Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/net/bind99
From: Benny Siegert
Date: 2017-04-13 13:54:13
Message id: 20170413115414.08BC2FBE4@cvs.NetBSD.org

Log Message:
Pullup ticket #5273 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                           1.66
- net/bind99/distinfo                                           1.44

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Apr 13 01:53:35 UTC 2017

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log Message:
   Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8).

   Quote from release announce:

      BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
      CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
      for the root zone.

   Quote from CHANGELOG:

   	--- 9.9.9-P8 released ---

   4582.	[security]	'rndc ""' could trigger a assertion failure in named.
   			(CVE-2017-3138) [RT #44924]

   4580.	[bug]		4578 introduced a regression when handling CNAME to
   			referral below the current domain. [RT #44850]

   	--- 9.9.9-P7 released ---

   4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
   			queries could trigger assertion failures.
   			(CVE-2017-3137) [RT #44734]

   4575.	[security]	DNS64 with "break-dnssec yes;" can result in an
   			assertion failure. (CVE-2017-3136) [RT #44653]

   4564.	[maint]		Update the built in managed keys to include the
   			upcoming root KSK. [RT #44579]

Files:
RevisionActionfile
1.65.2.1modifypkgsrc/net/bind99/Makefile
1.43.2.1modifypkgsrc/net/bind99/distinfo