Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/net/bind910
From: Benny Siegert
Date: 2017-04-13 13:29:32
Message id: 20170413112932.99D35FBE4@cvs.NetBSD.org

Log Message:
Pullup ticket #5272 - requested by taca
net/bind910: security fix

Revisions pulled up:
- net/bind910/Makefile                                          1.32
- net/bind910/distinfo                                          1.23

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Apr 13 01:52:42 UTC 2017

   Modified Files:
   	pkgsrc/net/bind910: Makefile distinfo

   Log Message:
   Update bind910 to 9.10.4pl8 (BIND 9.10.4-P8).

   Quote from release announce:

      BIND 9.10.4-P8 addresses the security issues described in
      CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the
      built-in trusted keys for the root zone.

   From CHANGELOG:

   	--- 9.10.4-P8 released ---

   4582.	[security]	'rndc ""' could trigger a assertion failure in named.
   			(CVE-2017-3138) [RT #44924]

   4580.	[bug]		4578 introduced a regression when handling CNAME to
   			referral below the current domain. [RT #44850]

   	--- 9.10.4-P7 released ---

   4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
   			queries could trigger assertion failures.
   			(CVE-2017-3137) [RT #44734]

   4575.	[security]	DNS64 with "break-dnssec yes;" can result in an
   			assertion failure. (CVE-2017-3136) [RT #44653]

   4564.	[maint]		Update the built in managed keys to include the
   			upcoming root KSK. [RT #44579]

Files:
RevisionActionfile
1.31.2.1modifypkgsrc/net/bind910/Makefile
1.22.2.1modifypkgsrc/net/bind910/distinfo