bbd1ff452708d45f2d4ef832faa3a1690fc7
+RMD160 (bind-9.16.15.tar.xz) = 5697b6b0a0d67022f1e279f27c413b739fa2de4d
+SHA512 (bind-9.16.15.tar.xz) = 30dad6e2144b3ac53ef0a2d1ed3c8342120f148fc0eb6409113a6d5ed3444eecb917915fdf39c26fd223396fc1e873410a50da305f0b870864f7fbbdccec8033
+Size (bind-9.16.15.tar.xz) = 5025688 bytes
 SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98
 SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8
 SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb


--_----------=_1619675754286350--