Sat Aug 18 13:18:09 2018 UTC ()
Pullup ticket #5810 - requested by maya
net/bind99: security fix, NetBSD build fix
net/bind910: security fix, NetBSD build fix
Revisions pulled up:
- net/bind910/Makefile 1.42-1.43
- net/bind910/distinfo 1.35-1.36
- net/bind910/patches/patch-lib_isc_unix_socket.c 1.1
- net/bind99/Makefile 1.75-1.76
- net/bind99/distinfo 1.53-1.54
- net/bind99/patches/patch-lib_isc_unix_socket.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 9 14:51:25 UTC 2018
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
net/bind99: update to 9.9.13pl1
Update bind99 to 9.9.13pl1 (9.9.13-P1).
--- 9.9.13-P1 released ---
4997. [security] named could crash during recursive processing
of DNAME records when "deny-answer-aliases" was
in use. (CVE-2018-5740) [GL #387]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 9 14:49:09 UTC 2018
Modified Files:
pkgsrc/net/bind910: Makefile distinfo
Log Message:
net/bind910: update to 9.10.8pl1
Update bind910 to 9.10.8pl1 (9.10.8-P1).
--- 9.10.8-P1 released ---
4997. [security] named could crash during recursive processing
of DNAME records when "deny-answer-aliases" was
in use. (CVE-2018-5740) [GL #387]
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 13 13:36:25 UTC 2018
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Added Files:
pkgsrc/net/bind99/patches: patch-lib_isc_unix_socket.c
Log Message:
bind99: Make ENOBUFS a soft error. Needed for netbsd>=8.
See https://gitlab.isc.org/isc-projects/bind9/issues/462
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 13 13:37:14 UTC 2018
Modified Files:
pkgsrc/net/bind910: Makefile
Added Files:
pkgsrc/net/bind910/patches: patch-lib_isc_unix_socket.c
Log Message:
bind910: Make ENOBUFS a soft error. Needed for netbsd>=8.
See https://gitlab.isc.org/isc-projects/bind9/issues/462
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 13 13:41:49 UTC 2018
Modified Files:
pkgsrc/net/bind910: distinfo
Log Message:
bind910: also add patch to distinfo.
(bsiegert)
diff -r1.40.4.1 -r1.40.4.2 pkgsrc/net/bind910/Makefile
diff -r1.32.4.1 -r1.32.4.2 pkgsrc/net/bind910/distinfo
diff -r0 -r1.1.2.2 pkgsrc/net/bind910/patches/patch-lib_isc_unix_socket.c
diff -r1.73.4.1 -r1.73.4.2 pkgsrc/net/bind99/Makefile
diff -r1.51.4.1 -r1.51.4.2 pkgsrc/net/bind99/distinfo
diff -r0 -r1.1.2.2 pkgsrc/net/bind99/patches/patch-lib_isc_unix_socket.c
--- pkgsrc/net/bind910/Attic/Makefile 2018/07/14 18:36:25 1.40.4.1
+++ pkgsrc/net/bind910/Attic/Makefile 2018/08/18 13:18:08 1.40.4.2
| @@ -1,30 +1,31 @@ | | | @@ -1,30 +1,31 @@ |
| 1 | # $NetBSD: Makefile,v 1.40.4.1 2018/07/14 18:36:25 spz Exp $ | | 1 | # $NetBSD: Makefile,v 1.40.4.2 2018/08/18 13:18:08 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= bind-${BIND_VERSION} | | 3 | DISTNAME= bind-${BIND_VERSION} |
| 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} |
| | | 5 | PKGREVISION= 1 |
| 5 | CATEGORIES= net | | 6 | CATEGORIES= net |
| 6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ |
| 7 | | | 8 | |
| 8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 9 | HOMEPAGE= http://www.isc.org/software/bind/ | | 10 | HOMEPAGE= http://www.isc.org/software/bind/ |
| 10 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.10 | | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.10 |
| 11 | LICENSE= mpl-2.0 | | 12 | LICENSE= mpl-2.0 |
| 12 | | | 13 | |
| 13 | CONFLICTS+= host-[0-9]* | | 14 | CONFLICTS+= host-[0-9]* |
| 14 | | | 15 | |
| 15 | MAKE_JOBS_SAFE= no | | 16 | MAKE_JOBS_SAFE= no |
| 16 | | | 17 | |
| 17 | BIND_VERSION= 9.10.8 | | 18 | BIND_VERSION= 9.10.8-P1 |
| 18 | | | 19 | |
| 19 | .include "../../mk/bsd.prefs.mk" | | 20 | .include "../../mk/bsd.prefs.mk" |
| 20 | | | 21 | |
| 21 | BUILD_DEFS+= BIND_DIR VARBASE | | 22 | BUILD_DEFS+= BIND_DIR VARBASE |
| 22 | | | 23 | |
| 23 | .include "options.mk" | | 24 | .include "options.mk" |
| 24 | | | 25 | |
| 25 | USE_TOOLS+= pax perl pkg-config | | 26 | USE_TOOLS+= pax perl pkg-config |
| 26 | USE_LIBTOOL= yes | | 27 | USE_LIBTOOL= yes |
| 27 | GNU_CONFIGURE= yes | | 28 | GNU_CONFIGURE= yes |
| 28 | #CONFIG_SHELL= sh -x | | 29 | #CONFIG_SHELL= sh -x |
| 29 | | | 30 | |
| 30 | CONFIGURE_ARGS+= --with-libtool | | 31 | CONFIGURE_ARGS+= --with-libtool |
--- pkgsrc/net/bind910/Attic/distinfo 2018/07/14 18:36:25 1.32.4.1
+++ pkgsrc/net/bind910/Attic/distinfo 2018/08/18 13:18:08 1.32.4.2
| @@ -1,15 +1,16 @@ | | | @@ -1,15 +1,16 @@ |
| 1 | $NetBSD: distinfo,v 1.32.4.1 2018/07/14 18:36:25 spz Exp $ | | 1 | $NetBSD: distinfo,v 1.32.4.2 2018/08/18 13:18:08 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (bind-9.10.8.tar.gz) = 5438a33be8973e72b756f542f98c615fe56439a3 | | 3 | SHA1 (bind-9.10.8-P1.tar.gz) = 70505825897b78868eb5f38ebf1a7b9fd3a7b588 |
| 4 | RMD160 (bind-9.10.8.tar.gz) = c90e2a6b475668ea11e9d71391f0b407545eaf7c | | 4 | RMD160 (bind-9.10.8-P1.tar.gz) = 6cea25616dc1e0a280db3ea9784afe109f68db5c |
| 5 | SHA512 (bind-9.10.8.tar.gz) = e40c9bf57d137423e5ff9ae88cec162662b326912a28ae4d5167511673827d08f66b88eacbb6bfe7639c631b4223ac411e5faf1d1c09f0e44199d052a545cb8a | | 5 | SHA512 (bind-9.10.8-P1.tar.gz) = 1b4d871b7baddf0552b56f1f667974f29684b1a85e1cf7cbe9c62c72f113337bf3cf4c4d806b565b551c8eca45bbc8290b173de6b0188b7e17f648e2a0986ce8 |
| 6 | Size (bind-9.10.8.tar.gz) = 9248817 bytes | | 6 | Size (bind-9.10.8-P1.tar.gz) = 9247135 bytes |
| 7 | SHA1 (patch-bin_dig_dighost.c) = 983e23a30d519982cbe88ed2277fcffc9cad616e | | 7 | SHA1 (patch-bin_dig_dighost.c) = 983e23a30d519982cbe88ed2277fcffc9cad616e |
| 8 | SHA1 (patch-bin_tests_system_Makefile.in) = ba368204f8eeaa12be366a532c75a2e3cc8fae98 | | 8 | SHA1 (patch-bin_tests_system_Makefile.in) = ba368204f8eeaa12be366a532c75a2e3cc8fae98 |
| 9 | SHA1 (patch-bin_tests_system_metadata_tests.sh) = f18aa93a93cadd5d9da4bba75a512b5c599fb4dd | | 9 | SHA1 (patch-bin_tests_system_metadata_tests.sh) = f18aa93a93cadd5d9da4bba75a512b5c599fb4dd |
| 10 | SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 | | 10 | SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 |
| 11 | SHA1 (patch-configure) = ac796249d34884e87d51602762df1f29cd1fe0bd | | 11 | SHA1 (patch-configure) = ac796249d34884e87d51602762df1f29cd1fe0bd |
| 12 | SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f | | 12 | SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f |
| 13 | SHA1 (patch-lib_dns_rbt.c) = 7e37f411d084e5363c6a5023e1915d224321c3e3 | | 13 | SHA1 (patch-lib_dns_rbt.c) = 7e37f411d084e5363c6a5023e1915d224321c3e3 |
| | | 14 | SHA1 (patch-lib_isc_unix_socket.c) = b2ab2d914c6be15639ca4fc63255f928d318704c |
| 14 | SHA1 (patch-lib_lwres_getaddrinfo.c) = 69e9c8049fedcb93bd219c6053163f21ce3b2535 | | 15 | SHA1 (patch-lib_lwres_getaddrinfo.c) = 69e9c8049fedcb93bd219c6053163f21ce3b2535 |
| 15 | SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1 | | 16 | SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1 |
$NetBSD: patch-lib_isc_unix_socket.c,v 1.1.2.2 2018/08/18 13:18:08 bsiegert Exp $
Make ENOBUFS a soft error
https://gitlab.isc.org/isc-projects/bind9/issues/462
--- lib/isc/unix/socket.c.orig 2018-07-24 17:26:47.000000000 +0000
+++ lib/isc/unix/socket.c
@@ -255,6 +255,7 @@ typedef enum { poll_idle, poll_active, p
#define SOFT_ERROR(e) ((e) == EAGAIN || \
(e) == EWOULDBLOCK || \
(e) == EINTR || \
+ (e) == ENOBUFS || \
(e) == 0)
#define DLVL(x) ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_DEBUG(x)
@@ -1949,7 +1950,7 @@ doio_recv(isc__socket_t *sock, isc_socke
SOFT_OR_HARD(EHOSTDOWN, ISC_R_HOSTDOWN);
/* HPUX 11.11 can return EADDRNOTAVAIL. */
SOFT_OR_HARD(EADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL);
- ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES);
+ SOFT_OR_HARD(ENOBUFS, ISC_R_NORESOURCES);
/* Should never get this one but it was seen. */
#ifdef ENOPROTOOPT
SOFT_OR_HARD(ENOPROTOOPT, ISC_R_HOSTUNREACH);
@@ -2146,7 +2147,7 @@ doio_send(isc__socket_t *sock, isc_socke
ALWAYS_HARD(EHOSTDOWN, ISC_R_HOSTUNREACH);
#endif
ALWAYS_HARD(ENETUNREACH, ISC_R_NETUNREACH);
- ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES);
+ SOFT_OR_HARD(ENOBUFS, ISC_R_NORESOURCES);
ALWAYS_HARD(EPERM, ISC_R_HOSTUNREACH);
ALWAYS_HARD(EPIPE, ISC_R_NOTCONNECTED);
ALWAYS_HARD(ECONNRESET, ISC_R_CONNECTIONRESET);
--- pkgsrc/net/bind99/Attic/Makefile 2018/07/14 20:26:46 1.73.4.1
+++ pkgsrc/net/bind99/Attic/Makefile 2018/08/18 13:18:08 1.73.4.2
| @@ -1,30 +1,31 @@ | | | @@ -1,30 +1,31 @@ |
| 1 | # $NetBSD: Makefile,v 1.73.4.1 2018/07/14 20:26:46 spz Exp $ | | 1 | # $NetBSD: Makefile,v 1.73.4.2 2018/08/18 13:18:08 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= bind-${BIND_VERSION} | | 3 | DISTNAME= bind-${BIND_VERSION} |
| 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} |
| | | 5 | PKGREVISION= 1 |
| 5 | CATEGORIES= net | | 6 | CATEGORIES= net |
| 6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ |
| 7 | | | 8 | |
| 8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 9 | HOMEPAGE= http://www.isc.org/software/bind/ | | 10 | HOMEPAGE= http://www.isc.org/software/bind/ |
| 10 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.9 | | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.9 |
| 11 | LICENSE= mpl-2.0 | | 12 | LICENSE= mpl-2.0 |
| 12 | | | 13 | |
| 13 | CONFLICTS+= host-[0-9]* | | 14 | CONFLICTS+= host-[0-9]* |
| 14 | | | 15 | |
| 15 | MAKE_JOBS_SAFE= no | | 16 | MAKE_JOBS_SAFE= no |
| 16 | | | 17 | |
| 17 | BIND_VERSION= 9.9.13 | | 18 | BIND_VERSION= 9.9.13-P1 |
| 18 | | | 19 | |
| 19 | .include "../../mk/bsd.prefs.mk" | | 20 | .include "../../mk/bsd.prefs.mk" |
| 20 | | | 21 | |
| 21 | BUILD_DEFS+= BIND_DIR VARBASE | | 22 | BUILD_DEFS+= BIND_DIR VARBASE |
| 22 | | | 23 | |
| 23 | .include "options.mk" | | 24 | .include "options.mk" |
| 24 | | | 25 | |
| 25 | USE_TOOLS+= pax perl | | 26 | USE_TOOLS+= pax perl |
| 26 | USE_LIBTOOL= yes | | 27 | USE_LIBTOOL= yes |
| 27 | GNU_CONFIGURE= yes | | 28 | GNU_CONFIGURE= yes |
| 28 | #CONFIG_SHELL= sh -x | | 29 | #CONFIG_SHELL= sh -x |
| 29 | | | 30 | |
| 30 | CONFIGURE_ARGS+= --with-libtool | | 31 | CONFIGURE_ARGS+= --with-libtool |
--- pkgsrc/net/bind99/Attic/distinfo 2018/07/14 20:26:46 1.51.4.1
+++ pkgsrc/net/bind99/Attic/distinfo 2018/08/18 13:18:08 1.51.4.2
| @@ -1,15 +1,16 @@ | | | @@ -1,15 +1,16 @@ |
| 1 | $NetBSD: distinfo,v 1.51.4.1 2018/07/14 20:26:46 spz Exp $ | | 1 | $NetBSD: distinfo,v 1.51.4.2 2018/08/18 13:18:08 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (bind-9.9.13.tar.gz) = 61726bc33434ed811739b2513d14b9f138a87129 | | 3 | SHA1 (bind-9.9.13-P1.tar.gz) = fdc8572a5bde8c25054924cacc8e21f342ff3231 |
| 4 | RMD160 (bind-9.9.13.tar.gz) = b3e035037fb0396ff65800ea94fc606848afd0ea | | 4 | RMD160 (bind-9.9.13-P1.tar.gz) = 105a3364bd076d9ba59b64fc4571a397b0d4fa12 |
| 5 | SHA512 (bind-9.9.13.tar.gz) = 39d7cafd7cdc6e791b7a5cc847f01ad754ff18f1e4a9c4f5c453ae378329688277530cba9fb8ca379d8c81be2fd9fc912d686eb256070a303d6232fe2b1a4ea0 | | 5 | SHA512 (bind-9.9.13-P1.tar.gz) = 0a6d7f4cfd89500ba89d056bcea5f4c6371df2165555c494bc30a6ebd4ca7f8ac9232c5acde1a5d153af4689dbd3691508498634f9d5ff99fcf618626e5f43c2 |
| 6 | Size (bind-9.9.13.tar.gz) = 8752488 bytes | | 6 | Size (bind-9.9.13-P1.tar.gz) = 8753154 bytes |
| 7 | SHA1 (patch-bin_dig_dighost.c) = a4bc9558c5dbedcc6bb0f87ea309358ca098d42a | | 7 | SHA1 (patch-bin_dig_dighost.c) = a4bc9558c5dbedcc6bb0f87ea309358ca098d42a |
| 8 | SHA1 (patch-bin_tests_system_Makefile.in) = 96dac694cba8dd60bce9df23bab295c0be2f9e9a | | 8 | SHA1 (patch-bin_tests_system_Makefile.in) = 96dac694cba8dd60bce9df23bab295c0be2f9e9a |
| 9 | SHA1 (patch-bin_tests_system_metadata_tests.sh) = b84cfd9b005b8a8bd7e7e975a276d9c99f5a780a | | 9 | SHA1 (patch-bin_tests_system_metadata_tests.sh) = b84cfd9b005b8a8bd7e7e975a276d9c99f5a780a |
| 10 | SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 | | 10 | SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 |
| 11 | SHA1 (patch-configure) = 1e86fab1a82f237dfc7f1a3c09e4ef6095bf973e | | 11 | SHA1 (patch-configure) = 1e86fab1a82f237dfc7f1a3c09e4ef6095bf973e |
| 12 | SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f | | 12 | SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f |
| 13 | SHA1 (patch-lib_dns_rbt.c) = 267ecae3de33297b18faff46c9855c1ce64b4856 | | 13 | SHA1 (patch-lib_dns_rbt.c) = 267ecae3de33297b18faff46c9855c1ce64b4856 |
| | | 14 | SHA1 (patch-lib_isc_unix_socket.c) = 7d7db24573d3cca85370b99f3e0e7406bbcc9325 |
| 14 | SHA1 (patch-lib_lwres_getaddrinfo.c) = cda91b6d1afa02de2c59d51490090ef4ab7f1a41 | | 15 | SHA1 (patch-lib_lwres_getaddrinfo.c) = cda91b6d1afa02de2c59d51490090ef4ab7f1a41 |
| 15 | SHA1 (patch-lib_lwres_getnameinfo.c) = 7ded70795a9001cce5c8094ef3f70ac787a6d43d | | 16 | SHA1 (patch-lib_lwres_getnameinfo.c) = 7ded70795a9001cce5c8094ef3f70ac787a6d43d |
$NetBSD: patch-lib_isc_unix_socket.c,v 1.1.2.2 2018/08/18 13:18:09 bsiegert Exp $
Make ENOBUFS a soft error
https://gitlab.isc.org/isc-projects/bind9/issues/462
--- lib/isc/unix/socket.c.orig 2018-07-24 17:26:35.000000000 +0000
+++ lib/isc/unix/socket.c
@@ -236,6 +236,7 @@ typedef enum { poll_idle, poll_active, p
#define SOFT_ERROR(e) ((e) == EAGAIN || \
(e) == EWOULDBLOCK || \
(e) == EINTR || \
+ (e) == ENOBUFS || \
(e) == 0)
#define DLVL(x) ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_DEBUG(x)
@@ -1743,7 +1744,7 @@ doio_recv(isc__socket_t *sock, isc_socke
SOFT_OR_HARD(EHOSTDOWN, ISC_R_HOSTDOWN);
/* HPUX 11.11 can return EADDRNOTAVAIL. */
SOFT_OR_HARD(EADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL);
- ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES);
+ SOFT_OR_HARD(ENOBUFS, ISC_R_NORESOURCES);
/* Should never get this one but it was seen. */
#ifdef ENOPROTOOPT
SOFT_OR_HARD(ENOPROTOOPT, ISC_R_HOSTUNREACH);
@@ -1939,7 +1940,7 @@ doio_send(isc__socket_t *sock, isc_socke
ALWAYS_HARD(EHOSTDOWN, ISC_R_HOSTUNREACH);
#endif
ALWAYS_HARD(ENETUNREACH, ISC_R_NETUNREACH);
- ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES);
+ SOFT_OR_HARD(ENOBUFS, ISC_R_NORESOURCES);
ALWAYS_HARD(EPERM, ISC_R_HOSTUNREACH);
ALWAYS_HARD(EPIPE, ISC_R_NOTCONNECTED);
ALWAYS_HARD(ECONNRESET, ISC_R_CONNECTIONRESET);