Thu Nov 21 05:38:21 2019 UTC ()
net/bind911: update to 9.11.13

Update bind911 to 9.11.3.  It includes fix for CVS-2019-6477.

	--- 9.11.13 released ---

5315.	[bug]		Apply the inital RRSIG expiration spread fixed
			to all dynamically created records in the zone
			including NSEC3. Also fix the signature clusters
			when the server has been offline for prolonged
			period of times. [GL #1256]

5314.	[func]		Added a new statistics variable "tcp-highwater"
			that reports the maximum number of simultaneous TCP
			clients BIND has handled while running. [GL #1206]

5313.	[bug]		The default GeoIP2 database location did not match
			the ARM.  'named -V' now reports the default
			location. [GL #1301]

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

5309.	[bug]		"geoip-use-ecs yes;" was not working for GeoIP2.
			[GL #1275]

5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
			at ERROR level in receive_secure_serial(). [GL #1288]

5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
			Thanks to Tony Finch. [GL !2481]

5306.	[security]	Set a limit on the number of concurrently served
			pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5302.	[bug]		Fix checking that "dnstap-output" is defined when
			"dnstap" is specified in a view. [GL #1281]

5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
			acls. [GL #1143]


(taca)
diff -r1.16 -r1.17 pkgsrc/net/bind911/Makefile
diff -r1.12 -r1.13 pkgsrc/net/bind911/distinfo
cvs diff -r1.16 -r1.17 pkgsrc/net/bind911/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/net/bind911/Attic/Makefile 2019/11/03 11:45:30 1.16
+++ pkgsrc/net/bind911/Attic/Makefile 2019/11/21 05:38:21 1.17
@@ -1,30 +1,30 @@ @@ -1,30 +1,30 @@
1# $NetBSD: Makefile,v 1.16 2019/11/03 11:45:30 rillig Exp $ 1# $NetBSD: Makefile,v 1.17 2019/11/21 05:38:21 taca Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
5CATEGORIES= net 5CATEGORIES= net
6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.isc.org/software/bind/ 9HOMEPAGE= http://www.isc.org/software/bind/
10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.11 10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.11
11LICENSE= mpl-2.0 11LICENSE= mpl-2.0
12 12
13CONFLICTS+= host-[0-9]* 13CONFLICTS+= host-[0-9]*
14 14
15MAKE_JOBS_SAFE= no 15MAKE_JOBS_SAFE= no
16 16
17BIND_VERSION= 9.11.12 17BIND_VERSION= 9.11.13
18 18
19.include "../../mk/bsd.prefs.mk" 19.include "../../mk/bsd.prefs.mk"
20 20
21BUILD_DEFS+= BIND_DIR VARBASE 21BUILD_DEFS+= BIND_DIR VARBASE
22 22
23.include "options.mk" 23.include "options.mk"
24 24
25USE_TOOLS+= pax perl 25USE_TOOLS+= pax perl
26USE_LIBTOOL= yes 26USE_LIBTOOL= yes
27GNU_CONFIGURE= yes 27GNU_CONFIGURE= yes
28 28
29CONFIGURE_ARGS+= --with-libtool 29CONFIGURE_ARGS+= --with-libtool
30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
cvs diff -r1.12 -r1.13 pkgsrc/net/bind911/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/net/bind911/Attic/distinfo 2019/10/17 00:48:31 1.12
+++ pkgsrc/net/bind911/Attic/distinfo 2019/11/21 05:38:21 1.13
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1$NetBSD: distinfo,v 1.12 2019/10/17 00:48:31 taca Exp $ 1$NetBSD: distinfo,v 1.13 2019/11/21 05:38:21 taca Exp $
2 2
3SHA1 (bind-9.11.12.tar.gz) = bf154d1029791545a5d5aff42d60bfed71e3b515 3SHA1 (bind-9.11.13.tar.gz) = 550367762a653ac5ed0eb04b316d06517650a925
4RMD160 (bind-9.11.12.tar.gz) = 5304d44a2f52c121b074742f8e6b33ac83facc49 4RMD160 (bind-9.11.13.tar.gz) = d1d14035681abd25d10592c60682501c1aaded38
5SHA512 (bind-9.11.12.tar.gz) = 7e2b9ef4ed5a00c2e5310c932c177887aed330d94eefc87d732dda010f2b71477e2f9d6ea89422ccbc8f6f04ceb83419b758218bcc02f25b34751bad974174e8 5SHA512 (bind-9.11.13.tar.gz) = 6e5289ff231b8d7d2f02ae02a1cf43abff3e507e1d96d8ec002dc71097fc77dc5514762ff1ea5918159c88319b1d5eed78c6dc1a7835173db234d4ee887644bc
6Size (bind-9.11.12.tar.gz) = 8180761 bytes 6Size (bind-9.11.13.tar.gz) = 8370441 bytes
7SHA1 (patch-bin_named_server.c) = 0294d74eb3039049c4672a3de6eb371407bb382d 7SHA1 (patch-bin_named_server.c) = 0294d74eb3039049c4672a3de6eb371407bb382d
8SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = ca2671a5e3216a08a212cf893e070b01705ef9ee 8SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = ca2671a5e3216a08a212cf893e070b01705ef9ee
9SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28 9SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28
10SHA1 (patch-config.threads.in) = 8341bdb11888d3efdde5f115de91b1f46aa40bd0 10SHA1 (patch-config.threads.in) = 8341bdb11888d3efdde5f115de91b1f46aa40bd0
11SHA1 (patch-configure) = 90a15a138931a27bc5b25cac47ca6c277d4bf43f 11SHA1 (patch-configure) = 90a15a138931a27bc5b25cac47ca6c277d4bf43f
12SHA1 (patch-contrib_dlz_config.dlz.in) = 6c53d61aaaf1a952a867e4c4da0194db94f511d7 12SHA1 (patch-contrib_dlz_config.dlz.in) = 6c53d61aaaf1a952a867e4c4da0194db94f511d7
13SHA1 (patch-lib_dns_rbt.c) = 8af91b6d40b591d28d15f7f98c9b7a82df234381 13SHA1 (patch-lib_dns_rbt.c) = 8af91b6d40b591d28d15f7f98c9b7a82df234381
14SHA1 (patch-lib_dns_view.c) = 39e71fe6a407e4f9bee49b1ee25adfa0ba74b338 14SHA1 (patch-lib_dns_view.c) = 39e71fe6a407e4f9bee49b1ee25adfa0ba74b338
15SHA1 (patch-lib_isc_unix_socket.c) = a36e24f530c4a462b782ad7cce784fd4648dded3 15SHA1 (patch-lib_isc_unix_socket.c) = a36e24f530c4a462b782ad7cce784fd4648dded3
16SHA1 (patch-lib_lwres_getaddrinfo.c) = 1956a857c1b158dbe95c46d90ab406e0030e321e 16SHA1 (patch-lib_lwres_getaddrinfo.c) = 1956a857c1b158dbe95c46d90ab406e0030e321e
17SHA1 (patch-lib_lwres_getnameinfo.c) = 67cece0c9b7077dc48fcae15bcab426e8e82a506 17SHA1 (patch-lib_lwres_getnameinfo.c) = 67cece0c9b7077dc48fcae15bcab426e8e82a506