Subject: CVS commit: [pkgsrc-2012Q3] pkgsrc/net/bind99
From: Matthias Scheler
Date: 2012-10-10 15:48:13
Message id: 20121010134813.B266F175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3944 - requested by taca
net/bind99: security update

Revisions pulled up:
- net/bind99/Makefile                                           1.12-1.13
- net/bind99/PLIST                                              1.3
- net/bind99/distinfo                                           1.9
- net/bind99/patches/patch-bin_tests_system_Makefile.in         1.3
- net/bind99/patches/patch-configure                            1.3
- net/bind99/patches/patch-configure.in                         1.2

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct  3 21:59:10 UTC 2012

   Modified Files:
   	pkgsrc/net/bind99: Makefile

   Log Message:
   Bump all packages that use perl, or depend on a p5-* package, or
   are called p5-*.

   I hope that's all of them.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Oct 10 03:07:13 UTC 2012

   Modified Files:
   	pkgsrc/net/bind99: Makefile PLIST distinfo
   	pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
   	    patch-configure patch-configure.in

   Log Message:
   Update bind99 to 9.9.2 (BIND 9.9.2).

   Here are change changes from release note.  Note security fixes except
   CVE-2012-5166 should be already fixed in previous version of bind99 package.

   Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.

   Security Fixes

   * A deliberately constructed combination of records could cause named to hang
     while populating the additional section of a response. [CVE-2012-5166] [RT
     #31090]
   * Prevents a named assert (crash) when queried for a record whose RDATA
     exceeds 65535 bytes.  [CVE-2012-4244] [RT #30416]
   * Prevents a named assert (crash) when validating caused by using "Bad \ 
cache"
     data before it has been initialized. [CVE-2012-3817] [RT #30025]
   * A condition has been corrected where improper handling of zero-length RDATA
     could cause undesirable behavior, including termination of the named
     process. [CVE-2012-1667] [RT #29644]
   * ISC_QUEUE handling for recursive clients was updated to address a race
     condition that could cause a memory leak. This rarely occurred with UDP
     clients, but could be a significant problem for a server handling a steady
     rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]

   New Features

   * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
     now supported per RFC 6605. [RT #21918]
   * Introduces a new tool "dnssec-checkds" command that checks a zone to
     determine which DS records should be published in the parent zone, or which
     DLV records should be published in a DLV zone, and queries the DNS to ensure
     that it exists. (Note: This tool depends on python; it will not be built or
     installed on systems that do not have a python interpreter.)  [RT #28099]
   * Introduces a new tool "dnssec-verify" that validates a signed \ 
zone, checking
     for the correctness of signatures and NSEC/NSEC3 chains.  [RT #23673]
   * Adds configuration option "max-rsa-exponent-size <value>;" \ 
that can be used
     to specify the maximum rsa exponent size that will be accepted when
     validating [RT #29228]

   Feature Changes

   * Improves OpenSSL error logging [RT #29932]
   * nslookup now returns a nonzero exit code when it is unable to get an answer.
     [RT #29492]

Files:
RevisionActionfile
1.11.2.1modifypkgsrc/net/bind99/Makefile
1.2.4.1modifypkgsrc/net/bind99/PLIST
1.8.2.1modifypkgsrc/net/bind99/distinfo
1.2.4.1modifypkgsrc/net/bind99/patches/patch-bin_tests_system_Makefile.in
1.2.2.1modifypkgsrc/net/bind99/patches/patch-configure
1.1.2.1modifypkgsrc/net/bind99/patches/patch-configure.in