Wed Jun 21 14:42:23 2023 UTC ()

net/bind918: update to 9.18.16

9.18.16 (2023-06-21)

Security release:

- CVE-2023-2828
- CVE-2023-2911

6192.	[security]	A query that prioritizes stale data over lookup
			triggers a fetch to refresh the stale data in cache.
			If the fetch is aborted for exceeding the recursion
			quota, it was possible for 'named' to enter an infinite
			callback loop and crash due to stack overflow. This has
			been fixed. (CVE-2023-2911) [GL #4089]

6190.	[security]	Improve the overmem cleaning process to prevent the
			cache going over the configured limit. (CVE-2023-2828)
			[GL #4055]

6188.	[performance]	Reduce memory consumption by allocating properly
			sized send buffers for stream-based transports.
			[GL #4038]

6186.	[bug]		Fix a 'clients-per-query' miscalculation bug. When the
			'stale-answer-enable' options was enabled and the
			'stale-answer-client-timeout' option was enabled and
			larger than 0, named was taking two places from the
			'clients-per-query' limit for each client and was
			failing to gradually auto-tune its value, as configured.
			[GL #4074]

6185.	[func]		Add "ClientQuota" statistics channel counter, which
			indicates the number of the resolver's spilled queries
			due to reaching the clients per query quota. [GL !7978]

6183.	[bug]		Fix a serve-stale bug where a delegation from cache
			could be returned to the client. [GL #3950]

6182.	[cleanup]	Remove configure checks for epoll, kqueue and
			/dev/poll. [GL #4098]

6181.	[func]		The "tkey-dhkey" option has been deprecated; a
			warning will be logged when it is used. In a future
			release, Diffie-Hellman TKEY mode will be removed.
			[GL #3905]

6180.	[bug]		The session key object could be incorrectly added
			to multiple different views' keyrings. [GL #4079]

6179.	[bug]		Fix an interfacemgr use-after-free error in
			zoneconf.c:isself(). [GL #3765]

6176.	[test]		Add support for using pytest & pytest-xdist to
			execute the system test suite. [GL #3978]

6174.	[bug]		BIND could get stuck on reconfiguration when a
			'listen' statement for HTTP is removed from the
			configuration. That has been fixed. [GL #4071]

6173.	[bug]		Properly process extra "nameserver" lines in
			resolv.conf otherwise the next line is not properly
			processed. [GL #4066]

6169.	[bug]		named could crash when deleting inline-signing zones
			with "rndc delzone". [GL #4054]

6165.	[bug]		Fix a logic error in dighost.c which could call the
			dighost_shutdown() callback twice and cause problems
			if the callback function was not idempotent. [GL #4039]


(taca)

diff -r1.11 -r1.12 pkgsrc/net/bind918/Makefile
diff -r1.8 -r1.9 pkgsrc/net/bind918/distinfo

--- pkgsrc/net/bind918/Makefile 2023/05/17 13:43:52 1.11
+++ pkgsrc/net/bind918/Makefile 2023/06/21 14:42:23 1.12

 @@ -1,31 +1,31 @@
-# $NetBSD: Makefile,v 1.11 2023/05/17 13:43:52 taca Exp $
+# $NetBSD: Makefile,v 1.12 2023/06/21 14:42:23 taca Exp $
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
 CATEGORIES=	net
 MASTER_SITES=	https://downloads.isc.org/isc/bind9/${BIND_VERSION}/
 EXTRACT_SUFX=	.tar.xz
 MAINTAINER=	sekiya@NetBSD.org
 HOMEPAGE=	https://www.isc.org/software/bind/
 COMMENT=	Berkeley Internet Name Daemon implementation of DNS, version 9.18
 LICENSE=	mpl-2.0
 CONFLICTS+=	host-[0-9]*
 MAKE_JOBS_SAFE=	no
-BIND_VERSION=	9.18.15
+BIND_VERSION=	9.18.16
 BUILD_DEFS+=	BIND_DIR VARBASE
 .include "options.mk"
 USE_TOOLS+=		aclocal autoconf automake pax perl pkg-config
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
 CHECK_FILES_SKIP=	bin/tests/system/system-test-driver.sh
 MAKE_ENV+=		WRKDIR=${WRKDIR} PREFIX=${PREFIX}
 .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h)
 CONFIGURE_ARGS+=		--disable-linux-caps

--- pkgsrc/net/bind918/distinfo 2023/05/17 13:43:52 1.8
+++ pkgsrc/net/bind918/distinfo 2023/06/21 14:42:23 1.9

 @@ -1,18 +1,18 @@
-$NetBSD: distinfo,v 1.8 2023/05/17 13:43:52 taca Exp $
+$NetBSD: distinfo,v 1.9 2023/06/21 14:42:23 taca Exp $
-BLAKE2s (bind-9.18.15.tar.xz) = 4a38750651940abff9ebcab59aef9e3162899f99e08639729282f790f9ed8c60
+BLAKE2s (bind-9.18.16.tar.xz) = ee1af429db6cb8cc0ed6a993387ab139e14dddb9f96f05e8c3c6ef3c33acaf9c
-SHA512 (bind-9.18.15.tar.xz) = e038574f9c7b1156c8e3049b9b2464421d6d5e53ab09c47dc68d3b66af9cec1eda9f41b2517909573307a5341f8cf14a8c5f5155e8bbfffee4e06ecb61baa8bf
+SHA512 (bind-9.18.16.tar.xz) = 90b510552e8fd0c358a627e32bd840eaafc946a2b3c5c4623d0e24aa167fb99aedd91ed19392a104ed5bfce341d9944bab02c680e19d312b59e6688f9546a1fd
-Size (bind-9.18.15.tar.xz) = 5476876 bytes
+Size (bind-9.18.16.tar.xz) = 5462456 bytes
 SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1
 SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b
 SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
 SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36
 SHA1 (patch-configure.ac) = 65f4255300a0ab3b6b663fe59412570fd7b08675
 SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3
 SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6
 SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163
 SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3
 SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2
 SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c
 SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0
 SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309