Pullup ticket #3798 - requested by taca
net/bind98: security update
Revisions pulled up:
- net/bind98/Makefile 1.10-1.11
- net/bind98/distinfo 1.10-1.11
- net/bind98/files/named9.sh 1.2
- net/bind98/patches/patch-bin_tests_system_Makefile.in 1.1-1.2
- net/bind98/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 13:22:40 UTC 2012
Modified Files:
pkgsrc/net/bind98: distinfo
Added Files:
pkgsrc/net/bind98/patches: patch-bin_tests_system_Makefile.in
Log Message:
net/bind98: Fix undefined reference to 'main'
Bind98 needs the same fix bind99 received on 23 Mar 2012 to fix the
linking of driver.so
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 09:10:44 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile
pkgsrc/net/bind98/files: named9.sh
Log Message:
PR#45780 net/bind98: Fix chroot operation
Implemented per PR.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:32:31 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
pkgsrc/net/bind98/patches: patch-bin_tests_system_Makefile.in
Removed Files:
pkgsrc/net/bind98/patches: patch-lib_dns_resolver.c
Log Message:
Update bind98 to 9.8.3.
pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.
Changes from release announce:
Security Fixes
* Windows binary packages distributed by ISC are now built and linked
against OpenSSL 1.0.0i
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* named-checkconf now correctly validates dns64 clients acl
definitions. [RT #27631]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Improves DNS64 reverse zone performance. [RT #28563]
* Adds wire format lookup method to sdb. [RT #28563]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
(tron)
diff -r1.8.2.1 -r1.8.2.2 pkgsrc/net/bind98/Makefile| @@ -1,33 +1,32 @@ | @@ -1,33 +1,32 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.8.2.1 2012/05/03 18:24:56 tron Exp $ | 1 | # $NetBSD: Makefile,v 1.8.2.2 2012/05/22 09:29:13 tron Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
| 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
| 5 | PKGREVISION= 1 | |||
| 6 | CATEGORIES= net | 5 | CATEGORIES= net | |
| 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ | 6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ | |
| 8 | http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 7 | http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
| 9 | 8 | |||
| 10 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 11 | HOMEPAGE= http://www.isc.org/software/bind | 10 | HOMEPAGE= http://www.isc.org/software/bind | |
| 12 | COMMENT= Version 9 of the Berkeley Internet Name Daemon, implementation of DNS | 11 | COMMENT= Version 9 of the Berkeley Internet Name Daemon, implementation of DNS | |
| 13 | 12 | |||
| 14 | CONFLICTS+= bind<9.8.0 | 13 | CONFLICTS+= bind<9.8.0 | |
| 15 | 14 | |||
| 16 | PKG_DESTDIR_SUPPORT= user-destdir | 15 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 17 | 16 | |||
| 18 | MAKE_JOBS_SAFE= no | 17 | MAKE_JOBS_SAFE= no | |
| 19 | 18 | |||
| 20 | BIND_VERSION= 9.8.2 | 19 | BIND_VERSION= 9.8.3 | |
| 21 | 20 | |||
| 22 | .include "../../mk/bsd.prefs.mk" | 21 | .include "../../mk/bsd.prefs.mk" | |
| 23 | 22 | |||
| 24 | BUILD_DEFS+= BIND_DIR VARBASE | 23 | BUILD_DEFS+= BIND_DIR VARBASE | |
| 25 | 24 | |||
| 26 | .include "options.mk" | 25 | .include "options.mk" | |
| 27 | 26 | |||
| 28 | USE_TOOLS+= pax perl | 27 | USE_TOOLS+= pax perl | |
| 29 | USE_LIBTOOL= yes | 28 | USE_LIBTOOL= yes | |
| 30 | GNU_CONFIGURE= yes | 29 | GNU_CONFIGURE= yes | |
| 31 | #CONFIG_SHELL= sh -x | 30 | #CONFIG_SHELL= sh -x | |
| 32 | 31 | |||
| 33 | CONFIGURE_ARGS+= --with-libtool | 32 | CONFIGURE_ARGS+= --with-libtool |
| @@ -1,12 +1,12 @@ | @@ -1,12 +1,12 @@ | |||
| 1 | $NetBSD: distinfo,v 1.8.2.1 2012/05/03 18:24:56 tron Exp $ | 1 | $NetBSD: distinfo,v 1.8.2.2 2012/05/22 09:29:13 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (bind-9.8.2.tar.gz) = 09f0b18bde0438186d6639f08c17db3b98e81c17 | 3 | SHA1 (bind-9.8.3.tar.gz) = 6efdf42764c2d787a0395d077da0f7091bb371a5 | |
| 4 | RMD160 (bind-9.8.2.tar.gz) = 59f6502cc4dd315da4c31adc183f0eb88e6856b4 | 4 | RMD160 (bind-9.8.3.tar.gz) = b5c704f8ea2b5e34ca7a7b6e73618e8be5521ce2 | |
| 5 | Size (bind-9.8.2.tar.gz) = 7054574 bytes | 5 | Size (bind-9.8.3.tar.gz) = 6984538 bytes | |
| 6 | SHA1 (patch-bin_dig_dighost.c) = 3f37033cc64e1153268ab437fab533d2920bb18c | 6 | SHA1 (patch-bin_dig_dighost.c) = 3f37033cc64e1153268ab437fab533d2920bb18c | |
| 7 | SHA1 (patch-bin_tests_system_Makefile.in) = 650ac962464e23f6c4278e7025f55f282789f9c9 | |||
| 7 | SHA1 (patch-config.threads.in) = 045531d8378a88c654ab98ba6ea65786c8cf4e2b | 8 | SHA1 (patch-config.threads.in) = 045531d8378a88c654ab98ba6ea65786c8cf4e2b | |
| 8 | SHA1 (patch-configure) = 08f878fd3a5d3d17e0cf55d01344ddc84991967f | 9 | SHA1 (patch-configure) = 08f878fd3a5d3d17e0cf55d01344ddc84991967f | |
| 9 | SHA1 (patch-lib_dns_rbt.c) = 29fb5c24ff3558f1621e93ea16419e32dbc695b7 | 10 | SHA1 (patch-lib_dns_rbt.c) = 29fb5c24ff3558f1621e93ea16419e32dbc695b7 | |
| 10 | SHA1 (patch-lib_dns_resolver.c) = e6abfc6bb117bd4e12a0d5b4641423b1f0408178 | |||
| 11 | SHA1 (patch-lib_lwres_getaddrinfo.c) = 9585a26a376d32f80ac8266eb7967c00b433f14d | 11 | SHA1 (patch-lib_lwres_getaddrinfo.c) = 9585a26a376d32f80ac8266eb7967c00b433f14d | |
| 12 | SHA1 (patch-lib_lwres_getnameinfo.c) = c26dcff4637b7beb16b66c32b304d0f187390eed | 12 | SHA1 (patch-lib_lwres_getnameinfo.c) = c26dcff4637b7beb16b66c32b304d0f187390eed |
| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | #!@RCD_SCRIPTS_SHELL@ | 1 | #!@RCD_SCRIPTS_SHELL@ | |
| 2 | # | 2 | # | |
| 3 | # $NetBSD: named9.sh,v 1.1.1.1 2011/03/04 03:52:15 taca Exp $ | 3 | # $NetBSD: named9.sh,v 1.1.1.1.10.1 2012/05/22 09:29:13 tron Exp $ | |
| 4 | # | 4 | # | |
| 5 | 5 | |||
| 6 | # PROVIDE: named | 6 | # PROVIDE: named | |
| 7 | # REQUIRE: NETWORKING mountcritremote syslogd | 7 | # REQUIRE: NETWORKING mountcritremote syslogd | |
| 8 | # BEFORE: DAEMON | 8 | # BEFORE: DAEMON | |
| 9 | # KEYWORD: chrootdir | 9 | # KEYWORD: chrootdir | |
| 10 | 10 | |||
| 11 | . /etc/rc.subr | 11 | . /etc/rc.subr | |
| 12 | 12 | |||
| 13 | name="named" | 13 | name="named" | |
| 14 | rcvar="${name}9" | 14 | rcvar="${name}9" | |
| 15 | command="@PREFIX@/sbin/${name}" | 15 | command="@PREFIX@/sbin/${name}" | |
| 16 | pidfile="@VARBASE@/run/named/${name}.pid" | 16 | pidfile="@VARBASE@/run/named/${name}.pid" | |
| @@ -39,26 +39,34 @@ named_precmd() | @@ -39,26 +39,34 @@ named_precmd() | |||
| 39 | do | 39 | do | |
| 40 | if [ ! -c "${named_chrootdir}/dev/$i" ]; then | 40 | if [ ! -c "${named_chrootdir}/dev/$i" ]; then | |
| 41 | @RM@ -f "${named_chrootdir}/dev/$i" | 41 | @RM@ -f "${named_chrootdir}/dev/$i" | |
| 42 | (cd /dev && | 42 | (cd /dev && | |
| 43 | @PAX@ -rw -pe "$i" "${named_chrootdir}/dev") | 43 | @PAX@ -rw -pe "$i" "${named_chrootdir}/dev") | |
| 44 | fi | 44 | fi | |
| 45 | done | 45 | done | |
| 46 | 46 | |||
| 47 | if [ -f /etc/localtime ]; then | 47 | if [ -f /etc/localtime ]; then | |
| 48 | @CMP@ -s /etc/localtime "${named_chrootdir}/etc/localtime" || \ | 48 | @CMP@ -s /etc/localtime "${named_chrootdir}/etc/localtime" || \ | |
| 49 | @CP@ -p /etc/localtime "${named_chrootdir}/etc/localtime" | 49 | @CP@ -p /etc/localtime "${named_chrootdir}/etc/localtime" | |
| 50 | fi | 50 | fi | |
| 51 | 51 | |||
| 52 | if [ -f /usr/lib/engines/libgost.so ]; then | |||
| 53 | if [ ! -d ${named_chrootdir}/usr/lib/engines ]; then | |||
| 54 | @MKDIR@ ${named_chrootdir}/usr/lib/engines | |||
| 55 | fi | |||
| 56 | @CMP@ -s /usr/lib/engines/libgost.so "${named_chrootdir}/usr/lib/engines/libgost.so" || \ | |||
| 57 | @CP@ -p /usr/lib/engines/libgost.so "${named_chrootdir}/usr/lib/engines/libgost.so" | |||
| 58 | fi | |||
| 59 | ||||
| 52 | if [ ! -d ${named_chrootdir}@VARBASE@/run/named ]; then | 60 | if [ ! -d ${named_chrootdir}@VARBASE@/run/named ]; then | |
| 53 | @MKDIR@ ${named_chrootdir}@VARBASE@/run/named | 61 | @MKDIR@ ${named_chrootdir}@VARBASE@/run/named | |
| 54 | @CHOWN@ @BIND_USER@ ${named_chrootdir}@VARBASE@/run/named | 62 | @CHOWN@ @BIND_USER@ ${named_chrootdir}@VARBASE@/run/named | |
| 55 | fi | 63 | fi | |
| 56 | 64 | |||
| 57 | @RM@ -f ${pidfile} | 65 | @RM@ -f ${pidfile} | |
| 58 | @LN@ -s "${named_chrootdir}${pidfile}" ${pidfile} | 66 | @LN@ -s "${named_chrootdir}${pidfile}" ${pidfile} | |
| 59 | 67 | |||
| 60 | # Change run_rc_commands()'s internal copy of $named_flags | 68 | # Change run_rc_commands()'s internal copy of $named_flags | |
| 61 | # | 69 | # | |
| 62 | rc_flags="-u @BIND_USER@ -t ${named_chrootdir} $rc_flags" | 70 | rc_flags="-u @BIND_USER@ -t ${named_chrootdir} $rc_flags" | |
| 63 | } | 71 | } | |
| 64 | 72 |
$NetBSD: patch-bin_tests_system_Makefile.in,v 1.2.2.2 2012/05/22 09:29:13 tron Exp $
Build fix for DragonFly while linking of driver.so.
--- bin/tests/system/Makefile.in.orig 2012-03-22 19:20:00.000000000 +0000
+++ bin/tests/system/Makefile.in
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
-SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss
+SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss
TARGETS =
@BIND9_MAKE_RULES@