From f2d0e1387a4dd182cf2256c37e5fb2ceefa4c1c5 Mon Sep 17 00:00:00 2001 From: Philip Paeps Date: Thu, 18 Jun 2020 08:29:57 +0000 Subject: MFH: r539519 dns/bind911: update to 9.11.20. Security: CVE-2020-8619 Submitted by: mat (maintainer) Approved by: ports-secteam (joneum) --- dns/bind911/Makefile | 3 ++- dns/bind911/distinfo | 6 +++--- dns/bind911/files/extrapatch-bind-min-override-ttl | 12 ++++++------ dns/bind911/pkg-plist | 1 + 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile index 2754408acd09..9a734f8219ca 100644 --- a/dns/bind911/Makefile +++ b/dns/bind911/Makefile @@ -3,6 +3,7 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} +PORTREVISION= 0 CATEGORIES= dns net MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 911 @@ -23,7 +24,7 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools USES= cpe libedit pkgconfig # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.19 +ISCVERSION= 9.11.20 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo index 865fd4ae60c9..ea9089dca2ea 100644 --- a/dns/bind911/distinfo +++ b/dns/bind911/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1589559723 -SHA256 (bind-9.11.19.tar.gz) = 0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329 -SIZE (bind-9.11.19.tar.gz) = 8230483 +TIMESTAMP = 1592316422 +SHA256 (bind-9.11.20.tar.gz) = 306831a738a275693bbe1d6839a09b34a2c8b5c26f8a42ea57ef000a6a99c2b6 +SIZE (bind-9.11.20.tar.gz) = 8244703 diff --git a/dns/bind911/files/extrapatch-bind-min-override-ttl b/dns/bind911/files/extrapatch-bind-min-override-ttl index 426c1c462368..3bf0b96f66a3 100644 --- a/dns/bind911/files/extrapatch-bind-min-override-ttl +++ b/dns/bind911/files/extrapatch-bind-min-override-ttl @@ -1,7 +1,7 @@ - Add the min-cache-ttl config knob. - Add the override-cache-ttl config knob. ---- bin/named/config.c.orig 2020-05-06 12:50:24 UTC +--- bin/named/config.c.orig 2020-06-10 18:00:37 UTC +++ bin/named/config.c @@ -182,6 +182,8 @@ options {\n\ " max-acache-size 16M;\n\ @@ -12,7 +12,7 @@ max-clients-per-query 100;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-recursion-depth 7;\n\ ---- bin/named/server.c.orig 2020-05-06 12:50:24 UTC +--- bin/named/server.c.orig 2020-06-10 18:00:37 UTC +++ bin/named/server.c @@ -3720,6 +3720,16 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } @@ -31,7 +31,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2020-05-06 12:50:24 UTC +--- lib/dns/include/dns/view.h.orig 2020-06-10 18:00:37 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { bool requestnsid; @@ -42,9 +42,9 @@ dns_ttl_t maxncachettl; uint32_t nta_lifetime; uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2020-05-06 12:50:24 UTC +--- lib/dns/resolver.c.orig 2020-06-10 18:00:37 UTC +++ lib/dns/resolver.c -@@ -5553,6 +5553,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb +@@ -5549,6 +5549,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* @@ -63,7 +63,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2020-05-06 12:50:24 UTC +--- lib/isccfg/namedconf.c.orig 2020-06-10 18:00:37 UTC +++ lib/isccfg/namedconf.c @@ -1773,6 +1773,8 @@ view_clauses[] = { #endif diff --git a/dns/bind911/pkg-plist b/dns/bind911/pkg-plist index 59ce4861a244..3d665426fc04 100644 --- a/dns/bind911/pkg-plist +++ b/dns/bind911/pkg-plist @@ -223,6 +223,7 @@ include/isc/time.h include/isc/timer.h include/isc/tm.h include/isc/types.h +include/isc/utf8.h include/isc/util.h include/isc/version.h include/isc/xml.h -- cgit v1.2.3