From 3c8ddf3b5eede9499f9f8bf69c8761040af4ce8e Mon Sep 17 00:00:00 2001 From: Mathieu Arnold Date: Wed, 14 Jun 2017 22:56:44 +0000 Subject: MFH: r443608 r443607 Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1. Security: CVE-2017-3140 Security: CVE-2017-3141 Sponsored by: Absolight Remove special handling for testing and documentation domains, per RFC 6761 recommendations. While there: - Fix invalid syntax in sample slave config. - Add a message about having syslogd working with BIND9 chroot. PR: 217915 Reported by: eserte12 yahoo de Sponsored by: Absolight --- dns/bind9-devel/files/named.conf.in | 12 ++---------- dns/bind9-devel/files/pkg-message.in | 7 +++++++ dns/bind910/Makefile | 2 +- dns/bind910/distinfo | 6 +++--- dns/bind910/files/named.conf.in | 12 ++---------- dns/bind910/files/pkg-message.in | 8 ++++++++ dns/bind911/Makefile | 2 +- dns/bind911/distinfo | 6 +++--- dns/bind911/files/named.conf.in | 12 ++---------- dns/bind911/files/pkg-message.in | 8 ++++++++ dns/bind99/Makefile | 2 +- dns/bind99/distinfo | 6 +++--- dns/bind99/files/named.conf.in | 12 ++---------- dns/bind99/files/pkg-message.in | 8 ++++++++ 14 files changed, 51 insertions(+), 52 deletions(-) diff --git a/dns/bind9-devel/files/named.conf.in b/dns/bind9-devel/files/named.conf.in index 254a65f66085..2d23a6592fae 100644 --- a/dns/bind9-devel/files/named.conf.in +++ b/dns/bind9-devel/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind9-devel/files/pkg-message.in b/dns/bind9-devel/files/pkg-message.in index 13383a1d0d16..e62ff8197c9a 100644 --- a/dns/bind9-devel/files/pkg-message.in +++ b/dns/bind9-devel/files/pkg-message.in @@ -12,6 +12,13 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * * * * * * THIS IS A DEVELOPMENT VERSION IF BIND, IT WILL EAT YOUR DATA * diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile index 0a25fc7ef820..03eb0994856a 100644 --- a/dns/bind910/Makefile +++ b/dns/bind910/Makefile @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.5 +ISCVERSION= 9.10.5-P1 USES= cpe libedit diff --git a/dns/bind910/distinfo b/dns/bind910/distinfo index b2b5353042f1..fed094a2e921 100644 --- a/dns/bind910/distinfo +++ b/dns/bind910/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492690349 -SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e -SIZE (bind-9.10.5.tar.gz) = 9431916 +TIMESTAMP = 1497425849 +SHA256 (bind-9.10.5-P1.tar.gz) = 82fb885de927fdb4db0a0bb5e5efda839a857ff70adbcfcb0486a010924ae5cd +SIZE (bind-9.10.5-P1.tar.gz) = 9406887 diff --git a/dns/bind910/files/named.conf.in b/dns/bind910/files/named.conf.in index 254a65f66085..2d23a6592fae 100644 --- a/dns/bind910/files/named.conf.in +++ b/dns/bind910/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind910/files/pkg-message.in b/dns/bind910/files/pkg-message.in index eb26dbbe1413..a1bfad91fb81 100644 --- a/dns/bind910/files/pkg-message.in +++ b/dns/bind910/files/pkg-message.in @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile index 1136bb195737..a74c804bada6 100644 --- a/dns/bind911/Makefile +++ b/dns/bind911/Makefile @@ -30,7 +30,7 @@ LICENSE= MPL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.1 +ISCVERSION= 9.11.1-P1 USES= cpe libedit diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo index 78d19e4fe4d4..32648bcc1971 100644 --- a/dns/bind911/distinfo +++ b/dns/bind911/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492691449 -SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2 -SIZE (bind-9.11.1.tar.gz) = 9762743 +TIMESTAMP = 1497425959 +SHA256 (bind-9.11.1-P1.tar.gz) = 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 +SIZE (bind-9.11.1-P1.tar.gz) = 9745364 diff --git a/dns/bind911/files/named.conf.in b/dns/bind911/files/named.conf.in index 254a65f66085..2d23a6592fae 100644 --- a/dns/bind911/files/named.conf.in +++ b/dns/bind911/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind911/files/pkg-message.in b/dns/bind911/files/pkg-message.in index eb26dbbe1413..a1bfad91fb81 100644 --- a/dns/bind911/files/pkg-message.in +++ b/dns/bind911/files/pkg-message.in @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile index cb1891a7171b..c23f2b241cfd 100644 --- a/dns/bind99/Makefile +++ b/dns/bind99/Makefile @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.10 +ISCVERSION= 9.9.10-P1 USES= cpe libedit diff --git a/dns/bind99/distinfo b/dns/bind99/distinfo index 8e4f40e26251..2417bcec9c4a 100644 --- a/dns/bind99/distinfo +++ b/dns/bind99/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492688489 -SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a -SIZE (bind-9.9.10.tar.gz) = 8857543 +TIMESTAMP = 1497425667 +SHA256 (bind-9.9.10-P1.tar.gz) = 2c09f361a5936b31dcfd9dfaa324351dc2cd25ca0a380cf4caa2cc94b3ba6bc5 +SIZE (bind-9.9.10-P1.tar.gz) = 8836915 diff --git a/dns/bind99/files/named.conf.in b/dns/bind99/files/named.conf.in index 254a65f66085..2d23a6592fae 100644 --- a/dns/bind99/files/named.conf.in +++ b/dns/bind99/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind99/files/pkg-message.in b/dns/bind99/files/pkg-message.in index eb26dbbe1413..a1bfad91fb81 100644 --- a/dns/bind99/files/pkg-message.in +++ b/dns/bind99/files/pkg-message.in @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** -- cgit v1.2.3