Subject: CVS commit: [pkgsrc-2015Q2] pkgsrc/net/bind910
From: Matthias Scheler
Date: 2015-09-03 22:11:22
Message id: 20150903201122.BA7F598@cvs.netbsd.org
Log Message:
Pullup ticket #4811 - requested by sevan
net/bind910: security update

Revisions pulled up:
- net/bind910/Makefile                                          1.11-1.12
- net/bind910/distinfo                                          1.9-1.10
- net/bind910/patches/patch-lib_dns_hmac_link.c                 deleted
- net/bind910/patches/patch-lib_dns_include_dst_dst.h           deleted
- net/bind910/patches/patch-lib_dns_ncache.c                    deleted
- net/bind910/patches/patch-lib_dns_openssldh_link.c            deleted
- net/bind910/patches/patch-lib_dns_openssldsa_link.c           deleted
- net/bind910/patches/patch-lib_dns_opensslecdsa_link.c         deleted
- net/bind910/patches/patch-lib_dns_opensslrsa_link.c           deleted
- net/bind910/patches/patch-lib_dns_pkcs11dh_link.c             deleted
- net/bind910/patches/patch-lib_dns_pkcs11dsa_link.c            deleted
- net/bind910/patches/patch-lib_dns_pkcs11rsa_link.c            deleted
- net/bind910/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c deleted
- net/bind910/patches/patch-lib_dns_resolver.c                  deleted

---
   Module Name:	pkgsrc
   Committed By:	sevan
   Date:		Wed Sep  2 19:46:44 UTC 2015

   Modified Files:
   	pkgsrc/net/bind910: Makefile distinfo
   Added Files:
   	pkgsrc/net/bind910/patches: patch-lib_dns_hmac_link.c
   	    patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c
   	    patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c
   	    patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslrsa_link.c
   	    patch-lib_dns_pkcs11dh_link.c patch-lib_dns_pkcs11dsa_link.c
   	    patch-lib_dns_pkcs11rsa_link.c
   	    patch-lib_dns_rdata_generic_openpgpkey_61.c
   	    patch-lib_dns_resolver.c

   Log Message:
   Patch CVE-2015-5722 & CVE-2015-5986
   Bump rev

   CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed
   assertion in buffer.c
   https://kb.isc.org/article/AA-01287/0

   CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion
   failure in openpgpkey_61.c
   https://kb.isc.org/article/AA-01291/0

   Reviewed by wiz@

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep  3 00:33:32 UTC 2015

   Modified Files:
   	pkgsrc/net/bind910: Makefile distinfo
   Removed Files:
   	pkgsrc/net/bind910/patches: patch-lib_dns_hmac_link.c
   	    patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c
   	    patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c
   	    patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslrsa_link.c
   	    patch-lib_dns_pkcs11dh_link.c patch-lib_dns_pkcs11dsa_link.c
   	    patch-lib_dns_pkcs11rsa_link.c
   	    patch-lib_dns_rdata_generic_openpgpkey_61.c
   	    patch-lib_dns_resolver.c

   Log Message:
   Update bind910 to 9.10.2pl4 (BIND 9.10.2-P4).
   (Already fixed by bind-9.10.2pl3nb1.)

   	--- 9.10.2-P4 released ---

   4170.	[security]	An incorrect boundary check in the OPENPGPKEY
   			rdatatype could trigger an assertion failure.
   			(CVE-2015-5986) [RT #40286]

   4168.	[security]	A buffer accounting error could trigger an
   			assertion failure when parsing certain malformed
   			DNSSEC keys. (CVE-2015-5722) [RT #40212]
Files:
RevisionActionfile
1.8.2.3modifypkgsrc/net/bind910/Makefile
1.6.2.3modifypkgsrc/net/bind910/distinfo