Thu Nov 21 05:37:06 2019 UTC ()
net/bind914: update to 9.14.8

Update bind914 to 9.14.8.  It includes fix for CVS-2019-6477.

        --- 9.14.8 released ---

5315.	[bug]		Apply the inital RRSIG expiration spread fixed
			to all dynamically created records in the zone
			including NSEC3. Also fix the signature clusters
			when the server has been offline for prolonged
			period of times. [GL #1256]

5314.	[func]		Added a new statistics variable "tcp-highwater"
			that reports the maximum number of simultaneous TCP
			clients BIND has handled while running. [GL #1206]

5313.	[bug]		The default GeoIP2 database location did not match
			the ARM.  'named -V' now reports the default
			location. [GL #1301]

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
			at ERROR level in receive_secure_serial(). [GL #1288]

5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
			Thanks to Tony Finch. [GL !2481]

5306.	[security]	Set a limit on the number of concurrently served
			pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
			disabled by default because it was found to have
			a significant performance impact on the recursive
			service. [GL #1265]

5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
			[GL #876]

5302.	[bug]		Fix checking that "dnstap-output" is defined when
			"dnstap" is specified in a view. [GL #1281]

5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
			acls. [GL #1143]


(taca)
diff -r1.13 -r1.14 pkgsrc/net/bind914/Makefile
diff -r1.10 -r1.11 pkgsrc/net/bind914/distinfo
diff -r1.3 -r1.4 pkgsrc/net/bind914/patches/patch-lib_isc_stats.c
cvs diff -r1.13 -r1.14 pkgsrc/net/bind914/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/net/bind914/Attic/Makefile 2019/11/03 11:45:30 1.13
+++ pkgsrc/net/bind914/Attic/Makefile 2019/11/21 05:37:06 1.14
@@ -1,30 +1,30 @@ @@ -1,30 +1,30 @@
1# $NetBSD: Makefile,v 1.13 2019/11/03 11:45:30 rillig Exp $ 1# $NetBSD: Makefile,v 1.14 2019/11/21 05:37:06 taca Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
5CATEGORIES= net 5CATEGORIES= net
6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.isc.org/software/bind/ 9HOMEPAGE= http://www.isc.org/software/bind/
10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.14 10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.14
11LICENSE= mpl-2.0 11LICENSE= mpl-2.0
12 12
13CONFLICTS+= host-[0-9]* 13CONFLICTS+= host-[0-9]*
14 14
15MAKE_JOBS_SAFE= no 15MAKE_JOBS_SAFE= no
16 16
17BIND_VERSION= 9.14.7 17BIND_VERSION= 9.14.8
18 18
19.include "../../mk/bsd.prefs.mk" 19.include "../../mk/bsd.prefs.mk"
20 20
21BUILD_DEFS+= BIND_DIR VARBASE 21BUILD_DEFS+= BIND_DIR VARBASE
22 22
23.include "options.mk" 23.include "options.mk"
24 24
25USE_TOOLS+= pax perl 25USE_TOOLS+= pax perl
26USE_LIBTOOL= yes 26USE_LIBTOOL= yes
27GNU_CONFIGURE= yes 27GNU_CONFIGURE= yes
28 28
29CONFIGURE_ARGS+= --with-libtool 29CONFIGURE_ARGS+= --with-libtool
30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
cvs diff -r1.10 -r1.11 pkgsrc/net/bind914/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/net/bind914/Attic/distinfo 2019/10/24 12:50:36 1.10
+++ pkgsrc/net/bind914/Attic/distinfo 2019/11/21 05:37:06 1.11
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1$NetBSD: distinfo,v 1.10 2019/10/24 12:50:36 otis Exp $ 1$NetBSD: distinfo,v 1.11 2019/11/21 05:37:06 taca Exp $
2 2
3SHA1 (bind-9.14.7.tar.gz) = ab0b14f4fe6a818fb15673ea9cef3eead8f6a94b 3SHA1 (bind-9.14.8.tar.gz) = c8481fd5fe061abd87a5a98e19c9a797330c7a76
4RMD160 (bind-9.14.7.tar.gz) = 6caf6e1a7ea03e311c6bcdd1cca63547e230f86b 4RMD160 (bind-9.14.8.tar.gz) = fa1b039caaa96e46d528816d4b1c7b80b8da6d21
5SHA512 (bind-9.14.7.tar.gz) = e1837ebfbbc60487f5f0e67fb9e935588fd6e5ffe55cdc9dc77e3ce63cd6fc4f076f4eb282cc4f51701ddda3e51e8f15255db5a3841f9fe92a4fb4207d806740 5SHA512 (bind-9.14.8.tar.gz) = eb52760982ebd246e6e1945684771193fc7364324a6d6a95a0cae33afa0a4fa24ffe8313b5f9094420c7c2ec932b1b1a9fb19f6e673ff3c5583ab5e3ff04eb6a
6Size (bind-9.14.7.tar.gz) = 6320994 bytes 6Size (bind-9.14.8.tar.gz) = 6403140 bytes
7SHA1 (patch-bin_named_Makefile.in) = 741e3708c670baaec45446f6bb364ada448ae330 7SHA1 (patch-bin_named_Makefile.in) = 741e3708c670baaec45446f6bb364ada448ae330
8SHA1 (patch-bin_named_main.c) = 51c8ab464a009575b6513c7ed4b79f89446eb7d0 8SHA1 (patch-bin_named_main.c) = 51c8ab464a009575b6513c7ed4b79f89446eb7d0
9SHA1 (patch-bin_named_pfilter.c) = b54f872c883c8fbc2d9c04df65c185dc057cc36b 9SHA1 (patch-bin_named_pfilter.c) = b54f872c883c8fbc2d9c04df65c185dc057cc36b
10SHA1 (patch-bin_named_pfilter.h) = c14617cb266a4b5d33ba6e5db98562e806792833 10SHA1 (patch-bin_named_pfilter.h) = c14617cb266a4b5d33ba6e5db98562e806792833
11SHA1 (patch-bin_named_server.c) = 558088a1e1128e7a69394d66bfff03a5b3b62ee8 11SHA1 (patch-bin_named_server.c) = 558088a1e1128e7a69394d66bfff03a5b3b62ee8
12SHA1 (patch-bin_nsupdate_nsupdate.c) = f71213385ec7c78243c1f93a6940caa111cb5072 12SHA1 (patch-bin_nsupdate_nsupdate.c) = f71213385ec7c78243c1f93a6940caa111cb5072
13SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e 13SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
14SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28 14SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28
15SHA1 (patch-bin_tests_system_rpz_tests.sh) = 1bc5e0d5c0cc50608e6314c2d2664bd1dc3f6e34 15SHA1 (patch-bin_tests_system_rpz_tests.sh) = 1bc5e0d5c0cc50608e6314c2d2664bd1dc3f6e34
16SHA1 (patch-bin_tools_arpaname.c) = 2bf3ccf81a0f89ced34f5e32419dee314601e0c0 16SHA1 (patch-bin_tools_arpaname.c) = 2bf3ccf81a0f89ced34f5e32419dee314601e0c0
17SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 17SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3
18SHA1 (patch-config.h.in) = 0720dd6303293b32c1e5f0357fa3cd02f00068e4 18SHA1 (patch-config.h.in) = 0720dd6303293b32c1e5f0357fa3cd02f00068e4
19SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 19SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5
@@ -24,17 +24,17 @@ SHA1 (patch-lib_dns_dnsrps.c) = bddd1e3e @@ -24,17 +24,17 @@ SHA1 (patch-lib_dns_dnsrps.c) = bddd1e3e
24SHA1 (patch-lib_dns_gssapi__link.c) = d3ab9b8421f64f6bfbd3b94620e816f3e23f0d49 24SHA1 (patch-lib_dns_gssapi__link.c) = d3ab9b8421f64f6bfbd3b94620e816f3e23f0d49
25SHA1 (patch-lib_dns_keytable.c) = 4369b07b75201d2f7384f05d8a3140a809d303ae 25SHA1 (patch-lib_dns_keytable.c) = 4369b07b75201d2f7384f05d8a3140a809d303ae
26SHA1 (patch-lib_dns_lookup.c) = 8e8e78e20a8e78692772d488e842df230e121203 26SHA1 (patch-lib_dns_lookup.c) = 8e8e78e20a8e78692772d488e842df230e121203
27SHA1 (patch-lib_dns_message.c) = 0be413cf8b56ce21bcceb451191cacf9d044fa06 27SHA1 (patch-lib_dns_message.c) = 0be413cf8b56ce21bcceb451191cacf9d044fa06
28SHA1 (patch-lib_dns_rbt.c) = 5b20fe8adf2fdf5b28822d0b5229845494c9639f 28SHA1 (patch-lib_dns_rbt.c) = 5b20fe8adf2fdf5b28822d0b5229845494c9639f
29SHA1 (patch-lib_dns_rbtdb.c) = 389a83f425050733cb90652ffcb515d7a53d76f2 29SHA1 (patch-lib_dns_rbtdb.c) = 389a83f425050733cb90652ffcb515d7a53d76f2
30SHA1 (patch-lib_dns_request.c) = 211e349ddda1e5a2bbafab7ddab48cca4b553822 30SHA1 (patch-lib_dns_request.c) = 211e349ddda1e5a2bbafab7ddab48cca4b553822
31SHA1 (patch-lib_dns_sdb.c) = 0e5ab9fadcdd20adeb6d5d3234b69087ab7439c8 31SHA1 (patch-lib_dns_sdb.c) = 0e5ab9fadcdd20adeb6d5d3234b69087ab7439c8
32SHA1 (patch-lib_dns_sdlz.c) = 84cc9539cb8fab3581feec2184be2dbebfc6fd67 32SHA1 (patch-lib_dns_sdlz.c) = 84cc9539cb8fab3581feec2184be2dbebfc6fd67
33SHA1 (patch-lib_dns_spnego.c) = 2867212608ebdb949c65d1d6a3db21742c1128f6 33SHA1 (patch-lib_dns_spnego.c) = 2867212608ebdb949c65d1d6a3db21742c1128f6
34SHA1 (patch-lib_dns_validator.c) = 7d7471efe5109f5b2d6f9e99fe15fa314fdd217d 34SHA1 (patch-lib_dns_validator.c) = 7d7471efe5109f5b2d6f9e99fe15fa314fdd217d
35SHA1 (patch-lib_dns_view.c) = 25095827adbc75dc629b0f435dbd711b599c86c9 35SHA1 (patch-lib_dns_view.c) = 25095827adbc75dc629b0f435dbd711b599c86c9
36SHA1 (patch-lib_isc_backtrace.c) = 5fa1dd0f18ae757233d9cc21e36a5f6a84990db1 36SHA1 (patch-lib_isc_backtrace.c) = 5fa1dd0f18ae757233d9cc21e36a5f6a84990db1
37SHA1 (patch-lib_isc_stats.c) = 9857f640fb0becfab1a7f347f835610230bd3279 37SHA1 (patch-lib_isc_stats.c) = 3762657c325fa9f6d5b4dda4b0ad3f8546b50212
38SHA1 (patch-lib_isc_unix_net.c) = a8779d7e51c3a54f5dada1396abe10eb77ff0df9 38SHA1 (patch-lib_isc_unix_net.c) = a8779d7e51c3a54f5dada1396abe10eb77ff0df9
39SHA1 (patch-lib_isc_unix_socket.c) = 3325d04decda1d6ecd9e5be34ac5fe4c122466f4 39SHA1 (patch-lib_isc_unix_socket.c) = 3325d04decda1d6ecd9e5be34ac5fe4c122466f4
40SHA1 (patch-lib_isc_unix_time.c) = 04312e043601688aa2b0a09dad1bcb51d9273e9d 40SHA1 (patch-lib_isc_unix_time.c) = 04312e043601688aa2b0a09dad1bcb51d9273e9d
cvs diff -r1.3 -r1.4 pkgsrc/net/bind914/patches/Attic/patch-lib_isc_stats.c (expand / switch to unified diff)

--- pkgsrc/net/bind914/patches/Attic/patch-lib_isc_stats.c 2019/07/18 03:02:02 1.3
+++ pkgsrc/net/bind914/patches/Attic/patch-lib_isc_stats.c 2019/11/21 05:37:06 1.4
@@ -1,15 +1,15 @@ @@ -1,15 +1,15 @@
1$NetBSD: patch-lib_isc_stats.c,v 1.3 2019/07/18 03:02:02 taca Exp $ 1$NetBSD: patch-lib_isc_stats.c,v 1.4 2019/11/21 05:37:06 taca Exp $
2 2
3* Platform fixes from NetBSD base system. 3* Platform fixes from NetBSD base system.
4 4
5--- lib/isc/stats.c.orig 2019-07-09 18:15:48.000000000 +0000 5--- lib/isc/stats.c.orig 2019-11-06 21:29:49.000000000 +0000
6+++ lib/isc/stats.c 6+++ lib/isc/stats.c
7@@ -30,7 +30,7 @@ 7@@ -30,7 +30,7 @@
8 #define ISC_STATS_MAGIC ISC_MAGIC('S', 't', 'a', 't') 8 #define ISC_STATS_MAGIC ISC_MAGIC('S', 't', 'a', 't')
9 #define ISC_STATS_VALID(x) ISC_MAGIC_VALID(x, ISC_STATS_MAGIC) 9 #define ISC_STATS_VALID(x) ISC_MAGIC_VALID(x, ISC_STATS_MAGIC)
10  10
11-#if defined(_WIN32) && !defined(_WIN64) 11-#if defined(_WIN32) && !defined(_WIN64)
12+#if (defined(_WIN32) && !defined(_WIN64)) || !defined(_LP64) 12+#if (defined(_WIN32) && !defined(_WIN64)) || !defined(_LP64)
13 typedef atomic_int_fast32_t isc_stat_t; 13 typedef atomic_int_fast32_t isc__atomic_statcounter_t;
14 #else 14 #else
15 typedef atomic_int_fast64_t isc_stat_t; 15 typedef atomic_int_fast64_t isc__atomic_statcounter_t;