pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2024Q2] pkgsrc/net/bind918
Module Name: pkgsrc
Committed By: spz
Date: Sun Jul 28 13:17:32 UTC 2024
Modified Files:
pkgsrc/net/bind918 [pkgsrc-2024Q2]: Makefile buildlink3.mk distinfo
options.mk
Log Message:
Pullup ticket #6882 - requested by taca
net/bind918: security update
Revisions pulled up:
- net/bind918/Makefile 1.34
- net/bind918/buildlink3.mk 1.3
- net/bind918/distinfo 1.20
- net/bind918/options.mk 1.3-1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Jul 22 18:09:01 UTC 2024
Modified Files:
pkgsrc/net/bind918: buildlink3.mk options.mk
Log Message:
bind918: use gssapi as an option; that fixes builds when krb5-config is installed but not buildlinked
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind918/buildlink3.mk \
pkgsrc/net/bind918/options.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Jul 22 19:07:58 UTC 2024
Modified Files:
pkgsrc/net/bind918: options.mk
Log Message:
bind918: use KRB5_CONFIG
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/options.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 23 13:50:32 UTC 2024
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.28
9.18.28 (2024-07-23)
6404. [security] Remove SIG(0) support from named as a countermeasure
for CVE-2024-1975. [GL #4480]
6403. [security] qctx-zversion was not being cleared when it should have
been leading to an assertion failure if it needed to be
reused. (CVE-2024-4076) [GL #4507]
6401. [security] An excessively large number of rrtypes per owner can
slow down database query processing, so a limit has been
placed on the number of rrtypes that can be stored per
owner (node) in a cache or zone database. This is
configured with the new "max-rrtypes-per-name" option,
and defaults to 100. (CVE-2024-1737)
[GL #3403] [GL #4548]
6400. [security] Excessively large rdatasets can slow down database
query processing, so a limit has been placed on the
number of records that can be stored per rdataset
in a cache or zone database. This is configured
with the new "max-records-per-type" option, and
defaults to 100. (CVE-2024-1737)
[GL #497] [GL #3405]
6399. [security] Malicious DNS client that sends many queries over
TCP but never reads responses can cause server to
respond slowly or not respond at all for other
clients. (CVE-2024-0760) [GL #4481]
6398. [bug] Fix potential data races in our DoH implementation
related to HTTP/2 session object management and
endpoints set object management after reconfiguration.
We would like to thank Dzintars and Ivo from nic.lv
for bringing this to our attention. [GL #4473]
6397. [bug] Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for
parent NS records needed to get the DS result.
[GL #4661]
6395. [bug] Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
[GL #4736]
6394. [bug] Named's -4 and -6 options now apply to zone primaries,
also-notify and parental-agents. Report when a zone
has these options configured but does not have an IPv4
or IPv6 address listed respectively. [GL #3472]
6393. [func] Deal with uv_tcp_close_reset() error return codes
more gracefully. [GL #4708]
6392. [bug] Use a completely new memory context when flushing the
cache. [GL #2744]
6391. [bug] TCP client statistics could sometimes fail to decrease
when accepting client connection fails. [GL #4742]
6390. [bug] Fix a data race in isc_task_purgeevent(). [GL !8937]
6389. [bug] dnssec-verify and dnssec-signzone could fail if there
was an obscured DNSKEY RRset at a delegatation.
[GL #4517]
6388. [bug] Prevent an assertion failure caused by passing NULL to
dns_dispatch_resume() when a dns_request times out close
to view shutdown. [GL #4719]
6386. [bug] When shutting down catzs->view could point to freed
memory. Obtain a reference to the view to prevent this.
[GL #4502]
6385. [func] Relax SVCB alias mode checks to allow parameters.
[GL #4704]
6384. [bug] Remove infinite loop when including a directory in a
zone file. [GL #4357]
6383. [bug] Address an infinite loop in $GENERATE when a negative
value was converted in nibble mode. [GL #4353]
6382. [bug] Fix RPZ response's SOA record TTL, which was incorrectly
set to 1 if 'add-soa' is used. [GL #3323]
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/bind918/distinfo
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.33.2.1 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.2 -r1.2.4.1 pkgsrc/net/bind918/buildlink3.mk
cvs rdiff -u -r1.19 -r1.19.2.1 pkgsrc/net/bind918/distinfo
cvs rdiff -u -r1.2 -r1.2.10.1 pkgsrc/net/bind918/options.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/bind918/Makefile
diff -u pkgsrc/net/bind918/Makefile:1.33 pkgsrc/net/bind918/Makefile:1.33.2.1
--- pkgsrc/net/bind918/Makefile:1.33 Wed May 29 16:33:49 2024
+++ pkgsrc/net/bind918/Makefile Sun Jul 28 13:17:32 2024
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2024/05/29 16:33:49 adam Exp $
+# $NetBSD: Makefile,v 1.33.2.1 2024/07/28 13:17:32 spz Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
-PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/
EXTRACT_SUFX= .tar.xz
@@ -16,7 +15,7 @@ CONFLICTS+= host-[0-9]*
MAKE_JOBS_SAFE= no
-BIND_VERSION= 9.18.27
+BIND_VERSION= 9.18.28
BUILD_DEFS+= BIND_DIR VARBASE
Index: pkgsrc/net/bind918/buildlink3.mk
diff -u pkgsrc/net/bind918/buildlink3.mk:1.2 pkgsrc/net/bind918/buildlink3.mk:1.2.4.1
--- pkgsrc/net/bind918/buildlink3.mk:1.2 Fri Jan 5 01:53:35 2024
+++ pkgsrc/net/bind918/buildlink3.mk Sun Jul 28 13:17:32 2024
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.2 2024/01/05 01:53:35 taca Exp $
+# $NetBSD: buildlink3.mk,v 1.2.4.1 2024/07/28 13:17:32 spz Exp $
BUILDLINK_TREE+= bind
@@ -6,7 +6,7 @@ BUILDLINK_TREE+= bind
BIND_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.bind+= bind>=9.18.0
-BUILDLINK_ABI_DEPENDS.bind?= bind>=9.18.21
+BUILDLINK_ABI_DEPENDS.bind+= bind>=9.18.21
BUILDLINK_PKGSRCDIR.bind?= ../../net/bind918
.endif # BIND_BUILDLINK3_MK
Index: pkgsrc/net/bind918/distinfo
diff -u pkgsrc/net/bind918/distinfo:1.19 pkgsrc/net/bind918/distinfo:1.19.2.1
--- pkgsrc/net/bind918/distinfo:1.19 Thu May 16 15:24:13 2024
+++ pkgsrc/net/bind918/distinfo Sun Jul 28 13:17:32 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.19 2024/05/16 15:24:13 taca Exp $
+$NetBSD: distinfo,v 1.19.2.1 2024/07/28 13:17:32 spz Exp $
-BLAKE2s (bind-9.18.27.tar.xz) = dbfa5ee455f75afc9463e0dac4c14a57cc10ce8af65ef9098cdddcd756bdf7f5
-SHA512 (bind-9.18.27.tar.xz) = d0c89821fef38e531d65b465adeb5946589775e6a4d5e2068e969f1106c961d3b202af19247b9e20f9fbde645be10d610478edf89ed0d83b39d38fb4353c693a
-Size (bind-9.18.27.tar.xz) = 5524000 bytes
+BLAKE2s (bind-9.18.28.tar.xz) = f1903d4dcf3d2142c4bcf6ffd279d7c8a4befbd99df3e60a3dadb5430cf6a891
+SHA512 (bind-9.18.28.tar.xz) = 19ba625f155c60dd821e3afe52adf3897b3e81289320282b3f43d604af1e7d4e67fafb98a9849782684935008bcd148f190e05234d501aa056daa6724e0119bb
+Size (bind-9.18.28.tar.xz) = 5533340 bytes
SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1
SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b
SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
Index: pkgsrc/net/bind918/options.mk
diff -u pkgsrc/net/bind918/options.mk:1.2 pkgsrc/net/bind918/options.mk:1.2.10.1
--- pkgsrc/net/bind918/options.mk:1.2 Mon Apr 24 13:48:06 2023
+++ pkgsrc/net/bind918/options.mk Sun Jul 28 13:17:32 2024
@@ -1,10 +1,10 @@
-# $NetBSD: options.mk,v 1.2 2023/04/24 13:48:06 taca Exp $
+# $NetBSD: options.mk,v 1.2.10.1 2024/07/28 13:17:32 spz Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.bind
PKG_SUPPORTED_OPTIONS= bind-dig-sigchase bind-xml-statistics-server
PKG_SUPPORTED_OPTIONS+= bind-json-statistics-server blacklist blocklist
PKG_SUPPORTED_OPTIONS+= threads readline lmdb mysql pgsql ldap dlz-filesystem
-PKG_SUPPORTED_OPTIONS+= geoip tuning dnstap
+PKG_SUPPORTED_OPTIONS+= geoip gssapi tuning dnstap
PKG_SUGGESTED_OPTIONS+= readline
PLIST_VARS+= dnstap lmdb
@@ -89,6 +89,13 @@ LDFLAGS+= -lGeoIP
.include "../../net/GeoIP/buildlink3.mk"
.endif
+.if !empty(PKG_OPTIONS:Mgssapi)
+.include "../../mk/krb5.buildlink3.mk"
+CONFIGURE_ARGS+= --with-gssapi=${KRB5_CONFIG}
+.else
+CONFIGURE_ARGS+= --without-gssapi
+.endif
+
.if !empty(PKG_OPTIONS:Mtuning)
CONFIGURE_ARGS+= --with-tuning=large
.endif
Home |
Main Index |
Thread Index |
Old Index