Fri Oct 29 06:01:19 2021 UTC ()
net/bind916: update to 9.16.22

This release contains security fix.

--- 9.16.22 released ---

5736.	[security]	The "lame-ttl" option is now forcibly set to 0. This
			effectively disables the lame server cache, as it could
			previously be abused by an attacker to significantly
			degrade resolver performance. (CVE-2021-25219)
			[GL #2899]

5724.	[bug]		Address a potential deadlock when checking zone content
			consistency. [GL #2908]

5723.	[bug]		Change 5709 broke backward compatibility for the
			"check-names master ..." and "check-names slave ..."
			options. This has been fixed. [GL #2911]

5720.	[contrib]	Old-style DLZ drivers that had to be enabled at
			build-time have been marked as deprecated. [GL #2814]

5719.	[func]		The "map" zone file format has been marked as
			deprecated. [GL #2882]

5717.	[func]		The "cache-file" option, which was documented as "for
			testing purposes only" and not to be used, has been
			removed. [GL #2903]

5716.	[bug]		Multiple library names were mistakenly passed to the
			krb5-config utility when ./configure was invoked with
			the --with-gssapi=[/path/to/]krb5-config option. This
			has been fixed by invoking krb5-config separately for
			each required library. [GL #2866]

5715.	[func]		Add a check for ports specified in "*-source(-v6)"
			options clashing with a global listening port. Such a
			configuration was already unsupported, but it failed
			silently; it is now treated as an error. [GL #2888]

5714.	[bug]		Remove the "adjust interface" mechanism which was
			responsible for setting up listeners on interfaces when
			the "*-source(-v6)" address and port were the same as
			the "listen-on(-v6)" address and port. Such a
			configuration is no longer supported; under certain
			timing conditions, that mechanism could prevent named
			from listening on some TCP ports. This has been fixed.
			[GL #2852]

5712.	[doc]		Add deprecation notice about removing native PKCS#11
			support in the next major BIND 9 release. [GL #2691]


(taca)
diff -r1.28 -r1.29 pkgsrc/net/bind916/Makefile
diff -r1.25 -r1.26 pkgsrc/net/bind916/distinfo
cvs diff -r1.28 -r1.29 pkgsrc/net/bind916/Makefile (expand / switch to unified diff)

--- pkgsrc/net/bind916/Makefile 2021/10/24 06:40:28 1.28
+++ pkgsrc/net/bind916/Makefile 2021/10/29 06:01:19 1.29
@@ -1,32 +1,31 @@ @@ -1,32 +1,31 @@
1# $NetBSD: Makefile,v 1.28 2021/10/24 06:40:28 taca Exp $ 1# $NetBSD: Makefile,v 1.29 2021/10/29 06:01:19 taca Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
5PKGREVISION= 2 
6CATEGORIES= net 5CATEGORIES= net
7MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
8EXTRACT_SUFX= .tar.xz 7EXTRACT_SUFX= .tar.xz
9 8
10MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
11HOMEPAGE= https://www.isc.org/software/bind/ 10HOMEPAGE= https://www.isc.org/software/bind/
12COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16 11COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16
13LICENSE= mpl-2.0 12LICENSE= mpl-2.0
14 13
15CONFLICTS+= host-[0-9]* 14CONFLICTS+= host-[0-9]*
16 15
17MAKE_JOBS_SAFE= no 16MAKE_JOBS_SAFE= no
18 17
19BIND_VERSION= 9.16.21 18BIND_VERSION= 9.16.22
20 19
21BUILD_DEFS+= BIND_DIR VARBASE 20BUILD_DEFS+= BIND_DIR VARBASE
22 21
23.include "options.mk" 22.include "options.mk"
24 23
25USE_TOOLS+= autoconf pax perl pkg-config 24USE_TOOLS+= autoconf pax perl pkg-config
26USE_LIBTOOL= yes 25USE_LIBTOOL= yes
27GNU_CONFIGURE= yes 26GNU_CONFIGURE= yes
28CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh 27CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh
29MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} 28MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX}
30 29
31.if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) 30.if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h)
32CONFIGURE_ARGS+= --disable-linux-caps 31CONFIGURE_ARGS+= --disable-linux-caps
cvs diff -r1.25 -r1.26 pkgsrc/net/bind916/distinfo (expand / switch to unified diff)

--- pkgsrc/net/bind916/distinfo 2021/10/26 11:05:24 1.25
+++ pkgsrc/net/bind916/distinfo 2021/10/29 06:01:19 1.26
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1$NetBSD: distinfo,v 1.25 2021/10/26 11:05:24 nia Exp $ 1$NetBSD: distinfo,v 1.26 2021/10/29 06:01:19 taca Exp $
2 2
3BLAKE2s (bind-9.16.21.tar.xz) = 86e609635a167aaa650d2792c79283b2412fa46e665e36cea1501ef6b8175873 3BLAKE2S (bind-9.16.22.tar.xz) = 4dac285f911a73ff523021ff2b09573b335dc78a166177c0edf48daf3ed5a97d
4SHA512 (bind-9.16.21.tar.xz) = 2cb71e50600fd7409ca7b7e2e9cf4ef6668b07faad7980ac8060e6a76f30a315182d75534ad1dcfb740c225cdf727b2bd6aa9ceb24ab77ffff09b7b5d6eaca2d 4SHA512 (bind-9.16.22.tar.xz) = 586fb4d5a656d6539033dcdfdd230b36465a2d2e6ada651c1f1548d062a9050e7a962af87e2a56931fe24c65586d29012d4a041dcddbb28f42b4d01fe291d9d1
5Size (bind-9.16.21.tar.xz) = 5057816 bytes 5Size (bind-9.16.22.tar.xz) = 5059000 bytes
6SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 6SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98
7SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 7SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8
8SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb 8SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb
9SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb 9SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb
10SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d 10SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
11SHA1 (patch-bin_named_unix_os.c) = fe9cde1240107151c5b10ba325c8f994ef76852d 11SHA1 (patch-bin_named_unix_os.c) = fe9cde1240107151c5b10ba325c8f994ef76852d
12SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d 12SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d
13SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e 13SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
14SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 14SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3
15SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537 15SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537
16SHA1 (patch-config.h.in) = fb0396429bd68bb3bf478cb1da67736592208702 16SHA1 (patch-config.h.in) = fb0396429bd68bb3bf478cb1da67736592208702
17SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073 17SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073
18SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 18SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5