Wed Sep 21 12:58:47 2022 UTC ()
Upgrade net/bind916 to version 9.16.33.

OKed by wiz@

Pkgsrc changes:
 * Just checksum updates.

Upstream changes:
        --- 9.16.33 released ---

5962.   [security]      Fix memory leak in EdDSA verify processing.
                        (CVE-2022-38178) [GL #3487]

5961.   [security]      Fix memory leak in ECDSA verify processing.
                        (CVE-2022-38177) [GL #3487]

5960.   [security]      Fix serve-stale crash that could happen when
                        stale-answer-client-timeout was set to 0 and there was
                        a stale CNAME in the cache for an incoming query.
                        (CVE-2022-3080) [GL #3517]

5957.   [security]      Prevent excessive resource use while processing large
                        delegations. (CVE-2022-2795) [GL #3394]

5956.   [func]          Make RRL code treat all QNAMEs that are subject to
                        wildcard processing within a given zone as the same
                        name. [GL #3459]

5955.   [port]          The libxml2 library has deprecated the usage of
                        xmlInitThreads() and xmlCleanupThreads() functions. Use
                        xmlInitParser() and xmlCleanupParser() instead.
                        [GL #3518]

5954.   [func]          Fallback to IDNA2003 processing in dig when IDNA2008
                        conversion fails. [GL #3485]

5953.   [bug]           Fix a crash on shutdown in delete_trace_entry(). Add
                        mctx attach/detach pair to make sure that the memory
                        context used by a memory pool is not destroyed before
                        the memory pool itself. [GL #3515]

5952.   [bug]           Use quotes around address strings in YAML output.
                        [GL #3511]

5951.   [bug]           In some cases, the dnstap query_message field was
                        erroneously set when logging response messages.
                        [GL #3501]

5948.   [bug]           Fix nsec3.c:dns_nsec3_activex() function, add a missing
                        dns_db_detachnode() call. [GL #3500]

5945.   [bug]           If parsing /etc/bind.key failed, delv could assert
                        when trying to parse the built in trust anchors as
                        the parser hadn't been reset. [GL !6468]

5942.   [bug]           Fix tkey.c:buildquery() function's error handling by
                        adding the missing cleanup code. [GL #3492]

5941.   [func]          Zones with dnssec-policy now require dynamic DNS or
                        inline-siging to be configured explicitly. [GL #3381]

5936.   [bug]           Don't enable serve-stale for lookups that error because
                        it is a duplicate query or a query that would be
                        dropped. [GL #2982]


(he)
diff -r1.46 -r1.47 pkgsrc/net/bind916/Makefile
diff -r1.39 -r1.40 pkgsrc/net/bind916/distinfo
cvs diff -r1.46 -r1.47 pkgsrc/net/bind916/Makefile (expand / switch to unified diff)

--- pkgsrc/net/bind916/Makefile 2022/08/17 15:38:28 1.46
+++ pkgsrc/net/bind916/Makefile 2022/09/21 12:58:47 1.47
@@ -1,31 +1,31 @@ @@ -1,31 +1,31 @@
1# $NetBSD: Makefile,v 1.46 2022/08/17 15:38:28 taca Exp $ 1# $NetBSD: Makefile,v 1.47 2022/09/21 12:58:47 he Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
5CATEGORIES= net 5CATEGORIES= net
6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
7EXTRACT_SUFX= .tar.xz 7EXTRACT_SUFX= .tar.xz
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.isc.org/software/bind/ 10HOMEPAGE= https://www.isc.org/software/bind/
11COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16 11COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.16
12LICENSE= mpl-2.0 12LICENSE= mpl-2.0
13 13
14CONFLICTS+= host-[0-9]* 14CONFLICTS+= host-[0-9]*
15 15
16MAKE_JOBS_SAFE= no 16MAKE_JOBS_SAFE= no
17 17
18BIND_VERSION= 9.16.32 18BIND_VERSION= 9.16.33
19 19
20BUILD_DEFS+= BIND_DIR VARBASE 20BUILD_DEFS+= BIND_DIR VARBASE
21 21
22.include "options.mk" 22.include "options.mk"
23 23
24USE_TOOLS+= autoconf pax perl pkg-config 24USE_TOOLS+= autoconf pax perl pkg-config
25USE_LIBTOOL= yes 25USE_LIBTOOL= yes
26GNU_CONFIGURE= yes 26GNU_CONFIGURE= yes
27CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh 27CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh
28MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} 28MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX}
29 29
30.if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) 30.if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h)
31CONFIGURE_ARGS+= --disable-linux-caps 31CONFIGURE_ARGS+= --disable-linux-caps
cvs diff -r1.39 -r1.40 pkgsrc/net/bind916/distinfo (expand / switch to unified diff)

--- pkgsrc/net/bind916/distinfo 2022/08/17 15:38:28 1.39
+++ pkgsrc/net/bind916/distinfo 2022/09/21 12:58:47 1.40
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1$NetBSD: distinfo,v 1.39 2022/08/17 15:38:28 taca Exp $ 1$NetBSD: distinfo,v 1.40 2022/09/21 12:58:47 he Exp $
2 2
3BLAKE2s (bind-9.16.32.tar.xz) = a4188852a2601b1569c6ccd208e3dac46463545dd5484163b2afb6d0ef546ff7 3BLAKE2s (bind-9.16.33.tar.xz) = 9c1b2de183fa637e8edbf76a008ccd5cd13bc78d3762ffbb3451e38c80c7a481
4SHA512 (bind-9.16.32.tar.xz) = 99abedf055901b43e1a85c448ee4c2dd731b7ab77de1454b73c8f9df816aa32262e70e23a8112959d94be990fd4f1c48c36611657ba745670141a7447fd53316 4SHA512 (bind-9.16.33.tar.xz) = 43fd2cea52dfd1115a4cca83830ab5b93208be401cdbbdff2bbf204b8f0d99fb434ad3156d3a21649488cc904ae09f145feba97b9b6918b0cf063ff5e2b10af5
5Size (bind-9.16.32.tar.xz) = 5091860 bytes 5Size (bind-9.16.33.tar.xz) = 5092516 bytes
6SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98 6SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98
7SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8 7SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8
8SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb 8SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb
9SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb 9SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb
10SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d 10SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
11SHA1 (patch-bin_named_unix_os.c) = fe9cde1240107151c5b10ba325c8f994ef76852d 11SHA1 (patch-bin_named_unix_os.c) = fe9cde1240107151c5b10ba325c8f994ef76852d
12SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d 12SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d
13SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e 13SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
14SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3 14SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3
15SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537 15SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537
16SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 16SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36
17SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073 17SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073
18SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5 18SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5