net/bind916: update to 9.16.20 This update contains security fix: CVE-2021-25218. --- 9.16.20 released --- 5689. [security] An assertion failure occurred when named attempted to send a UDP packet that exceeded the MTU size, if Response Rate Limiting (RRL) was enabled. (CVE-2021-25218) [GL #2856] 5688. [bug] Zones using KASP and inline-signed zones failed to apply changes from the unsigned zone to the signed zone under certain circumstances. This has been fixed. [GL #2735] 5687. [bug] "rndc reload <zonename>" could trigger a redundant reload for an inline-signed zone whose zone file was not modified since the last "rndc reload". This has been fixed. [GL #2855] 5686. [func] The number of internal data structures allocated for each zone was reduced. [GL #2829] 5685. [bug] named failed to check the opcode of responses when performing zone refreshes, stub zone updates, and UPDATE forwarding. This has been fixed. [GL #2762] 5682. [bug] Some changes to "zone-statistics" settings were not properly processed by "rndc reconfig". This has been fixed. [GL #2820] 5681. [func] Relax the checks in the dns_zone_cdscheck() function to allow CDS and CDNSKEY records in the zone that do not match an existing DNSKEY record, as long as the algorithm matches. This allows a clean rollover from one provider to another in a multi-signer DNSSEC configuration. [GL #2710] 5679. [func] Thread affinity is no longer set. [GL #2822] 5678. [bug] The "check DS" code failed to release all resources upon named shutdown when a refresh was in progress. This has been fixed. [GL #2811] 5672. [bug] Authentication of rndc messages could fail if a "controls" statement was configured with multiple key algorithms for the same listener. This has been fixed. [GL #2756]diff -r1.23 -r1.24 pkgsrc/net/bind916/Makefile
(taca)
@@ -1,31 +1,31 @@ | @@ -1,31 +1,31 @@ | |||
1 | # $NetBSD: Makefile,v 1.23 2021/08/02 18:45:35 jklos Exp $ | 1 | # $NetBSD: Makefile,v 1.24 2021/08/19 03:33:49 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | CATEGORIES= net | 5 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
7 | EXTRACT_SUFX= .tar.xz | 7 | EXTRACT_SUFX= .tar.xz | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= https://www.isc.org/software/bind/ | 10 | HOMEPAGE= https://www.isc.org/software/bind/ | |
11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16 | |
12 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
13 | 13 | |||
14 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
15 | 15 | |||
16 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
17 | 17 | |||
18 | BIND_VERSION= 9.16.19 | 18 | BIND_VERSION= 9.16.20 | |
19 | 19 | |||
20 | BUILD_DEFS+= BIND_DIR VARBASE | 20 | BUILD_DEFS+= BIND_DIR VARBASE | |
21 | 21 | |||
22 | .include "options.mk" | 22 | .include "options.mk" | |
23 | 23 | |||
24 | USE_TOOLS+= autoconf pax perl pkg-config | 24 | USE_TOOLS+= autoconf pax perl pkg-config | |
25 | USE_LIBTOOL= yes | 25 | USE_LIBTOOL= yes | |
26 | GNU_CONFIGURE= yes | 26 | GNU_CONFIGURE= yes | |
27 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | 27 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | |
28 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | 28 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | |
29 | 29 | |||
30 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | 30 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | |
31 | CONFIGURE_ARGS+= --disable-linux-caps | 31 | CONFIGURE_ARGS+= --disable-linux-caps |
@@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.19 2021/07/22 13:30:24 he Exp $ | 1 | $NetBSD: distinfo,v 1.20 2021/08/19 03:33:49 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (bind-9.16.19.tar.xz) = c10ee1a30dc340acaa8cefb3925b3d315c82909b | 3 | SHA1 (bind-9.16.20.tar.xz) = 771bbb31ab0bfcf3f50effa0af4df6014853ac86 | |
4 | RMD160 (bind-9.16.19.tar.xz) = b4f9ad228db8658aa2e9aa2fadde218df3913f50 | 4 | RMD160 (bind-9.16.20.tar.xz) = d8104c704a599b9d3bd4247bfe22ea0f8f60e559 | |
5 | SHA512 (bind-9.16.19.tar.xz) = 47a0867a34c73dd939f6e24ab63e1a9cc7ba3e4d42987dbf1be424afe320734587b09b26c3b3371861fe79e3ddc08a81a019bba0cadecf76e20f717103578dca | 5 | SHA512 (bind-9.16.20.tar.xz) = bd4ffcc2589ca8f1ac228576ec11e86f317d5a78d7964a0a7ae70b2fa38831d5bd65c2e8c35d8190502de7139f85d8b080b3b8ee968811a8df78e5761781525d | |
6 | Size (bind-9.16.19.tar.xz) = 5039240 bytes | 6 | Size (bind-9.16.20.tar.xz) = 5042196 bytes | |
7 | SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 | 7 | SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 | |
8 | SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 | 8 | SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 | |
9 | SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb | 9 | SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb | |
10 | SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb | 10 | SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb | |
11 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | 11 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | |
12 | SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d | 12 | SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d | |
13 | SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e | 13 | SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e | |
14 | SHA1 (patch-bin_tools_arpaname.c) = 868da4454d06dc823680cf06a764fa40b8474708 | 14 | SHA1 (patch-bin_tools_arpaname.c) = 868da4454d06dc823680cf06a764fa40b8474708 | |
15 | SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 | 15 | SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 | |
16 | SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537 | 16 | SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537 | |
17 | SHA1 (patch-config.h.in) = fb0396429bd68bb3bf478cb1da67736592208702 | 17 | SHA1 (patch-config.h.in) = fb0396429bd68bb3bf478cb1da67736592208702 | |
18 | SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073 | 18 | SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073 | |
19 | SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 | 19 | SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 |