net/bind916: update to 9.16.22 This release contains security fix. --- 9.16.22 released --- 5736. [security] The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. (CVE-2021-25219) [GL #2899] 5724. [bug] Address a potential deadlock when checking zone content consistency. [GL #2908] 5723. [bug] Change 5709 broke backward compatibility for the "check-names master ..." and "check-names slave ..." options. This has been fixed. [GL #2911] 5720. [contrib] Old-style DLZ drivers that had to be enabled at build-time have been marked as deprecated. [GL #2814] 5719. [func] The "map" zone file format has been marked as deprecated. [GL #2882] 5717. [func] The "cache-file" option, which was documented as "for testing purposes only" and not to be used, has been removed. [GL #2903] 5716. [bug] Multiple library names were mistakenly passed to the krb5-config utility when ./configure was invoked with the --with-gssapi=[/path/to/]krb5-config option. This has been fixed by invoking krb5-config separately for each required library. [GL #2866] 5715. [func] Add a check for ports specified in "*-source(-v6)" options clashing with a global listening port. Such a configuration was already unsupported, but it failed silently; it is now treated as an error. [GL #2888] 5714. [bug] Remove the "adjust interface" mechanism which was responsible for setting up listeners on interfaces when the "*-source(-v6)" address and port were the same as the "listen-on(-v6)" address and port. Such a configuration is no longer supported; under certain timing conditions, that mechanism could prevent named from listening on some TCP ports. This has been fixed. [GL #2852] 5712. [doc] Add deprecation notice about removing native PKCS#11 support in the next major BIND 9 release. [GL #2691]diff -r1.28 -r1.29 pkgsrc/net/bind916/Makefile
(taca)
@@ -1,32 +1,31 @@ | @@ -1,32 +1,31 @@ | |||
1 | # $NetBSD: Makefile,v 1.28 2021/10/24 06:40:28 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.29 2021/10/29 06:01:19 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | PKGREVISION= 2 | |||
6 | CATEGORIES= net | 5 | CATEGORIES= net | |
7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
8 | EXTRACT_SUFX= .tar.xz | 7 | EXTRACT_SUFX= .tar.xz | |
9 | 8 | |||
10 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
11 | HOMEPAGE= https://www.isc.org/software/bind/ | 10 | HOMEPAGE= https://www.isc.org/software/bind/ | |
12 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16 | |
13 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
14 | 13 | |||
15 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
16 | 15 | |||
17 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
18 | 17 | |||
19 | BIND_VERSION= 9.16.21 | 18 | BIND_VERSION= 9.16.22 | |
20 | 19 | |||
21 | BUILD_DEFS+= BIND_DIR VARBASE | 20 | BUILD_DEFS+= BIND_DIR VARBASE | |
22 | 21 | |||
23 | .include "options.mk" | 22 | .include "options.mk" | |
24 | 23 | |||
25 | USE_TOOLS+= autoconf pax perl pkg-config | 24 | USE_TOOLS+= autoconf pax perl pkg-config | |
26 | USE_LIBTOOL= yes | 25 | USE_LIBTOOL= yes | |
27 | GNU_CONFIGURE= yes | 26 | GNU_CONFIGURE= yes | |
28 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | 27 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | |
29 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | 28 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | |
30 | 29 | |||
31 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | 30 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | |
32 | CONFIGURE_ARGS+= --disable-linux-caps | 31 | CONFIGURE_ARGS+= --disable-linux-caps |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.25 2021/10/26 11:05:24 nia Exp $ | 1 | $NetBSD: distinfo,v 1.26 2021/10/29 06:01:19 taca Exp $ | |
2 | 2 | |||
3 | BLAKE2s (bind-9.16.21.tar.xz) = 86e609635a167aaa650d2792c79283b2412fa46e665e36cea1501ef6b8175873 | 3 | BLAKE2S (bind-9.16.22.tar.xz) = 4dac285f911a73ff523021ff2b09573b335dc78a166177c0edf48daf3ed5a97d | |
4 | SHA512 (bind-9.16.21.tar.xz) = 2cb71e50600fd7409ca7b7e2e9cf4ef6668b07faad7980ac8060e6a76f30a315182d75534ad1dcfb740c225cdf727b2bd6aa9ceb24ab77ffff09b7b5d6eaca2d | 4 | SHA512 (bind-9.16.22.tar.xz) = 586fb4d5a656d6539033dcdfdd230b36465a2d2e6ada651c1f1548d062a9050e7a962af87e2a56931fe24c65586d29012d4a041dcddbb28f42b4d01fe291d9d1 | |
5 | Size (bind-9.16.21.tar.xz) = 5057816 bytes | 5 | Size (bind-9.16.22.tar.xz) = 5059000 bytes | |
6 | SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 | 6 | SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 | |
7 | SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 | 7 | SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 | |
8 | SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb | 8 | SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb | |
9 | SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb | 9 | SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb | |
10 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | 10 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | |
11 | SHA1 (patch-bin_named_unix_os.c) = fe9cde1240107151c5b10ba325c8f994ef76852d | 11 | SHA1 (patch-bin_named_unix_os.c) = fe9cde1240107151c5b10ba325c8f994ef76852d | |
12 | SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d | 12 | SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d | |
13 | SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e | 13 | SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e | |
14 | SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 | 14 | SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 | |
15 | SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537 | 15 | SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537 | |
16 | SHA1 (patch-config.h.in) = fb0396429bd68bb3bf478cb1da67736592208702 | 16 | SHA1 (patch-config.h.in) = fb0396429bd68bb3bf478cb1da67736592208702 | |
17 | SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073 | 17 | SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073 | |
18 | SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 | 18 | SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 |