Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/net/bind914
From: Benny Siegert
Date: 2020-05-20 21:42:25
Message id: 20200520194225.C7C75FB27@cvs.NetBSD.org

Log Message:
Pullup ticket #6209 - requested by taca
net/bind914: security fix

Revisions pulled up:
- net/bind914/Makefile                                          1.21
- net/bind914/distinfo                                          1.15

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May 19 10:23:04 UTC 2020

   Modified Files:
   	pkgsrc/net/bind914: Makefile distinfo

   Log Message:
   net/bind914: update to 9.14.12

   Update bind914 to 9.14.12 (BIND 9.14.12).

   Note from release announce:

   BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
   9.14 branch.

   	--- 9.14.12 released ---

   5395.	[security]	Further limit the number of queries that can be
   			triggered from a request.  Root and TLD servers
   			are no longer exempt from max-recursion-queries.
   			Fetches for missing name server address records
   			are limited to 4 for any domain. (CVE-2020-8616)
   			[GL #1388]

   5390.	[security]	Replaying a TSIG BADTIME response as a request could
   			trigger an assertion failure. (CVE-2020-8617)
   			[GL #1703]

   5376.	[bug]		Fix ineffective DNS rebinding protection when BIND is
   			configured as a forwarding DNS server. Thanks to Tobias
   			Klein. [GL #1574]

   5358.	[bug]		Inline master zones whose master files were touched
   			but otherwise unchanged and were subsequently reloaded
   			may have stopped re-signing. [GL !3135]

   5357.	[bug]		Newly added RRSIG records with expiry times before
   			the previous earliest expiry times might not be
   			re-signed in time.  This was a side effect of 5315.
   			[GL !3137]

Files:
RevisionActionfile
1.20.2.1modifypkgsrc/net/bind914/Makefile
1.14.2.1modifypkgsrc/net/bind914/distinfo