From 2ce1da89d55a71b04d09161703bd92671c59bbf0 Mon Sep 17 00:00:00 2001
From: Philip Paeps <philip@FreeBSD.org>
Date: Thu, 18 Jun 2020 08:22:04 +0000
Subject: MFH: r539518

Update to 9.16.4.

Security:	CVE-2020-8618 CVE-2020-8619
Submitted by:	mat (maintainer)
Approved by:	ports-secteam (joneum)
---
 dns/bind-tools/pkg-plist                           | 55 ++++++++++++--------
 dns/bind916/Makefile                               | 21 ++++----
 dns/bind916/distinfo                               |  6 +--
 dns/bind916/files/extrapatch-bind-min-override-ttl | 12 ++---
 dns/bind916/files/extrapatch-bind-tools            |  6 +--
 dns/bind916/files/extrapatch-no-bind-tools         | 17 +++----
 dns/bind916/files/patch-configure                  |  8 +--
 dns/bind916/pkg-plist                              | 58 +++++++++++++++-------
 8 files changed, 107 insertions(+), 76 deletions(-)

diff --git a/dns/bind-tools/pkg-plist b/dns/bind-tools/pkg-plist
index 819c52622282..27461571644b 100644
--- a/dns/bind-tools/pkg-plist
+++ b/dns/bind-tools/pkg-plist
@@ -6,28 +6,39 @@ bin/mdig
 bin/named-rrchecker
 bin/nslookup
 bin/nsupdate
-man/man1/arpaname.1.gz
-man/man1/delv.1.gz
-man/man1/dig.1.gz
-man/man1/host.1.gz
-man/man1/mdig.1.gz
-man/man1/named-rrchecker.1.gz
-man/man1/nslookup.1.gz
-man/man1/nsupdate.1.gz
-man/man8/dnssec-cds.8.gz
-%%PYTHON%%man/man8/dnssec-checkds.8.gz
-%%PYTHON%%man/man8/dnssec-coverage.8.gz
-man/man8/dnssec-dsfromkey.8.gz
-man/man8/dnssec-importkey.8.gz
-man/man8/dnssec-keyfromlabel.8.gz
-man/man8/dnssec-keygen.8.gz
-%%PYTHON%%man/man8/dnssec-keymgr.8.gz
-man/man8/dnssec-revoke.8.gz
-man/man8/dnssec-settime.8.gz
-man/man8/dnssec-signzone.8.gz
-man/man8/dnssec-verify.8.gz
-man/man8/named-journalprint.8.gz
-man/man8/nsec3hash.8.gz
+%%MANPAGES%%man/man1/arpaname.1.gz
+%%MANPAGES%%man/man1/delv.1.gz
+%%MANPAGES%%man/man1/dig.1.gz
+%%MANPAGES%%@comment man/man1/dnstap-read.1.gz
+%%MANPAGES%%man/man1/host.1.gz
+%%MANPAGES%%man/man1/mdig.1.gz
+%%MANPAGES%%man/man1/named-rrchecker.1.gz
+%%MANPAGES%%man/man1/nslookup.1.gz
+%%MANPAGES%%man/man1/nsupdate.1.gz
+%%MANPAGES%%@comment man/man5/named.conf.5.gz
+%%MANPAGES%%@comment man/man5/rndc.conf.5.gz
+%%MANPAGES%%@comment man/man8/ddns-confgen.8.gz
+%%MANPAGES%%man/man8/dnssec-cds.8.gz
+%%MANPAGES%%%%PYTHON%%man/man8/dnssec-checkds.8.gz
+%%MANPAGES%%%%PYTHON%%man/man8/dnssec-coverage.8.gz
+%%MANPAGES%%man/man8/dnssec-dsfromkey.8.gz
+%%MANPAGES%%man/man8/dnssec-importkey.8.gz
+%%MANPAGES%%man/man8/dnssec-keyfromlabel.8.gz
+%%MANPAGES%%man/man8/dnssec-keygen.8.gz
+%%MANPAGES%%%%PYTHON%%man/man8/dnssec-keymgr.8.gz
+%%MANPAGES%%man/man8/dnssec-revoke.8.gz
+%%MANPAGES%%man/man8/dnssec-settime.8.gz
+%%MANPAGES%%man/man8/dnssec-signzone.8.gz
+%%MANPAGES%%man/man8/dnssec-verify.8.gz
+%%MANPAGES%%@comment man/man8/filter-aaaa.8.gz
+%%MANPAGES%%@comment man/man8/named-checkconf.8.gz
+%%MANPAGES%%@comment man/man8/named-checkzone.8.gz
+%%MANPAGES%%man/man8/named-journalprint.8.gz
+%%MANPAGES%%@comment man/man8/named-nzd2nzf.8.gz
+%%MANPAGES%%@comment man/man8/named.8.gz
+%%MANPAGES%%man/man8/nsec3hash.8.gz
+%%MANPAGES%%@comment man/man8/rndc-confgen.8.gz
+%%MANPAGES%%@comment man/man8/rndc.8.gz
 sbin/dnssec-cds
 %%PYTHON%%sbin/dnssec-checkds
 %%PYTHON%%sbin/dnssec-coverage
diff --git a/dns/bind916/Makefile b/dns/bind916/Makefile
index 3b6defb8c5a2..f414c6dea53b 100644
--- a/dns/bind916/Makefile
+++ b/dns/bind916/Makefile
@@ -41,7 +41,7 @@ RUN_DEPENDS=	bind-tools>0:dns/bind-tools
 
 USES=		compiler:c11 cpe libedit pkgconfig ssl tar:xz
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.16.3
+ISCVERSION=	9.16.4
 
 CPE_VENDOR=	isc
 CPE_VERSION=	${ISCVERSION:C/-.*//}
@@ -75,10 +75,10 @@ CONFLICTS=	bind911 bind912 bind913 bind914 bind9-devel
 MAKE_JOBS_UNSAFE=	yes
 
 OPTIONS_DEFAULT=	DLZ_FILESYSTEM GSSAPI_NONE IDN JSON LMDB PYTHON \
-			SIGCHASE TCP_FASTOPEN
+			SIGCHASE TCP_FASTOPEN MANPAGES
 OPTIONS_DEFINE=		DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \
 			OVERRIDECACHE PORTREVISION PYTHON QUERYTRACE SIGCHASE \
-			START_LATE TCP_FASTOPEN TUNING_LARGE
+			START_LATE TCP_FASTOPEN TUNING_LARGE MANPAGES
 
 OPTIONS_RADIO=		CRYPTO
 OPTIONS_RADIO_CRYPTO=	NATIVE_PKCS11
@@ -181,6 +181,8 @@ LARGE_FILE_CONFIGURE_ENABLE=	largefile
 LMDB_CONFIGURE_WITH=	lmdb=${LOCALBASE}
 LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
 
+MANPAGES_BUILD_DEPENDS=	sphinx-build:textproc/py-sphinx
+
 OVERRIDECACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
 
 NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
@@ -225,12 +227,12 @@ SUB_LIST+=	ENGINES=${LOCALBASE}/lib/engines
 .endif
 
 post-patch:
-.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
-	rndc/rndc.8
+.for FILE in named-checkconf.8 named.8 nsupdate.1 \
+	rndc.8
 	@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
 		-e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
 		-e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
-		${WRKSRC}/bin/${FILE}
+		${WRKSRC}/doc/man/${FILE}in
 .endfor
 
 .if !defined(BIND_TOOLS_SLAVE)
@@ -257,13 +259,14 @@ post-install:
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
 post-install-DOCS-on:
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \
 		${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
 .else
 
+post-install-MANPAGES-on:
+	@(cd ${WRKSRC}/doc/man && ${SETENV} ${MAKE_ENV} ${FAKEROOT} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} ${INSTALL_TARGET})
+
 # Can't use USE_PYTHON=autoplist
 post-install-PYTHON-on:
 	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
diff --git a/dns/bind916/distinfo b/dns/bind916/distinfo
index 7e77bbb1dda4..25b23444bbd0 100644
--- a/dns/bind916/distinfo
+++ b/dns/bind916/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1589559917
-SHA256 (bind-9.16.3.tar.xz) = 27ac6513de5f8d0db34b9f241da53baa15a14b2ad21338d0cde0826eaf564f7e
-SIZE (bind-9.16.3.tar.xz) = 4573044
+TIMESTAMP = 1592316528
+SHA256 (bind-9.16.4.tar.xz) = 7522088d3daac8bcabaae37998178e09139ef5ccae6631cb1d8a625b770f370a
+SIZE (bind-9.16.4.tar.xz) = 3465172
diff --git a/dns/bind916/files/extrapatch-bind-min-override-ttl b/dns/bind916/files/extrapatch-bind-min-override-ttl
index 6185eb345ba9..477c59871f32 100644
--- a/dns/bind916/files/extrapatch-bind-min-override-ttl
+++ b/dns/bind916/files/extrapatch-bind-min-override-ttl
@@ -1,6 +1,6 @@
 Add the override-cache-ttl feature.
 
---- bin/named/config.c.orig	2020-05-06 09:59:35 UTC
+--- bin/named/config.c.orig	2020-06-10 21:01:43 UTC
 +++ bin/named/config.c
 @@ -179,6 +179,7 @@ options {\n\
  	notify-source *;\n\
@@ -10,7 +10,7 @@ Add the override-cache-ttl feature.
  	provide-ixfr true;\n\
  	qname-minimization relaxed;\n\
  	query-source address *;\n\
---- bin/named/server.c.orig	2020-05-06 09:59:35 UTC
+--- bin/named/server.c.orig	2020-06-10 21:01:43 UTC
 +++ bin/named/server.c
 @@ -4328,6 +4328,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl
  	}
@@ -24,7 +24,7 @@ Add the override-cache-ttl feature.
  	result = named_config_get(maps, "max-cache-ttl", &obj);
  	INSIST(result == ISC_R_SUCCESS);
  	view->maxcachettl = cfg_obj_asduration(obj);
---- lib/dns/include/dns/view.h.orig	2020-05-06 09:59:35 UTC
+--- lib/dns/include/dns/view.h.orig	2020-06-10 21:01:43 UTC
 +++ lib/dns/include/dns/view.h
 @@ -152,6 +152,7 @@ struct dns_view {
  	bool		      requestnsid;
@@ -34,9 +34,9 @@ Add the override-cache-ttl feature.
  	dns_ttl_t	      maxncachettl;
  	dns_ttl_t	      mincachettl;
  	dns_ttl_t	      minncachettl;
---- lib/dns/resolver.c.orig	2020-05-06 09:59:35 UTC
+--- lib/dns/resolver.c.orig	2020-06-10 21:01:43 UTC
 +++ lib/dns/resolver.c
-@@ -6248,6 +6248,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb
+@@ -6247,6 +6247,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb
  		}
  
  		/*
@@ -49,7 +49,7 @@ Add the override-cache-ttl feature.
  		 * Enforce the configure maximum cache TTL.
  		 */
  		if (rdataset->ttl > res->view->maxcachettl) {
---- lib/isccfg/namedconf.c.orig	2020-05-06 09:59:35 UTC
+--- lib/isccfg/namedconf.c.orig	2020-06-10 21:01:43 UTC
 +++ lib/isccfg/namedconf.c
 @@ -1990,6 +1990,7 @@ static cfg_clausedef_t view_clauses[] = {
  #endif /* ifdef HAVE_LMDB */
diff --git a/dns/bind916/files/extrapatch-bind-tools b/dns/bind916/files/extrapatch-bind-tools
index 823fc8681e16..33ec579a0b93 100644
--- a/dns/bind916/files/extrapatch-bind-tools
+++ b/dns/bind916/files/extrapatch-bind-tools
@@ -1,6 +1,6 @@
 Only select the "tools" part of bind for building.
 
---- Makefile.in.orig	2019-08-12 14:08:48 UTC
+--- Makefile.in.orig	2020-06-10 21:01:43 UTC
 +++ Makefile.in
 @@ -14,7 +14,7 @@ top_builddir =  @top_builddir@
  
@@ -11,7 +11,7 @@ Only select the "tools" part of bind for building.
  TARGETS =
  PREREQS =	bind.keys.h
  
-@@ -51,7 +51,6 @@ installdirs:
+@@ -50,7 +50,6 @@ installdirs:
  	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
  
  install:: installdirs
@@ -19,7 +19,7 @@ Only select the "tools" part of bind for building.
  
  uninstall::
  	rm -f ${DESTDIR}${sysconfdir}/bind.keys
---- bin/Makefile.in.orig	2019-08-12 14:08:48 UTC
+--- bin/Makefile.in.orig	2020-06-10 21:01:43 UTC
 +++ bin/Makefile.in
 @@ -11,8 +11,8 @@ srcdir =	@srcdir@
  VPATH =		@srcdir@
diff --git a/dns/bind916/files/extrapatch-no-bind-tools b/dns/bind916/files/extrapatch-no-bind-tools
index d461b099be34..04e8afa2513d 100644
--- a/dns/bind916/files/extrapatch-no-bind-tools
+++ b/dns/bind916/files/extrapatch-no-bind-tools
@@ -1,6 +1,6 @@
 Exclude the "tools" from building and installing.
 
---- bin/Makefile.in.orig	2019-06-28 12:33:29 UTC
+--- bin/Makefile.in.orig	2020-06-10 21:01:43 UTC
 +++ bin/Makefile.in
 @@ -11,8 +11,8 @@ srcdir =	@srcdir@
  VPATH =		@srcdir@
@@ -13,9 +13,9 @@ Exclude the "tools" from building and installing.
  TARGETS =
  
  @BIND9_MAKE_RULES@
---- bin/tools/Makefile.in.orig	2019-06-28 12:33:29 UTC
+--- bin/tools/Makefile.in.orig	2020-06-10 21:01:43 UTC
 +++ bin/tools/Makefile.in
-@@ -41,10 +41,7 @@ SUBDIRS =
+@@ -43,10 +43,7 @@ SUBDIRS =
  
  DNSTAPTARGETS =	dnstap-read@EXEEXT@
  NZDTARGETS =	named-nzd2nzf@EXEEXT@
@@ -27,8 +27,8 @@ Exclude the "tools" from building and installing.
  
  DNSTAPSRCS  =	dnstap-read.c
  NZDSRCS  =	named-nzd2nzf.c
-@@ -120,21 +117,6 @@ dnstap:
- 	${INSTALL_DATA} ${srcdir}/dnstap-read.1 ${DESTDIR}${mandir}/man1
+@@ -103,16 +100,6 @@ dnstap:
+ 		${DESTDIR}${bindir}
  
  install:: ${TARGETS} installdirs @DNSTAP@ @NZD_TOOLS@
 -	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} arpaname@EXEEXT@ \
@@ -41,11 +41,6 @@ Exclude the "tools" from building and installing.
 -		${DESTDIR}${sbindir}
 -	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \
 -		${DESTDIR}${bindir}
--	${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1
--	${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8
--	${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1
--	${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8
--	${INSTALL_DATA} ${srcdir}/mdig.1 ${DESTDIR}${mandir}/man1
  
  uninstall::
- 	rm -f ${DESTDIR}${mandir}/man1/mdig.1
+ 	${LIBTOOL_MODE_UNINSTALL} rm -f \
diff --git a/dns/bind916/files/patch-configure b/dns/bind916/files/patch-configure
index 8b4e1f840712..007c65a9943a 100644
--- a/dns/bind916/files/patch-configure
+++ b/dns/bind916/files/patch-configure
@@ -1,8 +1,8 @@
 Fixup gssapi and db detection.
 
---- configure.orig	2020-05-06 09:59:35 UTC
+--- configure.orig	2020-06-10 21:01:43 UTC
 +++ configure
-@@ -17491,27 +17491,9 @@ done
+@@ -17602,27 +17602,9 @@ done
  		# problems start to show up.
  		saved_libs="$LIBS"
  		for TRY_LIBS in \
@@ -32,7 +32,7 @@ Fixup gssapi and db detection.
  		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
  $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
  		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -17554,47 +17536,7 @@ $as_echo "no" >&6; } ;;
+@@ -17665,47 +17647,7 @@ $as_echo "no" >&6; } ;;
  		no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
  		esac
  
@@ -81,7 +81,7 @@ Fixup gssapi and db detection.
  		DNS_GSSAPI_LIBS="$LIBS"
  
  		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -23103,7 +23045,7 @@ $as_echo "" >&6; }
+@@ -23208,7 +23150,7 @@ $as_echo "" >&6; }
  			# Check other locations for includes.
  			# Order is important (sigh).
  
diff --git a/dns/bind916/pkg-plist b/dns/bind916/pkg-plist
index 585f73e9c4dc..f3e47834ffad 100644
--- a/dns/bind916/pkg-plist
+++ b/dns/bind916/pkg-plist
@@ -49,14 +49,15 @@ include/dns/geoip.h
 include/dns/ipkeylist.h
 include/dns/iptable.h
 include/dns/journal.h
+include/dns/kasp.h
 include/dns/keydata.h
 include/dns/keyflags.h
-include/dns/kasp.h
 include/dns/keymgr.h
 include/dns/keytable.h
 include/dns/keyvalues.h
 include/dns/lib.h
 include/dns/librpz.h
+%%LMDB%%include/dns/lmdb.h
 include/dns/log.h
 include/dns/lookup.h
 include/dns/master.h
@@ -220,6 +221,7 @@ include/isc/time.h
 include/isc/timer.h
 include/isc/tm.h
 include/isc/types.h
+include/isc/utf8.h
 include/isc/util.h
 include/isc/version.h
 include/isccc/alist.h
@@ -271,23 +273,43 @@ lib/libisccc.a
 lib/libisccfg.a
 lib/libns.a
 lib/named/filter-aaaa.so
-%%DNSTAP%%man/man1/dnstap-read.1.gz
-man/man5/named.conf.5.gz
-man/man5/rndc.conf.5.gz
-man/man8/ddns-confgen.8.gz
-man/man8/filter-aaaa.8.gz
-man/man8/named-checkconf.8.gz
-man/man8/named-checkzone.8.gz
-man/man8/named-compilezone.8.gz
-%%LMDB%%man/man8/named-nzd2nzf.8.gz
-man/man8/named.8.gz
-%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz
-%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz
-%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz
-%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz
-man/man8/rndc-confgen.8.gz
-man/man8/rndc.8.gz
-man/man8/tsig-keygen.8.gz
+%%MANPAGES%%@comment man/man1/arpaname.1.gz
+%%MANPAGES%%@comment man/man1/delv.1.gz
+%%MANPAGES%%@comment man/man1/dig.1.gz
+%%MANPAGES%%%%DNSTAP%%man/man1/dnstap-read.1.gz
+%%MANPAGES%%@comment man/man1/host.1.gz
+%%MANPAGES%%@comment man/man1/mdig.1.gz
+%%MANPAGES%%@comment man/man1/named-rrchecker.1.gz
+%%MANPAGES%%@comment man/man1/nslookup.1.gz
+%%MANPAGES%%@comment man/man1/nsupdate.1.gz
+%%MANPAGES%%man/man5/named.conf.5.gz
+%%MANPAGES%%man/man5/rndc.conf.5.gz
+%%MANPAGES%%man/man8/ddns-confgen.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-cds.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-checkds.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-coverage.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-dsfromkey.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-importkey.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-keyfromlabel.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-keygen.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-keymgr.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-revoke.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-settime.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-signzone.8.gz
+%%MANPAGES%%@comment man/man8/dnssec-verify.8.gz
+%%MANPAGES%%man/man8/filter-aaaa.8.gz
+%%MANPAGES%%man/man8/named-checkconf.8.gz
+%%MANPAGES%%man/man8/named-checkzone.8.gz
+%%MANPAGES%%@comment man/man8/named-journalprint.8.gz
+%%MANPAGES%%%%LMDB%%man/man8/named-nzd2nzf.8.gz
+%%MANPAGES%%man/man8/named.8.gz
+%%MANPAGES%%@comment man/man8/nsec3hash.8.gz
+%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz
+%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz
+%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz
+%%MANPAGES%%%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz
+%%MANPAGES%%man/man8/rndc-confgen.8.gz
+%%MANPAGES%%man/man8/rndc.8.gz
 sbin/ddns-confgen
 sbin/named
 sbin/named-checkconf
-- 
cgit v1.2.3