pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/bind916 net/bind916: update to 9.16.15



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c16777ded256
branches:  trunk
changeset: 451601:c16777ded256
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Apr 29 05:55:54 2021 +0000

description:
net/bind916: update to 9.16.15

Security release.

        --- 9.16.15 released ---

5621.   [bug]           Due to a backporting mistake in change 5609, named
                        binaries built against a Kerberos/GSSAPI library whose
                        header files did not define the GSS_SPNEGO_MECHANISM
                        preprocessor macro were not able to start if their
                        configuration included the "tkey-gssapi-credential"
                        option. This has been fixed. [GL #2634]

5620.   [bug]           If zone journal files written by BIND 9.16.11 or earlier
                        were present when BIND was upgraded, the zone file for
                        that zone could have been inadvertently rewritten with
                        the current zone contents. This caused the original zone
                        file structure (e.g. comments, $INCLUDE directives) to
                        be lost, although the zone data itself was preserved.
                        This has been fixed. [GL #2623]

        --- 9.16.14 released ---

5617.   [security]      A specially crafted GSS-TSIG query could cause a buffer
                        overflow in the ISC implementation of SPNEGO.
                        (CVE-2021-25216) [GL #2604]

5616.   [security]      named crashed when a DNAME record placed in the ANSWER
                        section during DNAME chasing turned out to be the final
                        answer to a client query. (CVE-2021-25215) [GL #2540]

5615.   [security]      Insufficient IXFR checks could result in named serving a
                        zone without an SOA record at the apex, leading to a
                        RUNTIME_CHECK assertion failure when the zone was
                        subsequently refreshed. This has been fixed by adding an
                        owner name check for all SOA records which are included
                        in a zone transfer. (CVE-2021-25214) [GL #2467]

5614.   [bug]           Ensure all resources are properly cleaned up when a call
                        to gss_accept_sec_context() fails. [GL #2620]

5613.   [bug]           It was possible to write an invalid transaction header
                        in the journal file for a managed-keys database after
                        upgrading. This has been fixed. Invalid headers in
                        existing journal files are detected and named is able
                        to recover from them. [GL #2600]

5611.   [func]          Set "stale-answer-client-timeout" to "off" by default.
                        [GL #2608]

5610.   [bug]           Prevent a crash which could happen when a lookup
                        triggered by "stale-answer-client-timeout" was attempted
                        right after recursion for a client query finished.
                        [GL #2594]

5609.   [func]          The ISC implementation of SPNEGO was removed from BIND 9
                        source code. It was no longer necessary as all major
                        contemporary Kerberos/GSSAPI libraries include support
                        for SPNEGO. [GL #2607]

5608.   [bug]           When sending queries over TCP, dig now properly handles
                        "+tries=1 +retry=0" by not retrying the connection when
                        the remote server closes the connection prematurely.
                        [GL #2490]

5607.   [bug]           As "rndc dnssec -checkds" and "rndc dnssec -rollover"
                        commands may affect the next scheduled key event,
                        reconfiguration of zone keys is now triggered after
                        receiving either of these commands to prevent
                        unnecessary key rollover delays. [GL #2488]

5606.   [bug]           CDS/CDNSKEY DELETE records are now removed when a zone
                        transitions from a secure to an insecure state.
                        named-checkzone also no longer reports an error when
                        such records are found in an unsigned zone. [GL #2517]

5605.   [bug]           "dig -u" now uses the CLOCK_REALTIME clock source for
                        more accurate time reporting. [GL #2592]

5603.   [bug]           Fix a memory leak that occurred when named failed to
                        bind a UDP socket to a network interface. [GL #2575]

5602.   [bug]           Fix TCPDNS and TLSDNS timers in Network Manager. This
                        makes the "tcp-initial-timeout" and "tcp-idle-timeout"
                        options work correctly again. [GL #2583]

5601.   [bug]           Zones using KASP could not be thawed after they were
                        frozen using "rndc freeze". This has been fixed.
                        [GL #2523]

diffstat:

 net/bind916/Makefile |   5 ++---
 net/bind916/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diffs (40 lines):

diff -r 58b9fca7ade5 -r c16777ded256 net/bind916/Makefile
--- a/net/bind916/Makefile      Thu Apr 29 05:54:38 2021 +0000
+++ b/net/bind916/Makefile      Thu Apr 29 05:55:54 2021 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2021/04/21 11:42:23 adam Exp $
+# $NetBSD: Makefile,v 1.13 2021/04/29 05:55:54 taca Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
-PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
 EXTRACT_SUFX=  .tar.xz
@@ -16,7 +15,7 @@
 
 MAKE_JOBS_SAFE=        no
 
-BIND_VERSION=  9.16.13
+BIND_VERSION=  9.16.15
 
 BUILD_DEFS+=   BIND_DIR VARBASE
 
diff -r 58b9fca7ade5 -r c16777ded256 net/bind916/distinfo
--- a/net/bind916/distinfo      Thu Apr 29 05:54:38 2021 +0000
+++ b/net/bind916/distinfo      Thu Apr 29 05:55:54 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.11 2021/03/21 04:16:17 taca Exp $
+$NetBSD: distinfo,v 1.12 2021/04/29 05:55:54 taca Exp $
 
-SHA1 (bind-9.16.13.tar.xz) = 5120b0e7fcc8b7d3e1c9d1414c5c3888640c3b40
-RMD160 (bind-9.16.13.tar.xz) = 95ca9bcf95ecf996d3bfe97a2bad602f35a63b3e
-SHA512 (bind-9.16.13.tar.xz) = 1f3c8f54dd2c9e18cd9b67cfebb645d0a8e8f566add07fc4690cb8820bf81640c33b2b0685cb8be095e0f9ac84b2cf78176aea841a30c27d547b569b8353b07b
-Size (bind-9.16.13.tar.xz) = 5028340 bytes
+SHA1 (bind-9.16.15.tar.xz) = 5d68bbd1ff452708d45f2d4ef832faa3a1690fc7
+RMD160 (bind-9.16.15.tar.xz) = 5697b6b0a0d67022f1e279f27c413b739fa2de4d
+SHA512 (bind-9.16.15.tar.xz) = 30dad6e2144b3ac53ef0a2d1ed3c8342120f148fc0eb6409113a6d5ed3444eecb917915fdf39c26fd223396fc1e873410a50da305f0b870864f7fbbdccec8033
+Size (bind-9.16.15.tar.xz) = 5025688 bytes
 SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98
 SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8
 SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb



Home | Main Index | Thread Index | Old Index