Subject: CVS commit: [pkgsrc-2010Q4] pkgsrc/net/bind97
From: Matthias Scheler
Date: 2011-02-23 20:23:21
Message id: 20110223192321.DDD72175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3363 - requested by taca
net/bind97: security update

Revisions pulled up:
- net/bind97/Makefile				1.6
- net/bind97/PLIST				1.4
- net/bind97/distinfo				1.6
- net/bind97/files/named9.sh			1.2
- net/bind97/patches/patch-ac			1.3
- net/bind97/patches/patch-ae			1.2
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Wed Feb 16 17:43:22 UTC 2011

Modified Files:
	pkgsrc/net/bind97: Makefile PLIST distinfo
	pkgsrc/net/bind97/files: named9.sh
	pkgsrc/net/bind97/patches: patch-ac patch-ae

Log Message:
Update bind97 package to 9.7.3.

* also sync rc scrpt with base system.

Bug Fixes

9.7.3

     * BIND now builds with threads disabled in versions of NetBSD earlier
       than 5.0 and with pthreads enabled by default in NetBSD versions
       5.0 and higher. Also removes support for unproven-pthreads,
       mit-pthreads and ptl2. [RT #19203]
     * Added a regression test for fix 2896/RT #21045 ("rndc sign" failed
       to properly update the zone when adding a DNSKEY for publication
       only). [RT #21324]
     * "nsupdate -l" now gives error message if \ 
"session.key" file is not
       found. [RT #21670]
     * HPUX now correctly defaults to using /dev/poll, which should
       increase performance. [RT #21919]
     * If named is running as a threaded application, after an "rndc stop"
       command has been issued, other inbound TCP requests can cause named
       to hang and never complete shutdown. [RT #22108]
     * After an "rndc reconfig", the refresh timer for managed-keys is
       ignored, resulting in managed-keys not being refreshed until named
       is restarted. [RT #22296]
     * An NSEC3PARAM record placed inside a zone which is not properly
       signed with NSEC3 could cause named to crash, if changed via
       dynamic update. [RT #22363]
     * "rndc -h" now includes "loadkeys" option. [RT #22493]
     * When performing a GSS-TSIG signed dynamic zone update, memory could
       be leaked. This causes an unclean shutdown and may affect
       long-running servers. [RT #22573]
     * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
       allows for a TCP DoS attack. Until there is a kernel fix, ISC is
       disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
     * When signing records, named didn't filter out any TTL changes to
       DNSKEY records. This resulted in an incomplete key set. TTL changes
       are now dealt with before signing. [RT #22590]
     * Corrected a defect where a combination of dynamic updates and zone
       transfers incorrectly locked the in-memory zone database, causing
       named to freeze. [RT #22614]
     * Don't run MX checks (check-mx) when the MX record points to ".".
       [RT #22645]
     * DST key reference counts can now be incremented via dst_key_attach.
       [RT #22672]
     * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32
       were updated/corrected per current Windows OS. [RT #22724]
     * "dnssec-settime -S" no longer tests prepublication interval
       validity when the interval is set to 0. [RT #22761]
     * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
       attr. [RT #22766]
     * The Kerberos realm was being truncated when being pulled from the
       the host prinicipal, make krb5-self updates fail. [RT #22770]
     * named failed to preserve the case of domain names in RDATA which is
       not compressible when writing master files. [RT #22863]
     * The man page for dnssec-keyfromlabel incorrectly had "-U" rather
       than the correct option "-I". [RT #22887]
     * The "rndc" command usage statement was missing the \ 
"-b" option. [RT
       #22937]
     * There was a bug in how the clients-per-query code worked with some
       query patterns. This could result, in rare circumstances, in having
       all the client query slots filled with queries for the same DNS
       label, essentially ignoring the max-clients-per-query setting. [RT
       #22972]
     * The secure zone update feature in named is based on the zone being
       signed and configured for dynamic updates. A bug in the ACL
       processing for "allow-update { none; };" resulted in a zone that is
       supposed to be static being treated as a dynamic zone. Thus, name
       would try to sign/re-sign that zone erroneously. [RT #23120]

Files:
RevisionActionfile
1.5.2.1modifypkgsrc/net/bind97/Makefile
1.3.4.1modifypkgsrc/net/bind97/PLIST
1.5.2.1modifypkgsrc/net/bind97/distinfo
1.1.1.1.6.1modifypkgsrc/net/bind97/files/named9.sh
1.2.4.1modifypkgsrc/net/bind97/patches/patch-ac
1.1.1.1.6.1modifypkgsrc/net/bind97/patches/patch-ae