diff options
| author | Philip Paeps <philip@FreeBSD.org> | 2020-06-18 08:22:04 +0000 |
|---|---|---|
| committer | Philip Paeps <philip@FreeBSD.org> | 2020-06-18 08:22:04 +0000 |
| commit | 2ce1da89d55a71b04d09161703bd92671c59bbf0 (patch) | |
| tree | 355a1af11eba65bd5a44e1a881a2f3c9a3270b65 | |
| parent | 1025ec9c9c0e1c8083cefdde8442942e8b08558e (diff) | |
| download | ports-2ce1da89d55a71b04d09161703bd92671c59bbf0.tar.gz ports-2ce1da89d55a71b04d09161703bd92671c59bbf0.zip | |
MFH: r539518
Update to 9.16.4.
Security: CVE-2020-8618 CVE-2020-8619
Submitted by: mat (maintainer)
Approved by: ports-secteam (joneum)
Notes
Notes:
svn path=/branches/2020Q2/; revision=539534
| -rw-r--r-- | dns/bind-tools/pkg-plist | 55 | ||||
| -rw-r--r-- | dns/bind916/Makefile | 21 | ||||
| -rw-r--r-- | dns/bind916/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind916/files/extrapatch-bind-min-override-ttl | 12 | ||||
| -rw-r--r-- | dns/bind916/files/extrapatch-bind-tools | 6 | ||||
| -rw-r--r-- | dns/bind916/files/extrapatch-no-bind-tools | 17 | ||||
| -rw-r--r-- | dns/bind916/files/patch-configure | 8 | ||||
| -rw-r--r-- | dns/bind916/pkg-plist | 58 |
8 files changed, 107 insertions, 76 deletions
diff --git a/dns/bind-tools/pkg-plist b/dns/bind-tools/pkg-plist index 819c52622282..27461571644b 100644 --- a/dns/bind-tools/pkg-plist +++ b/dns/bind-tools/pkg-plist @@ -6,28 +6,39 @@ bin/mdig bin/named-rrchecker bin/nslookup bin/nsupdate -man/man1/arpaname.1.gz -man/man1/delv.1.gz -man/man1/dig.1.gz -man/man1/host.1.gz -man/man1/mdig.1.gz -man/man1/named-rrchecker.1.gz -man/man1/nslookup.1.gz -man/man1/nsupdate.1.gz -man/man8/dnssec-cds.8.gz -%%PYTHON%%man/man8/dnssec-checkds.8.gz -%%PYTHON%%man/man8/dnssec-coverage.8.gz -man/man8/dnssec-dsfromkey.8.gz -man/man8/dnssec-importkey.8.gz -man/man8/dnssec-keyfromlabel.8.gz -man/man8/dnssec-keygen.8.gz -%%PYTHON%%man/man8/dnssec-keymgr.8.gz -man/man8/dnssec-revoke.8.gz -man/man8/dnssec-settime.8.gz -man/man8/dnssec-signzone.8.gz -man/man8/dnssec-verify.8.gz -man/man8/named-journalprint.8.gz -man/man8/nsec3hash.8.gz +%%MANPAGES%%man/man1/arpaname.1.gz +%%MANPAGES%%man/man1/delv.1.gz +%%MANPAGES%%man/man1/dig.1.gz +%%MANPAGES%%@comment man/man1/dnstap-read.1.gz +%%MANPAGES%%man/man1/host.1.gz +%%MANPAGES%%man/man1/mdig.1.gz +%%MANPAGES%%man/man1/named-rrchecker.1.gz +%%MANPAGES%%man/man1/nslookup.1.gz +%%MANPAGES%%man/man1/nsupdate.1.gz +%%MANPAGES%%@comment man/man5/named.conf.5.gz +%%MANPAGES%%@comment man/man5/rndc.conf.5.gz +%%MANPAGES%%@comment man/man8/ddns-confgen.8.gz +%%MANPAGES%%man/man8/dnssec-cds.8.gz +%%MANPAGES%%%%PYTHON%%man/man8/dnssec-checkds.8.gz +%%MANPAGES%%%%PYTHON%%man/man8/dnssec-coverage.8.gz +%%MANPAGES%%man/man8/dnssec-dsfromkey.8.gz +%%MANPAGES%%man/man8/dnssec-importkey.8.gz +%%MANPAGES%%man/man8/dnssec-keyfromlabel.8.gz +%%MANPAGES%%man/man8/dnssec-keygen.8.gz +%%MANPAGES%%%%PYTHON%%man/man8/dnssec-keymgr.8.gz +%%MANPAGES%%man/man8/dnssec-revoke.8.gz +%%MANPAGES%%man/man8/dnssec-settime.8.gz +%%MANPAGES%%man/man8/dnssec-signzone.8.gz +%%MANPAGES%%man/man8/dnssec-verify.8.gz +%%MANPAGES%%@comment man/man8/filter-aaaa.8.gz +%%MANPAGES%%@comment man/man8/named-checkconf.8.gz +%%MANPAGES%%@comment man/man8/named-checkzone.8.gz +%%MANPAGES%%man/man8/named-journalprint.8.gz +%%MANPAGES%%@comment man/man8/named-nzd2nzf.8.gz +%%MANPAGES%%@comment man/man8/named.8.gz +%%MANPAGES%%man/man8/nsec3hash.8.gz +%%MANPAGES%%@comment man/man8/rndc-confgen.8.gz +%%MANPAGES%%@comment man/man8/rndc.8.gz sbin/dnssec-cds %%PYTHON%%sbin/dnssec-checkds %%PYTHON%%sbin/dnssec-coverage diff --git a/dns/bind916/Makefile b/dns/bind916/Makefile index 3b6defb8c5a2..f414c6dea53b 100644 --- a/dns/bind916/Makefile +++ b/dns/bind916/Makefile @@ -41,7 +41,7 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools USES= compiler:c11 cpe libedit pkgconfig ssl tar:xz # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.16.3 +ISCVERSION= 9.16.4 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -75,10 +75,10 @@ CONFLICTS= bind911 bind912 bind913 bind914 bind9-devel MAKE_JOBS_UNSAFE= yes OPTIONS_DEFAULT= DLZ_FILESYSTEM GSSAPI_NONE IDN JSON LMDB PYTHON \ - SIGCHASE TCP_FASTOPEN + SIGCHASE TCP_FASTOPEN MANPAGES OPTIONS_DEFINE= DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \ OVERRIDECACHE PORTREVISION PYTHON QUERYTRACE SIGCHASE \ - START_LATE TCP_FASTOPEN TUNING_LARGE + START_LATE TCP_FASTOPEN TUNING_LARGE MANPAGES OPTIONS_RADIO= CRYPTO OPTIONS_RADIO_CRYPTO= NATIVE_PKCS11 @@ -181,6 +181,8 @@ LARGE_FILE_CONFIGURE_ENABLE= largefile LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE} LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb +MANPAGES_BUILD_DEPENDS= sphinx-build:textproc/py-sphinx + OVERRIDECACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 @@ -225,12 +227,12 @@ SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines .endif post-patch: -.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ - rndc/rndc.8 +.for FILE in named-checkconf.8 named.8 nsupdate.1 \ + rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ - ${WRKSRC}/bin/${FILE} + ${WRKSRC}/doc/man/${FILE}in .endfor .if !defined(BIND_TOOLS_SLAVE) @@ -257,13 +259,14 @@ post-install: ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} + ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \ ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .else +post-install-MANPAGES-on: + @(cd ${WRKSRC}/doc/man && ${SETENV} ${MAKE_ENV} ${FAKEROOT} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} ${INSTALL_TARGET}) + # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} diff --git a/dns/bind916/distinfo b/dns/bind916/distinfo index 7e77bbb1dda4..25b23444bbd0 100644 --- a/dns/bind916/distinfo +++ b/dns/bind916/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1589559917 -SHA256 (bind-9.16.3.tar.xz) = 27ac6513de5f8d0db34b9f241da53baa15a14b2ad21338d0cde0826eaf564f7e -SIZE (bind-9.16.3.tar.xz) = 4573044 +TIMESTAMP = 1592316528 +SHA256 (bind-9.16.4.tar.xz) = 7522088d3daac8bcabaae37998178e09139ef5ccae6631cb1d8a625b770f370a +SIZE (bind-9.16.4.tar.xz) = 3465172 diff --git a/dns/bind916/files/extrapatch-bind-min-override-ttl b/dns/bind916/files/extrapatch-bind-min-override-ttl index 6185eb345ba9..477c59871f32 100644 --- a/dns/bind916/files/extrapatch-bind-min-override-ttl +++ b/dns/bind916/files/extrapatch-bind-min-override-ttl @@ -1,6 +1,6 @@ Add the override-cache-ttl feature. ---- bin/named/config.c.orig 2020-05-06 09:59:35 UTC +--- bin/named/config.c.orig 2020-06-10 21:01:43 UTC +++ bin/named/config.c @@ -179,6 +179,7 @@ options {\n\ notify-source *;\n\ @@ -10,7 +10,7 @@ Add the override-cache-ttl feature. provide-ixfr true;\n\ qname-minimization relaxed;\n\ query-source address *;\n\ ---- bin/named/server.c.orig 2020-05-06 09:59:35 UTC +--- bin/named/server.c.orig 2020-06-10 21:01:43 UTC +++ bin/named/server.c @@ -4328,6 +4328,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } @@ -24,7 +24,7 @@ Add the override-cache-ttl feature. result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asduration(obj); ---- lib/dns/include/dns/view.h.orig 2020-05-06 09:59:35 UTC +--- lib/dns/include/dns/view.h.orig 2020-06-10 21:01:43 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,7 @@ struct dns_view { bool requestnsid; @@ -34,9 +34,9 @@ Add the override-cache-ttl feature. dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2020-05-06 09:59:35 UTC +--- lib/dns/resolver.c.orig 2020-06-10 21:01:43 UTC +++ lib/dns/resolver.c -@@ -6248,6 +6248,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb +@@ -6247,6 +6247,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* @@ -49,7 +49,7 @@ Add the override-cache-ttl feature. * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2020-05-06 09:59:35 UTC +--- lib/isccfg/namedconf.c.orig 2020-06-10 21:01:43 UTC +++ lib/isccfg/namedconf.c @@ -1990,6 +1990,7 @@ static cfg_clausedef_t view_clauses[] = { #endif /* ifdef HAVE_LMDB */ diff --git a/dns/bind916/files/extrapatch-bind-tools b/dns/bind916/files/extrapatch-bind-tools index 823fc8681e16..33ec579a0b93 100644 --- a/dns/bind916/files/extrapatch-bind-tools +++ b/dns/bind916/files/extrapatch-bind-tools @@ -1,6 +1,6 @@ Only select the "tools" part of bind for building. ---- Makefile.in.orig 2019-08-12 14:08:48 UTC +--- Makefile.in.orig 2020-06-10 21:01:43 UTC +++ Makefile.in @@ -14,7 +14,7 @@ top_builddir = @top_builddir@ @@ -11,7 +11,7 @@ Only select the "tools" part of bind for building. TARGETS = PREREQS = bind.keys.h -@@ -51,7 +51,6 @@ installdirs: +@@ -50,7 +50,6 @@ installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 install:: installdirs @@ -19,7 +19,7 @@ Only select the "tools" part of bind for building. uninstall:: rm -f ${DESTDIR}${sysconfdir}/bind.keys ---- bin/Makefile.in.orig 2019-08-12 14:08:48 UTC +--- bin/Makefile.in.orig 2020-06-10 21:01:43 UTC +++ bin/Makefile.in @@ -11,8 +11,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/dns/bind916/files/extrapatch-no-bind-tools b/dns/bind916/files/extrapatch-no-bind-tools index d461b099be34..04e8afa2513d 100644 --- a/dns/bind916/files/extrapatch-no-bind-tools +++ b/dns/bind916/files/extrapatch-no-bind-tools @@ -1,6 +1,6 @@ Exclude the "tools" from building and installing. ---- bin/Makefile.in.orig 2019-06-28 12:33:29 UTC +--- bin/Makefile.in.orig 2020-06-10 21:01:43 UTC +++ bin/Makefile.in @@ -11,8 +11,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ @@ -13,9 +13,9 @@ Exclude the "tools" from building and installing. TARGETS = @BIND9_MAKE_RULES@ ---- bin/tools/Makefile.in.orig 2019-06-28 12:33:29 UTC +--- bin/tools/Makefile.in.orig 2020-06-10 21:01:43 UTC +++ bin/tools/Makefile.in -@@ -41,10 +41,7 @@ SUBDIRS = +@@ -43,10 +43,7 @@ SUBDIRS = DNSTAPTARGETS = dnstap-read@EXEEXT@ NZDTARGETS = named-nzd2nzf@EXEEXT@ @@ -27,8 +27,8 @@ Exclude the "tools" from building and installing. DNSTAPSRCS = dnstap-read.c NZDSRCS = named-nzd2nzf.c -@@ -120,21 +117,6 @@ dnstap: - ${INSTALL_DATA} ${srcdir}/dnstap-read.1 ${DESTDIR}${mandir}/man1 +@@ -103,16 +100,6 @@ dnstap: + ${DESTDIR}${bindir} install:: ${TARGETS} installdirs @DNSTAP@ @NZD_TOOLS@ - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} arpaname@EXEEXT@ \ @@ -41,11 +41,6 @@ Exclude the "tools" from building and installing. - ${DESTDIR}${sbindir} - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \ - ${DESTDIR}${bindir} -- ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 -- ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 -- ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 -- ${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8 -- ${INSTALL_DATA} ${srcdir}/mdig.1 ${DESTDIR}${mandir}/man1 uninstall:: - rm -f ${DESTDIR}${mandir}/man1/mdig.1 + ${LIBTOOL_MODE_UNINSTALL} rm -f \ diff --git a/dns/bind916/files/patch-configure b/dns/bind916/files/patch-configure index 8b4e1f840712..007c65a9943a 100644 --- a/dns/bind916/files/patch-configure +++ b/dns/bind916/files/patch-configure @@ -1,8 +1,8 @@ Fixup gssapi and db detection. ---- configure.orig 2020-05-06 09:59:35 UTC +--- configure.orig 2020-06-10 21:01:43 UTC +++ configure -@@ -17491,27 +17491,9 @@ done +@@ -17602,27 +17602,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -32,7 +32,7 @@ Fixup gssapi and db detection. { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -17554,47 +17536,7 @@ $as_echo "no" >&6; } ;; +@@ -17665,47 +17647,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -81,7 +81,7 @@ Fixup gssapi and db detection. DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23103,7 +23045,7 @@ $as_echo "" >&6; } +@@ -23208,7 +23150,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind916/pkg-plist b/dns/bind916/pkg-plist index 585f73e9c4dc..f3e47834ffad 100644 --- a/dns/bind916/pkg-plist +++ b/dns/bind916/pkg-plist @@ -49,14 +49,15 @@ include/dns/geoip.h include/dns/ipkeylist.h include/dns/iptable.h include/dns/journal.h +include/dns/kasp.h include/dns/keydata.h include/dns/keyflags.h -include/dns/kasp.h include/dns/keymgr.h include/dns/keytable.h include/dns/keyvalues.h include/dns/lib.h include/dns/librpz.h +%%LMDB%%include/dns/lmdb.h include/dns/log.h include/dns/lookup.h include/dns/master.h @@ -220,6 +221,7 @@ include/isc/time.h include/isc/timer.h include/isc/tm.h include/isc/types.h +include/isc/utf8.h include/isc/util.h include/isc/version.h include/isccc/alist.h @@ -271,23 +273,43 @@ lib/libisccc.a lib/libisccfg.a lib/libns.a lib/named/filter-aaaa.so -%%DNSTAP%%man/man1/dnstap-read.1.gz -man/man5/named.conf.5.gz -man/man5/rndc.conf.5.gz -man/man8/ddns-confgen.8.gz -man/man8/filter-aaaa.8.gz -man/man8/named-checkconf.8.gz -man/man8/named-checkzone.8.gz -man/man8/named-compilezone.8.gz -%%LMDB%%man/man8/named-nzd2nzf.8.gz -man/man8/named.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz -man/man8/rndc-confgen.8.gz -man/man8/rndc.8.gz -man/man8/tsig-keygen.8.gz +%%MANPAGES%%@comment man/man1/arpaname.1.gz +%%MANPAGES%%@comment man/man1/delv.1.gz +%%MANPAGES%%@comment man/man1/dig.1.gz +%%MANPAGES%%%%DNSTAP%%man/man1/dnstap-read.1.gz +%%MANPAGES%%@comment man/man1/host.1.gz +%%MANPAGES%%@comment man/man1/mdig.1.gz +%%MANPAGES%%@comment man/man1/named-rrchecker.1.gz +%%MANPAGES%%@comment man/man1/nslookup.1.gz +%%MANPAGES%%@comment man/man1/nsupdate.1.gz +%%MANPAGES%%man/man5/named.conf.5.gz +%%MANPAGES%%man/man5/rndc.conf.5.gz +%%MANPAGES%%man/man8/ddns-confgen.8.gz +%%MANPAGES%%@comment man/man8/dnssec-cds.8.gz +%%MANPAGES%%@comment man/man8/dnssec-checkds.8.gz +%%MANPAGES%%@comment man/man8/dnssec-coverage.8.gz +%%MANPAGES%%@comment man/man8/dnssec-dsfromkey.8.gz +%%MANPAGES%%@comment man/man8/dnssec-importkey.8.gz +%%MANPAGES%%@comment man/man8/dnssec-keyfromlabel.8.gz +%%MANPAGES%%@comment man/man8/dnssec-keygen.8.gz +%%MANPAGES%%@comment man/man8/dnssec-keymgr.8.gz +%%MANPAGES%%@comment man/man8/dnssec-revoke.8.gz +%%MANPAGES%%@comment man/man8/dnssec-settime.8.gz +%%MANPAGES%%@comment man/man8/dnssec-signzone.8.gz +%%MANPAGES%%@comment man/man8/dnssec-verify.8.gz +%%MANPAGES%%man/man8/filter-aaaa.8.gz +%%MANPAGES%%man/man8/named-checkconf.8.gz +%%MANPAGES%%man/man8/named-checkzone.8.gz +%%MANPAGES%%@comment man/man8/named-journalprint.8.gz +%%MANPAGES%%%%LMDB%%man/man8/named-nzd2nzf.8.gz +%%MANPAGES%%man/man8/named.8.gz +%%MANPAGES%%@comment man/man8/nsec3hash.8.gz +%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz +%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz +%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz +%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz +%%MANPAGES%%man/man8/rndc-confgen.8.gz +%%MANPAGES%%man/man8/rndc.8.gz sbin/ddns-confgen sbin/named sbin/named-checkconf |