net/bind918: update to 9.18.19 9.18.19 (2023-09-20) 6246. [security] Fix use-after-free error in TLS DNS code when sending data. (CVE-2023-4236) [GL #4242] 6245. [security] Limit the amount of recursion that can be performed by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152] 6244. [bug] Adjust log levels on malformed messages to NOTICE when transferring in a zone. [GL #4290] 6241. [bug] Take into account the possibility of partial TLS writes in TLS DNS code. That helps to prevent DNS messages corruption on long DNS over TLS streams. [GL #4255] 6240. [bug] Use dedicated per-worker thread jemalloc memory arenas for send buffers allocation to reduce memory consumption and avoid lock contention. [GL #4038] 6239. [func] Deprecate the 'dnssec-must-be-secure' option. [GL #3700] 6237. [bug] Address memory leaks due to not clearing OpenSSL error stack. [GL #4159] 6235. [doc] Clarify BIND 9 time formats. [GL #4266] 6234. [bug] Restore stale-refresh-time value after flushing the cache. [GL #4278] 6232. [bug] Following the introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs update rules, removal of nonexistent PTR and SRV records via UPDATE could fail. [GL #4280] 6231. [func] Make nsupdate honor -v for SOA requests if the server is specified. [GL #1181] 6230. [bug] Prevent an unnecessary query restart if a synthesized CNAME target points to the CNAME owner. [GL #3835] 6227. [bug] Check the statistics-channel HTTP Content-length to prevent negative or overflowing values from causing a crash. [GL #4125] 6224. [bug] Check the If-Modified-Since value length to prevent out-of-bounds write. [GL #4124]diff -r1.18 -r1.19 pkgsrc/net/bind918/Makefile
(taca)
@@ -1,31 +1,31 @@ | @@ -1,31 +1,31 @@ | |||
1 | # $NetBSD: Makefile,v 1.18 2023/09/19 16:19:27 he Exp $ | 1 | # $NetBSD: Makefile,v 1.19 2023/09/20 13:37:16 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | CATEGORIES= net | 5 | CATEGORIES= net | |
6 | MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/ | 6 | MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/ | |
7 | EXTRACT_SUFX= .tar.xz | 7 | EXTRACT_SUFX= .tar.xz | |
8 | 8 | |||
9 | MAINTAINER= sekiya@NetBSD.org | 9 | MAINTAINER= sekiya@NetBSD.org | |
10 | HOMEPAGE= https://www.isc.org/bind/ | 10 | HOMEPAGE= https://www.isc.org/bind/ | |
11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.18 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.18 | |
12 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
13 | 13 | |||
14 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
15 | 15 | |||
16 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
17 | 17 | |||
18 | BIND_VERSION= 9.18.18 | 18 | BIND_VERSION= 9.18.19 | |
19 | 19 | |||
20 | BUILD_DEFS+= BIND_DIR VARBASE | 20 | BUILD_DEFS+= BIND_DIR VARBASE | |
21 | 21 | |||
22 | .include "options.mk" | 22 | .include "options.mk" | |
23 | 23 | |||
24 | USE_TOOLS+= aclocal autoconf automake pax perl pkg-config | 24 | USE_TOOLS+= aclocal autoconf automake pax perl pkg-config | |
25 | USE_LIBTOOL= yes | 25 | USE_LIBTOOL= yes | |
26 | # Requires support for C11 atomics. | 26 | # Requires support for C11 atomics. | |
27 | USE_CC_FEATURES+= c11 | 27 | USE_CC_FEATURES+= c11 | |
28 | GNU_CONFIGURE= yes | 28 | GNU_CONFIGURE= yes | |
29 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | 29 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | |
30 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | 30 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | |
31 | 31 |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.11 2023/08/29 14:47:21 taca Exp $ | 1 | $NetBSD: distinfo,v 1.12 2023/09/20 13:37:16 taca Exp $ | |
2 | 2 | |||
3 | BLAKE2s (bind-9.18.18.tar.xz) = 6f7f87ab9cfcb090acf9447e2d75d9949700dad118d09d9bf5e9dfe78585365d | 3 | BLAKE2s (bind-9.18.19.tar.xz) = c264efe37f8f386ecafaa46b689084bf43f74513c07f6fd7dc7435e1617e628c | |
4 | SHA512 (bind-9.18.18.tar.xz) = 8d94ec93915c776b9035bce2c3e707c6fb2fa526dbc3b08211c8265daa2c3c88bde51bec08dc416b5b7ba61604754846c4d1efa3f09eebd23847c417c9dc8760 | 4 | SHA512 (bind-9.18.19.tar.xz) = 51af9a246f23afc9ac9a1ef2d793bc91f43fe835b6c4101ad557799ee3aa4253bd12b2f12d9d101c1ce616e2a852a42c5567b031adaaaf06677fcc11c98cf393 | |
5 | Size (bind-9.18.18.tar.xz) = 5490428 bytes | 5 | Size (bind-9.18.19.tar.xz) = 5508464 bytes | |
6 | SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 | 6 | SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 | |
7 | SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b | 7 | SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b | |
8 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | 8 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | |
9 | SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 | 9 | SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 | |
10 | SHA1 (patch-configure.ac) = 65f4255300a0ab3b6b663fe59412570fd7b08675 | 10 | SHA1 (patch-configure.ac) = 65f4255300a0ab3b6b663fe59412570fd7b08675 | |
11 | SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3 | 11 | SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3 | |
12 | SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6 | 12 | SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6 | |
13 | SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163 | 13 | SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163 | |
14 | SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3 | 14 | SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3 | |
15 | SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2 | 15 | SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2 | |
16 | SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c | 16 | SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c | |
17 | SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0 | 17 | SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0 | |
18 | SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309 | 18 | SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309 |