pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2012Q1]: pkgsrc/net/bind99 Pullup ticket #3797 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8ff10249a358
branches: pkgsrc-2012Q1
changeset: 602121:8ff10249a358
user: tron <tron%pkgsrc.org@localhost>
date: Tue May 22 09:09:52 2012 +0000
description:
Pullup ticket #3797 - requested by taca
net/bind99/: security update
Revisions pulled up:
- net/bind99/Makefile 1.3-1.4
- net/bind99/PLIST 1.2
- net/bind99/distinfo 1.4
- net/bind99/files/named9.sh 1.2
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.2
- net/bind99/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 12:00:15 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
pkgsrc/net/bind99/files: named9.sh
Log Message:
PR#45780 net/bind99: Fix chroot operation
DNSSEC related, bind99 needs same fix as bind98
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:31:07 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
Removed Files:
pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c
Log Message:
Update biind99 package to 9.9.1.
pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.
Changes from release announce:
Security Fixes
* Windows binary packages distributed by ISC are now built and linked
against OpenSSL 1.0.0i
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* A note will be added to the README in future releases to explain
that the improved scalability provided by using multiple threads
to listen for and process queries (change 3137, RT #22992) does
not provide any performance benefit when running BIND on versions
of the linux kernel that do not include the 'lockless UDP transmit
path' changes that were incorporated in 2.6.39. (Some linux
distributors may have provided this functionality under their
own version numbering systems).
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* named-checkconf now correctly validates dns64 clients acl
definitions. [RT #27631]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Improves DNS64 reverse zone performance. [RT #28563]
* Adds wire format lookup method to sdb. [RT #28563]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Prevents intermittent named crashes following an rndc reload [RT
#28606]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
* Prevents named crashes as a result of dereferencing a NULL pointer
in zmgr_start_xfrin_ifquota if the zone was being removed while
there were zone transfers still pending [RT #28419]
* Corrects a parser bug that could cause named to crash while
reading a malformed zone file. [RT #28467]
* Ensures that when a client recurses its status fields are
consistently set so that named doesn't fail on an INSIST in
client.c:exit_check. [RT #28346]
* Fixed a problem preventing proper use of 64 bit time values in
libbind. [RT # 26542]
* isccc/cc.c:table_fromwire could fail to free an allocated object
on error, leading to a possible memory leak condition. [RT #28265]
* Fixed a build error on systems without ENOTSUP. [RT #28200]
* The header file isc/hmacsha.h is now installed when building
BIND. [RT #28169]
* AAAA responses will no longer be returned in the additional
section when filter-aaaa-on-v4 is in use. (Prior to this change,
they would be returned for some query types). [RT #27292]
diffstat:
net/bind99/Makefile | 5 +-
net/bind99/PLIST | 3 +-
net/bind99/distinfo | 11 ++---
net/bind99/files/named9.sh | 10 +++++-
net/bind99/patches/patch-bin_tests_system_Makefile.in | 4 +-
net/bind99/patches/patch-lib_dns_resolver.c | 34 -------------------
6 files changed, 21 insertions(+), 46 deletions(-)
diffs (139 lines):
diff -r fcb06db8795c -r 8ff10249a358 net/bind99/Makefile
--- a/net/bind99/Makefile Mon May 21 15:52:03 2012 +0000
+++ b/net/bind99/Makefile Tue May 22 09:09:52 2012 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1.2.1 2012/05/03 18:13:43 tron Exp $
+# $NetBSD: Makefile,v 1.1.1.1.2.2 2012/05/22 09:09:52 tron Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
-PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -17,7 +16,7 @@
MAKE_JOBS_SAFE= no
-BIND_VERSION= 9.9.0
+BIND_VERSION= 9.9.1
.include "../../mk/bsd.prefs.mk"
diff -r fcb06db8795c -r 8ff10249a358 net/bind99/PLIST
--- a/net/bind99/PLIST Mon May 21 15:52:03 2012 +0000
+++ b/net/bind99/PLIST Tue May 22 09:09:52 2012 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2012/03/07 14:25:00 taca Exp $
+@comment $NetBSD: PLIST,v 1.1.1.1.2.1 2012/05/22 09:09:52 tron Exp $
bin/dig
bin/host
bin/isc-config.sh
@@ -105,6 +105,7 @@
include/isc/heap.h
include/isc/hex.h
include/isc/hmacmd5.h
+include/isc/hmacsha.h
include/isc/httpd.h
include/isc/int.h
include/isc/interfaceiter.h
diff -r fcb06db8795c -r 8ff10249a358 net/bind99/distinfo
--- a/net/bind99/distinfo Mon May 21 15:52:03 2012 +0000
+++ b/net/bind99/distinfo Tue May 22 09:09:52 2012 +0000
@@ -1,16 +1,15 @@
-$NetBSD: distinfo,v 1.2.2.1 2012/05/03 18:13:43 tron Exp $
+$NetBSD: distinfo,v 1.2.2.2 2012/05/22 09:09:52 tron Exp $
-SHA1 (bind-9.9.0.tar.gz) = 6be77c75c8649088b0ae7124d819b5f412bb0094
-RMD160 (bind-9.9.0.tar.gz) = 5fda36a3aa84062f7936978cb540e8ad3f1c4e08
-Size (bind-9.9.0.tar.gz) = 7114050 bytes
+SHA1 (bind-9.9.1.tar.gz) = c963de85ba6f55d7615471b29b356efe6c844e9c
+RMD160 (bind-9.9.1.tar.gz) = f128445b25de7ac8508ecdb9d78165b9dcf169a0
+Size (bind-9.9.1.tar.gz) = 7092357 bytes
SHA1 (patch-bin_dig_dighost.c) = 186cdc70605242afb0211dc8802ec75677a65614
-SHA1 (patch-bin_tests_system_Makefile.in) = 70fafa764752881f8367222b0a77cdae83c2e0f9
+SHA1 (patch-bin_tests_system_Makefile.in) = 3224a66b7d29f6f17d02de1663c61b5e57b91d20
SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2
SHA1 (patch-configure) = 6a8b709d8369864c397d4315348c9c96753618f6
SHA1 (patch-lib_bind9_Makefile.in) = 89e21d21fa512f11a2fdb8d7455abd5d95f20ba5
SHA1 (patch-lib_dns_Makefile.in) = 1770a8bd86901c618b11d255f3af54748d04b759
SHA1 (patch-lib_dns_rbt.c) = df4b029369d9fa3b250d8505b5f7590e2cd86654
-SHA1 (patch-lib_dns_resolver.c) = 48f17278af67ea8f5a282b1194281c36959a046e
SHA1 (patch-lib_dns_zone.c) = e01378ee95bf7c5b903a2c3a90acf83a3a4cae52
SHA1 (patch-lib_isc_Makefile.in) = 5e0739d19957b1f26bcc24a6c76bcab6248cbff5
SHA1 (patch-lib_isccc_Makefile.in) = a31831872b7724cb84f663ed70a82335d812f95f
diff -r fcb06db8795c -r 8ff10249a358 net/bind99/files/named9.sh
--- a/net/bind99/files/named9.sh Mon May 21 15:52:03 2012 +0000
+++ b/net/bind99/files/named9.sh Tue May 22 09:09:52 2012 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: named9.sh,v 1.1.1.1 2012/03/07 14:25:00 taca Exp $
+# $NetBSD: named9.sh,v 1.1.1.1.2.1 2012/05/22 09:09:52 tron Exp $
#
# PROVIDE: named
@@ -49,6 +49,14 @@
@CP@ -p /etc/localtime "${named_chrootdir}/etc/localtime"
fi
+ if [ -f /usr/lib/engines/libgost.so ]; then
+ if [ ! -d ${named_chrootdir}/usr/lib/engines ]; then
+ @MKDIR@ ${named_chrootdir}/usr/lib/engines
+ fi
+ @CMP@ -s /usr/lib/engines/libgost.so "${named_chrootdir}/usr/lib/engines/libgost.so" || \
+ @CP@ -p /usr/lib/engines/libgost.so "${named_chrootdir}/usr/lib/engines/libgost.so"
+ fi
+
if [ ! -d ${named_chrootdir}@VARBASE@/run/named ]; then
@MKDIR@ ${named_chrootdir}@VARBASE@/run/named
@CHOWN@ @BIND_USER@ ${named_chrootdir}@VARBASE@/run/named
diff -r fcb06db8795c -r 8ff10249a358 net/bind99/patches/patch-bin_tests_system_Makefile.in
--- a/net/bind99/patches/patch-bin_tests_system_Makefile.in Mon May 21 15:52:03 2012 +0000
+++ b/net/bind99/patches/patch-bin_tests_system_Makefile.in Tue May 22 09:09:52 2012 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-bin_tests_system_Makefile.in,v 1.1 2012/03/23 21:25:14 marino Exp $
+$NetBSD: patch-bin_tests_system_Makefile.in,v 1.1.2.1 2012/05/22 09:09:52 tron Exp $
+
+Build fix for DragonFly while linking of driver.so.
--- bin/tests/system/Makefile.in.orig 2011-11-01 18:35:53.000000000 +0000
+++ bin/tests/system/Makefile.in
diff -r fcb06db8795c -r 8ff10249a358 net/bind99/patches/patch-lib_dns_resolver.c
--- a/net/bind99/patches/patch-lib_dns_resolver.c Mon May 21 15:52:03 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-$NetBSD: patch-lib_dns_resolver.c,v 1.1.2.2 2012/05/03 18:13:43 tron Exp $
-
-Prevent segmentation fault in resolver.c: https://kb.isc.org/article/AA-00664
-
---- lib/dns/resolver.c.orig 2012-02-14 23:46:49.000000000 +0000
-+++ lib/dns/resolver.c
-@@ -2166,7 +2166,6 @@ fctx_finddone(isc_task_t *task, isc_even
- isc_boolean_t want_try = ISC_FALSE;
- isc_boolean_t want_done = ISC_FALSE;
- isc_boolean_t bucket_empty = ISC_FALSE;
-- isc_boolean_t destroy = ISC_FALSE;
- unsigned int bucketnum;
-
- find = event->ev_sender;
-@@ -2205,17 +2204,12 @@ fctx_finddone(isc_task_t *task, isc_even
- }
- } else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
- fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
-- /*
-- * Note that we had to wait until we had the lock before
-- * looking at fctx->references.
-- */
-+
- if (fctx->references == 0)
-- destroy = ISC_TRUE;
-+ bucket_empty = fctx_destroy(fctx);
- }
- UNLOCK(&res->buckets[bucketnum].lock);
-
-- if (destroy)
-- bucket_empty = fctx_destroy(fctx);
- isc_event_free(&event);
- dns_adb_destroyfind(&find);
-
Home |
Main Index |
Thread Index |
Old Index