./net/bind916, Berkeley Internet Name Daemon implementation of DNS, version 9.16

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2021Q3, Version: 9.16.22, Package name: bind-9.16.22, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.16 release.

* New dnssec-policy statement to configure a key and signing policy for
zones, enabling automatic key regeneration and rollover.
* New network manager based on libuv.
* Added support for the new GeoIP2 geolocation API, libmaxminddb.
* Improved DNSSEC trust anchor configuration using the trust-anchors
statement, permitting configuration of trust anchors in DS as well as
DNSKEY format.
* YAML output for dig, mdig, and delv.

MESSAGE.rcd [+/-]


Package options: blacklist, readline, threads

Master sites:

SHA1: 0d56f6a88532363757534566598c48a9f7072bfa
RMD160: 73822462c0d47d919de54a5f7ce1ff7e20bb1452
Filesize: 4940.43 KB

Version history: (Expand)


CVS history: (Expand)


   2021-11-01 23:24:57 by Thomas Merkel | Files touched by this commit (24) | Package updated
Log message:
Pullup ticket #6525 - requested by taca
net/bind916: security fix

Revisions pulled up:
- net/bind916/Makefile                                          1.28-1.29
- net/bind916/distinfo                                          1.24,1.26
- net/bind916/patches/patch-bin_named_unix_os.c                 1.1
- net/bind916/patches/patch-bin_tools_arpaname.c                deleted
- \ 
net/bind916/patches/patch-contrib_dlz_modules_wildcard_dlz__wildcard__dynamic.c \ 
deleted
- net/bind916/patches/patch-lib_dns_client.c                    1.1
- net/bind916/patches/patch-lib_dns_dnsrps.c                    deleted
- net/bind916/patches/patch-lib_dns_include_dns_client.h        1.1
- net/bind916/patches/patch-lib_dns_include_dns_zone.h          1.3
- net/bind916/patches/patch-lib_dns_peer.c                      deleted
- net/bind916/patches/patch-lib_dns_rbt.c                       1.3
- net/bind916/patches/patch-lib_dns_rdata.c                     1.1
- net/bind916/patches/patch-lib_dns_zone.c                      1.5
- net/bind916/patches/patch-lib_isc_app.c                       1.1
- net/bind916/patches/patch-lib_isc_netmgr_netmgr-int.h         1.1
- net/bind916/patches/patch-lib_isc_netmgr_netmgr.c             1.2
- net/bind916/patches/patch-lib_isc_siphash.c                   1.3
- net/bind916/patches/patch-lib_isc_timer.c                     1.1
- net/bind916/patches/patch-lib_isc_unix_include_isc_align.h    deleted
- net/bind916/patches/patch-lib_isc_unix_include_isc_stdatomic.h 1.1
- net/bind916/patches/patch-lib_isc_unix_socket.c               1.6
- net/bind916/patches/patch-lib_ns_Makefile.in                  1.3
- net/bind916/patches/patch-lib_ns_client.c                     1.5
- net/bind916/patches/patch-lib_ns_interfacemgr.c               deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Oct 24 06:40:28 UTC 2021

   Modified Files:
   	pkgsrc/net/bind916: Makefile distinfo
   	pkgsrc/net/bind916/patches: patch-lib_dns_include_dns_zone.h
   	    patch-lib_dns_rbt.c patch-lib_dns_zone.c
   	    patch-lib_isc_netmgr_netmgr.c patch-lib_isc_unix_socket.c
   	    patch-lib_ns_Makefile.in patch-lib_ns_client.c
   Added Files:
   	pkgsrc/net/bind916/patches: patch-bin_named_unix_os.c
   	    patch-lib_dns_client.c patch-lib_dns_include_dns_client.h
   	    patch-lib_dns_rdata.c patch-lib_isc_app.c
   	    patch-lib_isc_netmgr_netmgr-int.h patch-lib_isc_siphash.c
   	    patch-lib_isc_timer.c patch-lib_isc_unix_include_isc_stdatomic.h
   Removed Files:
   	pkgsrc/net/bind916/patches: patch-bin_tools_arpaname.c
   	    patch-contrib_dlz_modules_wildcard_dlz__wildcard__dynamic.c
   	    patch-lib_dns_dnsrps.c patch-lib_dns_peer.c
   	    patch-lib_isc_unix_include_isc_align.h patch-lib_ns_interfacemgr.c

   Log message:
   net/bind916: update pkgsrc changes from NetBSD

   Catch up changes from NetBSD; update them for BIND 9.16.

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Oct 29 06:01:19 UTC 2021

   Modified Files:
   	pkgsrc/net/bind916: Makefile distinfo

   Log message:
   net/bind916: update to 9.16.22

   This release contains security fix.

   --- 9.16.22 released ---

   5736.	[security]	The "lame-ttl" option is now forcibly set to 0. This
   			effectively disables the lame server cache, as it could
   			previously be abused by an attacker to significantly
   			degrade resolver performance. (CVE-2021-25219)
   			[GL #2899]

   5724.	[bug]		Address a potential deadlock when checking zone content
   			consistency. [GL #2908]

   5723.	[bug]		Change 5709 broke backward compatibility for the
   			"check-names master ..." and "check-names slave ..."
   			options. This has been fixed. [GL #2911]

   5720.	[contrib]	Old-style DLZ drivers that had to be enabled at
   			build-time have been marked as deprecated. [GL #2814]

   5719.	[func]		The "map" zone file format has been marked as
   			deprecated. [GL #2882]

   5717.	[func]		The "cache-file" option, which was documented as "for
   			testing purposes only" and not to be used, has been
   			removed. [GL #2903]

   5716.	[bug]		Multiple library names were mistakenly passed to the
   			krb5-config utility when ./configure was invoked with
   			the --with-gssapi=[/path/to/]krb5-config option. This
   			has been fixed by invoking krb5-config separately for
   			each required library. [GL #2866]

   5715.	[func]		Add a check for ports specified in "*-source(-v6)"
   			options clashing with a global listening port. Such a
   			configuration was already unsupported, but it failed
   			silently; it is now treated as an error. [GL #2888]

   5714.	[bug]		Remove the "adjust interface" mechanism which was
   			responsible for setting up listeners on interfaces when
   			the "*-source(-v6)" address and port were the same as
   			the "listen-on(-v6)" address and port. Such a
   			configuration is no longer supported; under certain
   			timing conditions, that mechanism could prevent named
   			from listening on some TCP ports. This has been fixed.
   			[GL #2852]

   5712.	[doc]		Add deprecation notice about removing native PKCS#11
   			support in the next major BIND 9 release. [GL #2691]