Security update:

dns/bind99: 9.9.9-P3 -> 9.9.9-P4 dns/bind910: 9.10.4-P3 -> 9.10.4-P4 dns/bind911: 9.11.0 -> 9.11.0-P1 Security: CVE-2016-8864 Submitted by: mat MFH: 2016Q4
svn path=/head/; revision=425115
2016-11-02 06:38:48 +00:00 · 2016-11-02 06:38:48 +00:00 · 442cd7309b · 2021-03-31 03:12:20 +00:00
commit 442cd7309b
parent 9cd2b2e2b3
9 changed files with 33 additions and 33 deletions
--- a/dns/bind910/Makefile
+++ b/dns/bind910/Makefile
@ -29,7 +29,7 @@ COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 LICENSE=	ISCL

 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.10.4-P3
+ISCVERSION=	9.10.4-P4

 USES=	cpe libedit

--- a/dns/bind910/distinfo
+++ b/dns/bind910/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1474631813
-SHA256 (bind-9.10.4-P3.tar.gz) = a075e5ce89fddccb0e64d1777d59161387dd5151cf4e7d1a93875a487812baef
-SIZE (bind-9.10.4-P3.tar.gz) = 9299078
+TIMESTAMP = 1477663379
+SHA256 (bind-9.10.4-P4.tar.gz) = a41ce7518e1d0faa40312cc89f4ca42246906b2718099d992e87a5d3ce9a9d86
+SIZE (bind-9.10.4-P4.tar.gz) = 9299638
--- a/dns/bind910/files/extrapatch-bind-min-override-ttl
+++ b/dns/bind910/files/extrapatch-bind-min-override-ttl
@ -1,4 +1,4 @@
--- bin/named/config.c.orig	2016-04-20 20:11:20 UTC
+--- bin/named/config.c.orig	2016-10-21 05:10:54 UTC
 +++ bin/named/config.c
@@ -151,6 +151,8 @@ options {\n\
 	min-roots 2;\n\
@ -9,7 +9,7 @@
 	max-cache-ttl 604800; /* 1 week */\n\
 	transfer-format many-answers;\n\
 	max-cache-size 0;\n\
--- bin/named/server.c.orig	2016-04-20 20:11:20 UTC
+--- bin/named/server.c.orig	2016-10-21 05:10:54 UTC
 +++ bin/named/server.c
@@ -2802,6 +2802,16 @@ configure_view(dns_view_t *view, dns_vie
 	}
@ -28,7 +28,7 @@
 	result = ns_config_get(maps, "max-cache-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	view->maxcachettl = cfg_obj_asuint32(obj);
--- lib/dns/include/dns/view.h.orig	2016-04-20 20:11:20 UTC
+--- lib/dns/include/dns/view.h.orig	2016-10-21 05:10:54 UTC
 +++ lib/dns/include/dns/view.h
@@ -150,6 +150,8 @@ struct dns_view {
 	isc_boolean_t			requestnsid;
@ -39,9 +39,9 @@
 	dns_ttl_t			maxncachettl;
 	dns_ttl_t			prefetch_trigger;
 	dns_ttl_t			prefetch_eligible;
--- lib/dns/resolver.c.orig	2016-04-20 20:11:20 UTC
+--- lib/dns/resolver.c.orig	2016-10-21 05:10:54 UTC
 +++ lib/dns/resolver.c
-@@ -5371,6 +5371,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5373,6 +5373,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 		}
 
 		/*
@ -60,7 +60,7 @@
 		 * Enforce the configure maximum cache TTL.
 		 */
 		if (rdataset->ttl > res->view->maxcachettl)
--- lib/isccfg/namedconf.c.orig	2016-04-20 20:11:20 UTC
+--- lib/isccfg/namedconf.c.orig	2016-10-21 05:10:54 UTC
 +++ lib/isccfg/namedconf.c
@@ -1572,6 +1572,8 @@ view_clauses[] = {
 #endif
--- a/dns/bind911/Makefile
+++ b/dns/bind911/Makefile
@ -29,7 +29,7 @@ COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 LICENSE=	MPL

 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.11.0
+ISCVERSION=	9.11.0-P1

 USES=	cpe libedit

--- a/dns/bind911/distinfo
+++ b/dns/bind911/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1475620351
-SHA256 (bind-9.11.0.tar.gz) = 6f0b403036e0281b272a0fbdd0dc3417f3050b625cb059c5409432611418058b
-SIZE (bind-9.11.0.tar.gz) = 9789272
+TIMESTAMP = 1477663452
+SHA256 (bind-9.11.0-P1.tar.gz) = 094cd3134ba1b44f0910de1334f05a7dca68d583da038de40a8ad7a0cb1592c6
+SIZE (bind-9.11.0-P1.tar.gz) = 9673074
--- a/dns/bind911/files/extrapatch-bind-min-override-ttl
+++ b/dns/bind911/files/extrapatch-bind-min-override-ttl
@ -1,4 +1,4 @@
--- bin/named/config.c.orig	2016-08-30 11:01:49 UTC
+--- bin/named/config.c.orig	2016-10-21 05:13:38 UTC
 +++ bin/named/config.c
@@ -154,6 +154,8 @@ options {\n\
 	lame-ttl 600;\n\
@ -9,9 +9,9 @@
 	max-cache-ttl 604800; /* 1 week */\n\
 	transfer-format many-answers;\n\
 	max-cache-size 90%;\n\
--- bin/named/server.c.orig	2016-08-30 11:01:49 UTC
+--- bin/named/server.c.orig	2016-10-21 05:13:38 UTC
 +++ bin/named/server.c
-@@ -3637,6 +3637,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -3638,6 +3638,16 @@ configure_view(dns_view_t *view, dns_vie
 	}
 
 	obj = NULL;
@ -28,7 +28,7 @@
 	result = ns_config_get(maps, "max-cache-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	view->maxcachettl = cfg_obj_asuint32(obj);
--- lib/dns/include/dns/view.h.orig	2016-08-30 11:01:49 UTC
+--- lib/dns/include/dns/view.h.orig	2016-10-21 05:13:38 UTC
 +++ lib/dns/include/dns/view.h
@@ -146,6 +146,8 @@ struct dns_view {
 	isc_boolean_t			requestnsid;
@ -39,9 +39,9 @@
 	dns_ttl_t			maxncachettl;
 	isc_uint32_t			nta_lifetime;
 	isc_uint32_t			nta_recheck;
--- lib/dns/resolver.c.orig	2016-08-30 11:01:49 UTC
+--- lib/dns/resolver.c.orig	2016-10-21 05:13:38 UTC
 +++ lib/dns/resolver.c
-@@ -5431,6 +5431,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5433,6 +5433,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 		}
 
 		/*
@ -60,7 +60,7 @@
 		 * Enforce the configure maximum cache TTL.
 		 */
 		if (rdataset->ttl > res->view->maxcachettl)
--- lib/isccfg/namedconf.c.orig	2016-08-30 11:01:49 UTC
+--- lib/isccfg/namedconf.c.orig	2016-10-21 05:13:38 UTC
 +++ lib/isccfg/namedconf.c
@@ -1735,6 +1735,8 @@ view_clauses[] = {
 	{ "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
--- a/dns/bind99/Makefile
+++ b/dns/bind99/Makefile
@ -15,7 +15,7 @@ COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 LICENSE=	ISCL

 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.9.9-P3
+ISCVERSION=	9.9.9-P4

 USES=	cpe libedit

--- a/dns/bind99/distinfo
+++ b/dns/bind99/distinfo
@ -1,5 +1,5 @@
-TIMESTAMP = 1474632756
-SHA256 (bind-9.9.9-P3.tar.gz) = d63befc221e305bc5cadf9018535e533ebb5a99dd8df69acf42191ecb58991e2
-SIZE (bind-9.9.9-P3.tar.gz) = 8764358
-SHA256 (9.9.9-P3-rpz2+rl.14038.05.patch.xz) = fffc64517aeabd0a9d51243e98b2fad725f98641cfa19e469c0a7b46e6bbc3c0
-SIZE (9.9.9-P3-rpz2+rl.14038.05.patch.xz) = 39308
+TIMESTAMP = 1477663203
+SHA256 (bind-9.9.9-P4.tar.gz) = fdd5120aea9bf5147c350fb2460bfe79c3f1bcc36baa863aee4e1a9de910f1e2
+SIZE (bind-9.9.9-P4.tar.gz) = 8764378
+SHA256 (9.9.9-P4-rpz2+rl.14038.05.patch.xz) = 6cc256dfc7895c9e3eac72465b43deaaba0a01e9f97c492eefc4fe4d80fac4aa
+SIZE (9.9.9-P4-rpz2+rl.14038.05.patch.xz) = 39308
--- a/dns/bind99/files/extrapatch-bind-min-override-ttl
+++ b/dns/bind99/files/extrapatch-bind-min-override-ttl
@ -1,4 +1,4 @@
--- bin/named/config.c.orig	2016-04-20 20:11:30 UTC
+--- bin/named/config.c.orig	2016-10-21 05:12:02 UTC
 +++ bin/named/config.c
@@ -141,6 +141,8 @@ options {\n\
 	min-roots 2;\n\
@ -9,7 +9,7 @@
 	max-cache-ttl 604800; /* 1 week */\n\
 	transfer-format many-answers;\n\
 	max-cache-size 0;\n\
--- bin/named/server.c.orig	2016-04-20 20:11:30 UTC
+--- bin/named/server.c.orig	2016-10-21 05:12:02 UTC
 +++ bin/named/server.c
@@ -2559,6 +2559,16 @@ configure_view(dns_view_t *view, cfg_obj
 	}
@ -28,7 +28,7 @@
 	result = ns_config_get(maps, "max-cache-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	view->maxcachettl = cfg_obj_asuint32(obj);
--- lib/dns/include/dns/view.h.orig	2016-04-20 20:11:30 UTC
+--- lib/dns/include/dns/view.h.orig	2016-10-21 05:12:02 UTC
 +++ lib/dns/include/dns/view.h
@@ -148,6 +148,8 @@ struct dns_view {
 	isc_boolean_t			provideixfr;
@ -39,9 +39,9 @@
 	dns_ttl_t			maxncachettl;
 	in_port_t			dstport;
 	dns_aclenv_t			aclenv;
--- lib/dns/resolver.c.orig	2016-04-20 20:11:30 UTC
+--- lib/dns/resolver.c.orig	2016-10-21 05:12:02 UTC
 +++ lib/dns/resolver.c
-@@ -5114,6 +5114,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5116,6 +5116,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 		}
 
 		/*
@ -60,7 +60,7 @@
 		 * Enforce the configure maximum cache TTL.
 		 */
 		if (rdataset->ttl > res->view->maxcachettl)
--- lib/isccfg/namedconf.c.orig	2016-04-20 20:11:30 UTC
+--- lib/isccfg/namedconf.c.orig	2016-10-21 05:12:02 UTC
 +++ lib/isccfg/namedconf.c
@@ -1459,6 +1459,8 @@ view_clauses[] = {
 	{ "lame-ttl", &cfg_type_uint32, 0 },