svn commit: r499959 - in head/dns/bind914: . files

Fri Apr 26 18:04:12 UTC 2019

On April 25, 2019 12:17:20 AM PDT, Mathieu Arnold <mat at FreeBSD.org> wrote:
>Author: mat
>Date: Thu Apr 25 07:17:20 2019
>New Revision: 499959
>URL: https://svnweb.freebsd.org/changeset/ports/499959
>
>Log:
>  Update to BIND9 9.14.1.
>  
>  MFH:		2019Q2
>  Security:	CVE-2018-5743, CVE-2019-6467
>
>Modified:
>  head/dns/bind914/Makefile   (contents, props changed)
>  head/dns/bind914/distinfo   (contents, props changed)
>head/dns/bind914/files/extrapatch-bind-min-override-ttl   (contents,
>props changed)
>head/dns/bind914/files/extrapatch-bind-tools   (contents, props
>changed)
>  head/dns/bind914/files/patch-configure   (contents, props changed)
>  head/dns/bind914/pkg-plist   (contents, props changed)
>
>Modified: head/dns/bind914/Makefile
>==============================================================================
>--- head/dns/bind914/Makefile	Thu Apr 25 07:17:17 2019	(r499958)
>+++ head/dns/bind914/Makefile	Thu Apr 25 07:17:20 2019	(r499959)
>@@ -8,7 +8,7 @@ PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc
> PORTREVISION=	0
> .else
> # dns/bind914 here
>-PORTREVISION=	1
>+PORTREVISION=	0
> .endif
> CATEGORIES=	dns net ipv6
> MASTER_SITES=	ISC/bind9/${ISCVERSION}
>@@ -36,7 +36,7 @@ RUN_DEPENDS=	bind-tools>0:dns/bind-tools
> 
> USES=	compiler:c11 cpe libedit ssl
> # ISC releases things like 9.8.0-P1, which our versioning doesn't like
>-ISCVERSION=	9.14.0
>+ISCVERSION=	9.14.1
> 
> CPE_VENDOR=	isc
> CPE_VERSION=	${ISCVERSION:C/-.*//}
>
>Modified: head/dns/bind914/distinfo
>==============================================================================
>--- head/dns/bind914/distinfo	Thu Apr 25 07:17:17 2019	(r499958)
>+++ head/dns/bind914/distinfo	Thu Apr 25 07:17:20 2019	(r499959)
>@@ -1,3 +1,3 @@
>-TIMESTAMP = 1553504518
>-SHA256 (bind-9.14.0.tar.gz) =
>4edd459830bb97f749e25a5d42a2a4a093d7800e9962fca4300996cf7ea680af
>-SIZE (bind-9.14.0.tar.gz) = 6290135
>+TIMESTAMP = 1556117981
>+SHA256 (bind-9.14.1.tar.gz) =
>c3c7485d900a03271a9918a071c123e8951871a219f4c1c4383e37717f11db48
>+SIZE (bind-9.14.1.tar.gz) = 6235968
>
>Modified: head/dns/bind914/files/extrapatch-bind-min-override-ttl
>==============================================================================
>--- head/dns/bind914/files/extrapatch-bind-min-override-ttl	Thu Apr 25
>07:17:17 2019	(r499958)
>+++ head/dns/bind914/files/extrapatch-bind-min-override-ttl	Thu Apr 25
>07:17:20 2019	(r499959)
>@@ -1,4 +1,4 @@
>---- bin/named/config.c.orig	2019-03-13 02:03:34 UTC
>+--- bin/named/config.c.orig	2019-04-06 20:09:59 UTC
> +++ bin/named/config.c
> @@ -179,6 +179,7 @@ options {\n\
>  	notify-source *;\n\
>@@ -8,9 +8,9 @@
>  	provide-ixfr true;\n\
>  	qname-minimization relaxed;\n\
>  	query-source address *;\n\
>---- bin/named/server.c.orig	2019-03-13 02:03:34 UTC
>+--- bin/named/server.c.orig	2019-04-06 20:09:59 UTC
> +++ bin/named/server.c
>-@@ -4162,6 +4162,11 @@ configure_view(dns_view_t *view, dns_viewlist_t
>*viewl
>+@@ -4178,6 +4178,11 @@ configure_view(dns_view_t *view, dns_viewlist_t
>*viewl
>  	}
>  
>  	obj = NULL;
>@@ -22,7 +22,7 @@
>  	result = named_config_get(maps, "max-cache-ttl", &obj);
>  	INSIST(result == ISC_R_SUCCESS);
>  	view->maxcachettl = cfg_obj_asuint32(obj);
>---- lib/dns/include/dns/view.h.orig	2019-03-13 02:03:34 UTC
>+--- lib/dns/include/dns/view.h.orig	2019-04-06 20:09:59 UTC
> +++ lib/dns/include/dns/view.h
> @@ -153,6 +153,7 @@ struct dns_view {
>  	bool			requestnsid;
>@@ -32,9 +32,9 @@
>  	dns_ttl_t			maxncachettl;
>  	dns_ttl_t			mincachettl;
>  	dns_ttl_t			minncachettl;
>---- lib/dns/resolver.c.orig	2019-03-13 02:03:34 UTC
>+--- lib/dns/resolver.c.orig	2019-04-06 20:09:59 UTC
> +++ lib/dns/resolver.c
>-@@ -6009,6 +6009,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name,
>dns_adb
>+@@ -6013,6 +6013,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name,
>dns_adb
>  		}
>  
>  		/*
>@@ -47,9 +47,9 @@
>  		 * Enforce the configure maximum cache TTL.
>  		 */
>  		if (rdataset->ttl > res->view->maxcachettl) {
>---- lib/isccfg/namedconf.c.orig	2019-03-13 02:03:34 UTC
>+--- lib/isccfg/namedconf.c.orig	2019-04-06 20:09:59 UTC
> +++ lib/isccfg/namedconf.c
>-@@ -1899,6 +1899,7 @@ view_clauses[] = {
>+@@ -1901,6 +1901,7 @@ view_clauses[] = {
>  #endif
>	{ "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE
>},
>  	{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
>
>Modified: head/dns/bind914/files/extrapatch-bind-tools
>==============================================================================
>--- head/dns/bind914/files/extrapatch-bind-tools	Thu Apr 25 07:17:17
>2019	(r499958)
>+++ head/dns/bind914/files/extrapatch-bind-tools	Thu Apr 25 07:17:20
>2019	(r499959)
>@@ -1,6 +1,6 @@
> Only select the "tools" part of bind for building.
> 
>---- Makefile.in.orig	2019-03-20 05:57:56 UTC
>+--- Makefile.in.orig	2019-04-06 20:09:59 UTC
> +++ Makefile.in
> @@ -14,7 +14,7 @@ top_builddir =  @top_builddir@
>  
>@@ -27,9 +27,9 @@ Only select the "tools" part of bind for building.
>  
>  uninstall::
>  	rm -f ${DESTDIR}${sysconfdir}/bind.keys
>---- bin/Makefile.in.orig	2019-03-20 05:57:56 UTC
>+--- bin/Makefile.in.orig	2019-04-06 20:09:59 UTC
> +++ bin/Makefile.in
>-@@ -11,7 +11,7 @@ srcdir =	@srcdir@
>+@@ -11,8 +11,8 @@ srcdir =	@srcdir@
>  VPATH =		@srcdir@
>  top_srcdir =	@top_srcdir@
>  
>@@ -39,3 +39,4 @@ Only select the "tools" part of bind for building.
> +		@NZD_TOOLS@ @PYTHON_TOOLS@
>  TARGETS =
>  
>+ @BIND9_MAKE_RULES@
>
>Modified: head/dns/bind914/files/patch-configure
>==============================================================================
>--- head/dns/bind914/files/patch-configure	Thu Apr 25 07:17:17
>2019	(r499958)
>+++ head/dns/bind914/files/patch-configure	Thu Apr 25 07:17:20
>2019	(r499959)
>@@ -1,6 +1,6 @@
>---- configure.orig	2019-03-13 02:03:34 UTC
>+--- configure.orig	2019-04-06 20:09:59 UTC
> +++ configure
>-@@ -16318,27 +16318,9 @@ done
>+@@ -16317,27 +16317,9 @@ done
>  		# problems start to show up.
>  		saved_libs="$LIBS"
>  		for TRY_LIBS in \
>@@ -30,7 +30,7 @@
>		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as
>$TRY_LIBS" >&5
>  $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
>  		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
>-@@ -16381,47 +16363,7 @@ $as_echo "no" >&6; } ;;
>+@@ -16380,47 +16362,7 @@ $as_echo "no" >&6; } ;;
>		no) as_fn_error $? "could not determine proper GSSAPI linkage"
>"$LINENO" 5 ;;
>  		esac
>  
>@@ -79,7 +79,7 @@
>  		DNS_GSSAPI_LIBS="$LIBS"
>  
>		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from
>$use_gssapi/lib and $use_gssapi/include" >&5
>-@@ -20928,7 +20870,7 @@ $as_echo "" >&6; }
>+@@ -20924,7 +20866,7 @@ $as_echo "" >&6; }
>  			# Check other locations for includes.
>  			# Order is important (sigh).
>  
>
>Modified: head/dns/bind914/pkg-plist
>==============================================================================
>--- head/dns/bind914/pkg-plist	Thu Apr 25 07:17:17 2019	(r499958)
>+++ head/dns/bind914/pkg-plist	Thu Apr 25 07:17:20 2019	(r499959)
>@@ -36,7 +36,6 @@ include/dns/dns64.h
> include/dns/dnsrps.h
> include/dns/dnssec.h
> include/dns/dnstap.h
>-%%DNSTAP%%include/dns/dnstap.pb-c.h
> include/dns/ds.h
> include/dns/dsdigest.h
> include/dns/dyndb.h

Should this and the other bind ports be documented in vuxml? The reason I ask is I was showing my manager at $JOB the vuxml site regarding these very CVEs but they are not documented yet.

-- 
Pardon the typos and autocorrect, small keyboard in use.
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.