Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id EF32584E55 for ; Mon, 26 Jun 2023 09:34:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id cz-XhsLv0qFQ for ; Mon, 26 Jun 2023 09:34:44 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id C900684CCC for ; Mon, 26 Jun 2023 09:34:44 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id C603EFA89; Mon, 26 Jun 2023 09:34:44 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1687772084120660" MIME-Version: 1.0 Date: Mon, 26 Jun 2023 09:34:44 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2023Q1] pkgsrc/net/bind918 To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20230626093444.C603EFA89@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_1687772084120660 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Mon Jun 26 09:34:44 UTC 2023 Modified Files: pkgsrc/net/bind918 [pkgsrc-2023Q1]: Makefile PLIST distinfo options.mk Log Message: Pullup ticket #6764 - requested by taca net/bind918: security fix Revisions pulled up: - net/bind918/Makefile 1.10-1.12 - net/bind918/PLIST 1.4 - net/bind918/distinfo 1.7-1.9 - net/bind918/options.mk 1.2 --- Module Name: pkgsrc Committed By: taca Date: Mon Apr 24 13:48:06 UTC 2023 Modified Files: pkgsrc/net/bind918: Makefile PLIST distinfo options.mk Log Message: net/bind918: update to 9.18.14 pkgsrc change: reduce some pkglint warnings. --- 9.18.14 released --- 6145. [bug] Fix a possible use-after-free bug in the dns__catz_done_cb() function. [GL #3997] 6143. [bug] A reference counting problem on the error path in the xfrin_connect_done() might cause an assertion failure on shutdown. [GL #3989] 6142. [bug] Reduce the number of dns_dnssec_verify calls made determining if revoked keys needs to be removed from the trust anchors. [GL #3981] 6141. [bug] Fix several issues in nsupdate timeout handling and update the -t option's documentation. [GL #3674] 6138. [doc] Fix the DF-flag documentation on the outgoing UDP packets. [GL #3710] 6136. [cleanup] Remove the isc_fsaccess API in favor of creating temporary file first and atomically replace the key with non-truncated content. [GL #3982] 6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967] 6129. [cleanup] Value stored to 'source' during its initialization is never read. [GL #3965] 6128. [bug] Fix an omission in an earlier commit to avoid a race between the 'dns__catz_update_cb()' and 'dns_catz_dbupdate_callback()' functions. [GL #3968] 6126. [cleanup] Deprecate zone type "delegation-only" and the "delegation-only" and "root-delegation-only" options. [GL #3953] 6125. [bug] Hold a catz reference while the update process is running, so that the catalog zone is not destroyed during shutdown until the update process is finished or properly canceled by the activated 'shuttingdown' flag. [GL #3955] 6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to an NSEC3 incapable DNSSEC algorithm using KASP the zone could sometimes be incompletely signed. [GL #3937] 6121. [bug] Fix BIND and dig zone transfer hanging when downloading large zones over TLS from a primary server, especially over unstable connections. [GL #3867] --- Module Name: pkgsrc Committed By: taca Date: Wed May 17 13:43:52 UTC 2023 Modified Files: pkgsrc/net/bind918: Makefile distinfo Log Message: net/bind918: update to 9.18.15 --- 9.18.15 released --- 6164. [bug] Set the rndc idle read timeout back to 60 seconds, from the netmgr default of 30 seconds, in order to match the behavior of 9.16 and earlier. [GL #4046] 6161. [bug] Fix log file rotation when using absolute path as file. [GL #3991] 6157. [bug] When removing delegations in an OPTOUT range empty-non-terminal NSEC3 records generated by those delegations were not removed. [GL #4027] 6156. [bug] Reimplement the maximum and idle timeouts for incoming zone tranfers. [GL #4004] 6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error in the dispatch code to avoid retrying with the same server. [GL #4005] 6152. [bug] In dispatch, honour the configured source-port selection when UDP connection fails with address in use error. Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE. [GL #3986] 6149. [test] As a workaround, include an OpenSSL header file before including cmocka.h in the unit tests, because OpenSSL 3.1.0 uses __attribute__(malloc), conflicting with a redefined malloc in cmocka.h. [GL #4000] --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 21 14:42:23 UTC 2023 Modified Files: pkgsrc/net/bind918: Makefile distinfo Log Message: net/bind918: update to 9.18.16 9.18.16 (2023-06-21) Security release: - CVE-2023-2828 - CVE-2023-2911 6192. [security] A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for 'named' to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089] 6190. [security] Improve the overmem cleaning process to prevent the cache going over the configured limit. (CVE-2023-2828) [GL #4055] 6188. [performance] Reduce memory consumption by allocating properly sized send buffers for stream-based transports. [GL #4038] 6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the 'stale-answer-enable' options was enabled and the 'stale-answer-client-timeout' option was enabled and larger than 0, named was taking two places from the 'clients-per-query' limit for each client and was failing to gradually auto-tune its value, as configured. [GL #4074] 6185. [func] Add "ClientQuota" statistics channel counter, which indicates the number of the resolver's spilled queries due to reaching the clients per query quota. [GL !7978] 6183. [bug] Fix a serve-stale bug where a delegation from cache could be returned to the client. [GL #3950] 6182. [cleanup] Remove configure checks for epoll, kqueue and /dev/poll. [GL #4098] 6181. [func] The "tkey-dhkey" option has been deprecated; a warning will be logged when it is used. In a future release, Diffie-Hellman TKEY mode will be removed. [GL #3905] 6180. [bug] The session key object could be incorrectly added to multiple different views' keyrings. [GL #4079] 6179. [bug] Fix an interfacemgr use-after-free error in zoneconf.c:isself(). [GL #3765] 6176. [test] Add support for using pytest & pytest-xdist to execute the system test suite. [GL #3978] 6174. [bug] BIND could get stuck on reconfiguration when a 'listen' statement for HTTP is removed from the configuration. That has been fixed. [GL #4071] 6173. [bug] Properly process extra "nameserver" lines in resolv.conf otherwise the next line is not properly processed. [GL #4066] 6169. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [GL #4054] 6165. [bug] Fix a logic error in dighost.c which could call the dighost_shutdown() callback twice and cause problems if the callback function was not idempotent. [GL #4039] To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.8.2.1 pkgsrc/net/bind918/Makefile cvs rdiff -u -r1.3 -r1.3.2.1 pkgsrc/net/bind918/PLIST cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/net/bind918/distinfo cvs rdiff -u -r1.1 -r1.1.4.1 pkgsrc/net/bind918/options.mk Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1687772084120660 Content-Disposition: inline Content-Length: 3460 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/bind918/Makefile diff -u pkgsrc/net/bind918/Makefile:1.8 pkgsrc/net/bind918/Makefile:1.8.2.1 --- pkgsrc/net/bind918/Makefile:1.8 Fri Mar 17 13:58:59 2023 +++ pkgsrc/net/bind918/Makefile Mon Jun 26 09:34:44 2023 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.8 2023/03/17 13:58:59 taca Exp $ +# $NetBSD: Makefile,v 1.8.2.1 2023/06/26 09:34:44 bsiegert Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} @@ -15,7 +15,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.18.13 +BIND_VERSION= 9.18.16 BUILD_DEFS+= BIND_DIR VARBASE Index: pkgsrc/net/bind918/PLIST diff -u pkgsrc/net/bind918/PLIST:1.3 pkgsrc/net/bind918/PLIST:1.3.2.1 --- pkgsrc/net/bind918/PLIST:1.3 Fri Mar 17 13:58:59 2023 +++ pkgsrc/net/bind918/PLIST Mon Jun 26 09:34:44 2023 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.3 2023/03/17 13:58:59 taca Exp $ +@comment $NetBSD: PLIST,v 1.3.2.1 2023/06/26 09:34:44 bsiegert Exp $ bin/arpaname bin/delv bin/dig @@ -150,7 +150,6 @@ include/isc/event.h include/isc/eventclass.h include/isc/file.h include/isc/formatcheck.h -include/isc/fsaccess.h include/isc/fuzz.h include/isc/glob.h include/isc/hash.h Index: pkgsrc/net/bind918/distinfo diff -u pkgsrc/net/bind918/distinfo:1.6 pkgsrc/net/bind918/distinfo:1.6.2.1 --- pkgsrc/net/bind918/distinfo:1.6 Fri Mar 17 13:58:59 2023 +++ pkgsrc/net/bind918/distinfo Mon Jun 26 09:34:44 2023 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.6 2023/03/17 13:58:59 taca Exp $ +$NetBSD: distinfo,v 1.6.2.1 2023/06/26 09:34:44 bsiegert Exp $ -BLAKE2s (bind-9.18.13.tar.xz) = ef77120b264e3355c151d73906353b70e897cbd0ac7a316199dca8db794c6621 -SHA512 (bind-9.18.13.tar.xz) = e385a285c5a23bac26155f8a3f3a826a6dec0fd2bf4e3e2270debc45d21031cecc41dc05350b1ec0aed5020e0e4ae75db6632e99deea6834519756af4eb69b3c -Size (bind-9.18.13.tar.xz) = 5419040 bytes +BLAKE2s (bind-9.18.16.tar.xz) = ee1af429db6cb8cc0ed6a993387ab139e14dddb9f96f05e8c3c6ef3c33acaf9c +SHA512 (bind-9.18.16.tar.xz) = 90b510552e8fd0c358a627e32bd840eaafc946a2b3c5c4623d0e24aa167fb99aedd91ed19392a104ed5bfce341d9944bab02c680e19d312b59e6688f9546a1fd +Size (bind-9.18.16.tar.xz) = 5462456 bytes SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d Index: pkgsrc/net/bind918/options.mk diff -u pkgsrc/net/bind918/options.mk:1.1 pkgsrc/net/bind918/options.mk:1.1.4.1 --- pkgsrc/net/bind918/options.mk:1.1 Sun Dec 11 01:57:55 2022 +++ pkgsrc/net/bind918/options.mk Mon Jun 26 09:34:44 2023 @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.1 2022/12/11 01:57:55 sekiya Exp $ +# $NetBSD: options.mk,v 1.1.4.1 2023/06/26 09:34:44 bsiegert Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.bind PKG_SUPPORTED_OPTIONS= bind-dig-sigchase bind-xml-statistics-server @@ -13,10 +13,10 @@ PTHREAD_OPTS+= native .include "../../mk/pthread.buildlink3.mk" .if defined(PTHREAD_TYPE) && (${PTHREAD_TYPE} == "none") || \ - !empty(MACHINE_PLATFORM:MNetBSD-*-vax) || \ - !empty(MACHINE_PLATFORM:MNetBSD-*-sparc) || \ - !empty(MACHINE_PLATFORM:MNetBSD-*-sparc64) || \ - !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) + ${MACHINE_PLATFORM:MNetBSD-*-vax} || \ + ${MACHINE_PLATFORM:MNetBSD-*-sparc} || \ + ${MACHINE_PLATFORM:MNetBSD-*-sparc64} || \ + ${MACHINE_PLATFORM:MNetBSD-*-m68k} # don't touch PKG_SUGGESTED_OPTIONS .else PKG_SUGGESTED_OPTIONS+= threads --_----------=_1687772084120660--