diff options
| author | Mathieu Arnold <mat@FreeBSD.org> | 2016-03-09 21:21:50 +0000 |
|---|---|---|
| committer | Mathieu Arnold <mat@FreeBSD.org> | 2016-03-09 21:21:50 +0000 |
| commit | cf261fce124a03e6e7e44904de3063d7ebcbe575 (patch) | |
| tree | 14c70180f5ff8efc1dbb50256df64470bb53dfc6 | |
| parent | MFH: r410712 (diff) | |
MFH: r410728
Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot.
Security: CVE-2016-1285
Security: CVE-2016-1286
Security: CVE-2016-2088
Sponsored by: Absolight
Notes
Notes:
svn path=/branches/2016Q1/; revision=410729
| -rw-r--r-- | dns/bind9-devel/Makefile | 4 | ||||
| -rw-r--r-- | dns/bind9-devel/distinfo | 4 | ||||
| -rw-r--r-- | dns/bind9-devel/files/extrapatch-bind-min-override-ttl | 12 | ||||
| -rw-r--r-- | dns/bind9-devel/files/patch-configure | 8 | ||||
| -rw-r--r-- | dns/bind9-devel/pkg-plist | 2 | ||||
| -rw-r--r-- | dns/bind910/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind910/distinfo | 4 | ||||
| -rw-r--r-- | dns/bind910/files/extrapatch-bind-min-override-ttl | 45 | ||||
| -rw-r--r-- | dns/bind99/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind99/distinfo | 8 | ||||
| -rw-r--r-- | dns/bind99/files/extrapatch-bind-min-override-ttl | 12 |
11 files changed, 49 insertions, 54 deletions
diff --git a/dns/bind9-devel/Makefile b/dns/bind9-devel/Makefile index 56d9155bf5a6..2687977180a3 100644 --- a/dns/bind9-devel/Makefile +++ b/dns/bind9-devel/Makefile @@ -19,8 +19,8 @@ COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.0.a20160119 -HASH= fc7bce5 +ISCVERSION= 9.11.0.a20160309 +HASH= 0c7a779 MAKE_JOBS_UNSAFE= yes diff --git a/dns/bind9-devel/distinfo b/dns/bind9-devel/distinfo index f9fa4297a9be..9972d27c76e3 100644 --- a/dns/bind9-devel/distinfo +++ b/dns/bind9-devel/distinfo @@ -1,2 +1,2 @@ -SHA256 (bind9-fc7bce5.tar.gz) = d216744bc16ed494d4fa86288c7194ccea46ca54a7b502b381eef16d788c989f -SIZE (bind9-fc7bce5.tar.gz) = 11010437 +SHA256 (bind9-0c7a779.tar.gz) = 691e2e196f7c286375a540747a06dfe3ca5c62860859e3f728637bd92ebcdb72 +SIZE (bind9-0c7a779.tar.gz) = 11690194 diff --git a/dns/bind9-devel/files/extrapatch-bind-min-override-ttl b/dns/bind9-devel/files/extrapatch-bind-min-override-ttl index 594b6a427d69..a1a60c76ab96 100644 --- a/dns/bind9-devel/files/extrapatch-bind-min-override-ttl +++ b/dns/bind9-devel/files/extrapatch-bind-min-override-ttl @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2015-12-19 01:04:14 UTC +--- bin/named/config.c.orig 2016-03-09 04:02:43 UTC +++ bin/named/config.c @@ -159,6 +159,8 @@ options {\n\ lame-ttl 600;\n\ @@ -9,7 +9,7 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 90%;\n\ ---- bin/named/server.c.orig 2015-12-19 01:04:14 UTC +--- bin/named/server.c.orig 2016-03-09 04:02:43 UTC +++ bin/named/server.c @@ -3022,6 +3022,16 @@ configure_view(dns_view_t *view, dns_vie } @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2015-12-19 01:04:14 UTC +--- lib/dns/include/dns/view.h.orig 2016-03-09 04:02:43 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { isc_boolean_t requestnsid; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2015-12-19 01:04:14 UTC +--- lib/dns/resolver.c.orig 2016-03-09 04:02:43 UTC +++ lib/dns/resolver.c -@@ -5397,6 +5397,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5419,6 +5419,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,7 +60,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2015-12-19 01:04:14 UTC +--- lib/isccfg/namedconf.c.orig 2016-03-09 04:02:43 UTC +++ lib/isccfg/namedconf.c @@ -1677,6 +1677,8 @@ view_clauses[] = { { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, diff --git a/dns/bind9-devel/files/patch-configure b/dns/bind9-devel/files/patch-configure index 24c3f3016d2b..0e90987fd423 100644 --- a/dns/bind9-devel/files/patch-configure +++ b/dns/bind9-devel/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2015-12-15 23:30:08 UTC +--- configure.orig 2016-03-09 04:02:43 UTC +++ configure -@@ -14113,27 +14113,9 @@ done +@@ -14151,27 +14151,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14176,47 +14158,7 @@ $as_echo "no" >&6; } ;; +@@ -14214,47 +14196,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -21870,7 +21812,7 @@ $as_echo "" >&6; } +@@ -21949,7 +21891,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind9-devel/pkg-plist b/dns/bind9-devel/pkg-plist index 254bcfc4d1f2..91518f9cd6e5 100644 --- a/dns/bind9-devel/pkg-plist +++ b/dns/bind9-devel/pkg-plist @@ -379,13 +379,13 @@ man/man8/named-compilezone.8.gz man/man8/named-journalprint.8.gz man/man8/named.8.gz man/man8/nsec3hash.8.gz -man/man8/tsig-keygen.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz man/man8/rndc-confgen.8.gz man/man8/rndc.8.gz +man/man8/tsig-keygen.8.gz sbin/arpaname sbin/ddns-confgen %%PYTHON%%sbin/dnssec-checkds diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile index b4da88044fd9..f508e5686c62 100644 --- a/dns/bind910/Makefile +++ b/dns/bind910/Makefile @@ -29,7 +29,7 @@ COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.3-P3 +ISCVERSION= 9.10.3-P4 MAKE_JOBS_UNSAFE= yes diff --git a/dns/bind910/distinfo b/dns/bind910/distinfo index c7f6725e1944..f39e2ea516ce 100644 --- a/dns/bind910/distinfo +++ b/dns/bind910/distinfo @@ -1,2 +1,2 @@ -SHA256 (bind-9.10.3-P3.tar.gz) = 690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83 -SIZE (bind-9.10.3-P3.tar.gz) = 8527540 +SHA256 (bind-9.10.3-P4.tar.gz) = 2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e +SIZE (bind-9.10.3-P4.tar.gz) = 8529535 diff --git a/dns/bind910/files/extrapatch-bind-min-override-ttl b/dns/bind910/files/extrapatch-bind-min-override-ttl index fa6fd7be34fe..d847787779f0 100644 --- a/dns/bind910/files/extrapatch-bind-min-override-ttl +++ b/dns/bind910/files/extrapatch-bind-min-override-ttl @@ -1,7 +1,6 @@ -diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/config.c ---- bin/named/config.c 2009-05-22 12:24:49.000000000 +0400 -+++ bin/named/config.c 2009-05-22 12:31:35.000000000 +0400 -@@ -129,6 +129,8 @@ +--- bin/named/config.c.orig 2016-02-29 00:29:06 UTC ++++ bin/named/config.c +@@ -151,6 +151,8 @@ options {\n\ min-roots 2;\n\ lame-ttl 600;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ @@ -10,11 +9,10 @@ diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/confi max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ -diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/server.c ---- bin/named/server.c 2009-05-22 12:24:49.000000000 +0400 -+++ bin/named/server.c 2009-05-22 12:32:18.000000000 +0400 -@@ -1727,6 +1727,16 @@ - CHECK(mustbesecure(obj, view->resolver)); +--- bin/named/server.c.orig 2016-02-29 00:29:06 UTC ++++ bin/named/server.c +@@ -2797,6 +2797,16 @@ configure_view(dns_view_t *view, dns_vie + } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); @@ -30,22 +28,20 @@ diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/serve result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); -diff -Nabdur bind-9.6.0-P1.orig/lib/dns/include/dns/view.h bind-9.6.0-P1/lib/dns/include/dns/view.h ---- lib/dns/include/dns/view.h 2009-05-22 12:24:49.000000000 +0400 -+++ lib/dns/include/dns/view.h 2009-05-22 12:29:03.000000000 +0400 -@@ -131,6 +131,8 @@ - isc_boolean_t provideixfr; +--- lib/dns/include/dns/view.h.orig 2016-02-29 00:29:06 UTC ++++ lib/dns/include/dns/view.h +@@ -150,6 +150,8 @@ struct dns_view { isc_boolean_t requestnsid; + isc_boolean_t requestsit; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; - in_port_t dstport; - dns_aclenv_t aclenv; -diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolver.c ---- lib/dns/resolver.c 2009-05-22 12:24:49.000000000 +0400 -+++ lib/dns/resolver.c 2009-05-22 12:30:41.000000000 +0400 -@@ -4054,6 +4054,18 @@ + dns_ttl_t prefetch_trigger; + dns_ttl_t prefetch_eligible; +--- lib/dns/resolver.c.orig 2016-02-29 00:29:06 UTC ++++ lib/dns/resolver.c +@@ -5345,6 +5345,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -64,11 +60,10 @@ diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolve * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) -diff -Nabdur bind-9.6.0-P1.orig/lib/isccfg/namedconf.c bind-9.6.0-P1/lib/isccfg/namedconf.c ---- lib/isccfg/namedconf.c 2009-05-22 12:24:49.000000000 +0400 -+++ lib/isccfg/namedconf.c 2009-05-22 12:31:21.000000000 +0400 -@@ -821,6 +821,8 @@ - { "lame-ttl", &cfg_type_uint32, 0 }, +--- lib/isccfg/namedconf.c.orig 2016-02-29 00:29:06 UTC ++++ lib/isccfg/namedconf.c +@@ -1561,6 +1561,8 @@ view_clauses[] = { + #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizenodefault, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile index e674d1039194..f00f89dd1cf4 100644 --- a/dns/bind99/Makefile +++ b/dns/bind99/Makefile @@ -15,7 +15,7 @@ COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.8-P3 +ISCVERSION= 9.9.8-P4 MAKE_JOBS_UNSAFE= yes diff --git a/dns/bind99/distinfo b/dns/bind99/distinfo index 177e247acc02..4833e8612f89 100644 --- a/dns/bind99/distinfo +++ b/dns/bind99/distinfo @@ -1,4 +1,4 @@ -SHA256 (bind-9.9.8-P3.tar.gz) = 6a489f98dffaf31cfd8b572aa5cc345e8d775758488a4541f2f0c974c8090a07 -SIZE (bind-9.9.8-P3.tar.gz) = 7998476 -SHA256 (9.9.8-P3-rpz2+rl.14038.05.patch.xz) = d886ee7d350b65068c7502e2d925ce675875ed968f3b8c82ad87de5f6843e372 -SIZE (9.9.8-P3-rpz2+rl.14038.05.patch.xz) = 39224 +SHA256 (bind-9.9.8-P4.tar.gz) = 5ed0b852e4d1dc90e10751c7fa70a9ee29a619bad61d97250eac8161009d89f2 +SIZE (bind-9.9.8-P4.tar.gz) = 7999697 +SHA256 (9.9.8-P4-rpz2+rl.14038.05.patch.xz) = 5415559171c03a9a02e31284552a4888911eeb692d57def8d631b7d0564dc5f0 +SIZE (9.9.8-P4-rpz2+rl.14038.05.patch.xz) = 39240 diff --git a/dns/bind99/files/extrapatch-bind-min-override-ttl b/dns/bind99/files/extrapatch-bind-min-override-ttl index 269cb59b74f8..1492257ce5bc 100644 --- a/dns/bind99/files/extrapatch-bind-min-override-ttl +++ b/dns/bind99/files/extrapatch-bind-min-override-ttl @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2015-09-09 02:23:50 UTC +--- bin/named/config.c.orig 2016-02-29 00:30:52 UTC +++ bin/named/config.c @@ -141,6 +141,8 @@ options {\n\ min-roots 2;\n\ @@ -9,7 +9,7 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ ---- bin/named/server.c.orig 2015-09-09 02:23:50 UTC +--- bin/named/server.c.orig 2016-02-29 00:30:52 UTC +++ bin/named/server.c @@ -2554,6 +2554,16 @@ configure_view(dns_view_t *view, cfg_obj } @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2015-09-09 02:23:50 UTC +--- lib/dns/include/dns/view.h.orig 2016-02-29 00:30:52 UTC +++ lib/dns/include/dns/view.h @@ -148,6 +148,8 @@ struct dns_view { isc_boolean_t provideixfr; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; in_port_t dstport; dns_aclenv_t aclenv; ---- lib/dns/resolver.c.orig 2015-09-09 02:23:50 UTC +--- lib/dns/resolver.c.orig 2016-02-29 00:30:52 UTC +++ lib/dns/resolver.c -@@ -5086,6 +5086,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5088,6 +5088,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,7 +60,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2015-09-09 02:23:50 UTC +--- lib/isccfg/namedconf.c.orig 2016-02-29 00:30:52 UTC +++ lib/isccfg/namedconf.c @@ -1448,6 +1448,8 @@ view_clauses[] = { { "lame-ttl", &cfg_type_uint32, 0 }, |