net/bind918: update to 9.18.16 9.18.16 (2023-06-21) Security release: - CVE-2023-2828 - CVE-2023-2911 6192. [security] A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for 'named' to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089] 6190. [security] Improve the overmem cleaning process to prevent the cache going over the configured limit. (CVE-2023-2828) [GL #4055] 6188. [performance] Reduce memory consumption by allocating properly sized send buffers for stream-based transports. [GL #4038] 6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the 'stale-answer-enable' options was enabled and the 'stale-answer-client-timeout' option was enabled and larger than 0, named was taking two places from the 'clients-per-query' limit for each client and was failing to gradually auto-tune its value, as configured. [GL #4074] 6185. [func] Add "ClientQuota" statistics channel counter, which indicates the number of the resolver's spilled queries due to reaching the clients per query quota. [GL !7978] 6183. [bug] Fix a serve-stale bug where a delegation from cache could be returned to the client. [GL #3950] 6182. [cleanup] Remove configure checks for epoll, kqueue and /dev/poll. [GL #4098] 6181. [func] The "tkey-dhkey" option has been deprecated; a warning will be logged when it is used. In a future release, Diffie-Hellman TKEY mode will be removed. [GL #3905] 6180. [bug] The session key object could be incorrectly added to multiple different views' keyrings. [GL #4079] 6179. [bug] Fix an interfacemgr use-after-free error in zoneconf.c:isself(). [GL #3765] 6176. [test] Add support for using pytest & pytest-xdist to execute the system test suite. [GL #3978] 6174. [bug] BIND could get stuck on reconfiguration when a 'listen' statement for HTTP is removed from the configuration. That has been fixed. [GL #4071] 6173. [bug] Properly process extra "nameserver" lines in resolv.conf otherwise the next line is not properly processed. [GL #4066] 6169. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [GL #4054] 6165. [bug] Fix a logic error in dighost.c which could call the dighost_shutdown() callback twice and cause problems if the callback function was not idempotent. [GL #4039]diff -r1.11 -r1.12 pkgsrc/net/bind918/Makefile
(taca)
@@ -1,31 +1,31 @@ | @@ -1,31 +1,31 @@ | |||
1 | # $NetBSD: Makefile,v 1.11 2023/05/17 13:43:52 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.12 2023/06/21 14:42:23 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | CATEGORIES= net | 5 | CATEGORIES= net | |
6 | MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/ | 6 | MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/ | |
7 | EXTRACT_SUFX= .tar.xz | 7 | EXTRACT_SUFX= .tar.xz | |
8 | 8 | |||
9 | MAINTAINER= sekiya@NetBSD.org | 9 | MAINTAINER= sekiya@NetBSD.org | |
10 | HOMEPAGE= https://www.isc.org/software/bind/ | 10 | HOMEPAGE= https://www.isc.org/software/bind/ | |
11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.18 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.18 | |
12 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
13 | 13 | |||
14 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
15 | 15 | |||
16 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
17 | 17 | |||
18 | BIND_VERSION= 9.18.15 | 18 | BIND_VERSION= 9.18.16 | |
19 | 19 | |||
20 | BUILD_DEFS+= BIND_DIR VARBASE | 20 | BUILD_DEFS+= BIND_DIR VARBASE | |
21 | 21 | |||
22 | .include "options.mk" | 22 | .include "options.mk" | |
23 | 23 | |||
24 | USE_TOOLS+= aclocal autoconf automake pax perl pkg-config | 24 | USE_TOOLS+= aclocal autoconf automake pax perl pkg-config | |
25 | USE_LIBTOOL= yes | 25 | USE_LIBTOOL= yes | |
26 | GNU_CONFIGURE= yes | 26 | GNU_CONFIGURE= yes | |
27 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | 27 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | |
28 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | 28 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | |
29 | 29 | |||
30 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | 30 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | |
31 | CONFIGURE_ARGS+= --disable-linux-caps | 31 | CONFIGURE_ARGS+= --disable-linux-caps |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.8 2023/05/17 13:43:52 taca Exp $ | 1 | $NetBSD: distinfo,v 1.9 2023/06/21 14:42:23 taca Exp $ | |
2 | 2 | |||
3 | BLAKE2s (bind-9.18.15.tar.xz) = 4a38750651940abff9ebcab59aef9e3162899f99e08639729282f790f9ed8c60 | 3 | BLAKE2s (bind-9.18.16.tar.xz) = ee1af429db6cb8cc0ed6a993387ab139e14dddb9f96f05e8c3c6ef3c33acaf9c | |
4 | SHA512 (bind-9.18.15.tar.xz) = e038574f9c7b1156c8e3049b9b2464421d6d5e53ab09c47dc68d3b66af9cec1eda9f41b2517909573307a5341f8cf14a8c5f5155e8bbfffee4e06ecb61baa8bf | 4 | SHA512 (bind-9.18.16.tar.xz) = 90b510552e8fd0c358a627e32bd840eaafc946a2b3c5c4623d0e24aa167fb99aedd91ed19392a104ed5bfce341d9944bab02c680e19d312b59e6688f9546a1fd | |
5 | Size (bind-9.18.15.tar.xz) = 5476876 bytes | 5 | Size (bind-9.18.16.tar.xz) = 5462456 bytes | |
6 | SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 | 6 | SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 | |
7 | SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b | 7 | SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b | |
8 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | 8 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | |
9 | SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 | 9 | SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 | |
10 | SHA1 (patch-configure.ac) = 65f4255300a0ab3b6b663fe59412570fd7b08675 | 10 | SHA1 (patch-configure.ac) = 65f4255300a0ab3b6b663fe59412570fd7b08675 | |
11 | SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3 | 11 | SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3 | |
12 | SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6 | 12 | SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6 | |
13 | SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163 | 13 | SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163 | |
14 | SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3 | 14 | SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3 | |
15 | SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2 | 15 | SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2 | |
16 | SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c | 16 | SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c | |
17 | SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0 | 17 | SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0 | |
18 | SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309 | 18 | SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309 |