From owner-svn-ports-branches@freebsd.org Wed Mar 9 21:21:53 2016 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11B9AAC8BB3; Wed, 9 Mar 2016 21:21:53 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D5FB7163B; Wed, 9 Mar 2016 21:21:52 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u29LLpql068784; Wed, 9 Mar 2016 21:21:51 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u29LLo8a068773; Wed, 9 Mar 2016 21:21:50 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201603092121.u29LLo8a068773@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Wed, 9 Mar 2016 21:21:50 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r410729 - in branches/2016Q1/dns: bind9-devel bind9-devel/files bind910 bind910/files bind99 bind99/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 21:21:53 -0000 Author: mat Date: Wed Mar 9 21:21:50 2016 New Revision: 410729 URL: https://svnweb.freebsd.org/changeset/ports/410729 Log: MFH: r410728 Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot. Security: CVE-2016-1285 Security: CVE-2016-1286 Security: CVE-2016-2088 Sponsored by: Absolight Modified: branches/2016Q1/dns/bind9-devel/Makefile branches/2016Q1/dns/bind9-devel/distinfo branches/2016Q1/dns/bind9-devel/files/extrapatch-bind-min-override-ttl branches/2016Q1/dns/bind9-devel/files/patch-configure branches/2016Q1/dns/bind9-devel/pkg-plist branches/2016Q1/dns/bind910/Makefile branches/2016Q1/dns/bind910/distinfo branches/2016Q1/dns/bind910/files/extrapatch-bind-min-override-ttl branches/2016Q1/dns/bind99/Makefile branches/2016Q1/dns/bind99/distinfo branches/2016Q1/dns/bind99/files/extrapatch-bind-min-override-ttl Directory Properties: branches/2016Q1/ (props changed) Modified: branches/2016Q1/dns/bind9-devel/Makefile ============================================================================== --- branches/2016Q1/dns/bind9-devel/Makefile Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind9-devel/Makefile Wed Mar 9 21:21:50 2016 (r410729) @@ -19,8 +19,8 @@ COMMENT= BIND DNS suite with updated DNS LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.0.a20160119 -HASH= fc7bce5 +ISCVERSION= 9.11.0.a20160309 +HASH= 0c7a779 MAKE_JOBS_UNSAFE= yes Modified: branches/2016Q1/dns/bind9-devel/distinfo ============================================================================== --- branches/2016Q1/dns/bind9-devel/distinfo Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind9-devel/distinfo Wed Mar 9 21:21:50 2016 (r410729) @@ -1,2 +1,2 @@ -SHA256 (bind9-fc7bce5.tar.gz) = d216744bc16ed494d4fa86288c7194ccea46ca54a7b502b381eef16d788c989f -SIZE (bind9-fc7bce5.tar.gz) = 11010437 +SHA256 (bind9-0c7a779.tar.gz) = 691e2e196f7c286375a540747a06dfe3ca5c62860859e3f728637bd92ebcdb72 +SIZE (bind9-0c7a779.tar.gz) = 11690194 Modified: branches/2016Q1/dns/bind9-devel/files/extrapatch-bind-min-override-ttl ============================================================================== --- branches/2016Q1/dns/bind9-devel/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind9-devel/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:21:50 2016 (r410729) @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2015-12-19 01:04:14 UTC +--- bin/named/config.c.orig 2016-03-09 04:02:43 UTC +++ bin/named/config.c @@ -159,6 +159,8 @@ options {\n\ lame-ttl 600;\n\ @@ -9,7 +9,7 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 90%;\n\ ---- bin/named/server.c.orig 2015-12-19 01:04:14 UTC +--- bin/named/server.c.orig 2016-03-09 04:02:43 UTC +++ bin/named/server.c @@ -3022,6 +3022,16 @@ configure_view(dns_view_t *view, dns_vie } @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2015-12-19 01:04:14 UTC +--- lib/dns/include/dns/view.h.orig 2016-03-09 04:02:43 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { isc_boolean_t requestnsid; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2015-12-19 01:04:14 UTC +--- lib/dns/resolver.c.orig 2016-03-09 04:02:43 UTC +++ lib/dns/resolver.c -@@ -5397,6 +5397,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5419,6 +5419,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,7 +60,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2015-12-19 01:04:14 UTC +--- lib/isccfg/namedconf.c.orig 2016-03-09 04:02:43 UTC +++ lib/isccfg/namedconf.c @@ -1677,6 +1677,8 @@ view_clauses[] = { { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, Modified: branches/2016Q1/dns/bind9-devel/files/patch-configure ============================================================================== --- branches/2016Q1/dns/bind9-devel/files/patch-configure Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind9-devel/files/patch-configure Wed Mar 9 21:21:50 2016 (r410729) @@ -1,6 +1,6 @@ ---- configure.orig 2015-12-15 23:30:08 UTC +--- configure.orig 2016-03-09 04:02:43 UTC +++ configure -@@ -14113,27 +14113,9 @@ done +@@ -14151,27 +14151,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14176,47 +14158,7 @@ $as_echo "no" >&6; } ;; +@@ -14214,47 +14196,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -21870,7 +21812,7 @@ $as_echo "" >&6; } +@@ -21949,7 +21891,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). Modified: branches/2016Q1/dns/bind9-devel/pkg-plist ============================================================================== --- branches/2016Q1/dns/bind9-devel/pkg-plist Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind9-devel/pkg-plist Wed Mar 9 21:21:50 2016 (r410729) @@ -379,13 +379,13 @@ man/man8/named-compilezone.8.gz man/man8/named-journalprint.8.gz man/man8/named.8.gz man/man8/nsec3hash.8.gz -man/man8/tsig-keygen.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz man/man8/rndc-confgen.8.gz man/man8/rndc.8.gz +man/man8/tsig-keygen.8.gz sbin/arpaname sbin/ddns-confgen %%PYTHON%%sbin/dnssec-checkds Modified: branches/2016Q1/dns/bind910/Makefile ============================================================================== --- branches/2016Q1/dns/bind910/Makefile Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind910/Makefile Wed Mar 9 21:21:50 2016 (r410729) @@ -29,7 +29,7 @@ COMMENT= BIND DNS suite with updated DNS LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.3-P3 +ISCVERSION= 9.10.3-P4 MAKE_JOBS_UNSAFE= yes Modified: branches/2016Q1/dns/bind910/distinfo ============================================================================== --- branches/2016Q1/dns/bind910/distinfo Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind910/distinfo Wed Mar 9 21:21:50 2016 (r410729) @@ -1,2 +1,2 @@ -SHA256 (bind-9.10.3-P3.tar.gz) = 690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83 -SIZE (bind-9.10.3-P3.tar.gz) = 8527540 +SHA256 (bind-9.10.3-P4.tar.gz) = 2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e +SIZE (bind-9.10.3-P4.tar.gz) = 8529535 Modified: branches/2016Q1/dns/bind910/files/extrapatch-bind-min-override-ttl ============================================================================== --- branches/2016Q1/dns/bind910/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind910/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:21:50 2016 (r410729) @@ -1,7 +1,6 @@ -diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/config.c ---- bin/named/config.c 2009-05-22 12:24:49.000000000 +0400 -+++ bin/named/config.c 2009-05-22 12:31:35.000000000 +0400 -@@ -129,6 +129,8 @@ +--- bin/named/config.c.orig 2016-02-29 00:29:06 UTC ++++ bin/named/config.c +@@ -151,6 +151,8 @@ options {\n\ min-roots 2;\n\ lame-ttl 600;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ @@ -10,11 +9,10 @@ diff -Nabdur bind-9.6.0-P1.orig/bin/name max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ -diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/server.c ---- bin/named/server.c 2009-05-22 12:24:49.000000000 +0400 -+++ bin/named/server.c 2009-05-22 12:32:18.000000000 +0400 -@@ -1727,6 +1727,16 @@ - CHECK(mustbesecure(obj, view->resolver)); +--- bin/named/server.c.orig 2016-02-29 00:29:06 UTC ++++ bin/named/server.c +@@ -2797,6 +2797,16 @@ configure_view(dns_view_t *view, dns_vie + } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); @@ -30,22 +28,20 @@ diff -Nabdur bind-9.6.0-P1.orig/bin/name result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); -diff -Nabdur bind-9.6.0-P1.orig/lib/dns/include/dns/view.h bind-9.6.0-P1/lib/dns/include/dns/view.h ---- lib/dns/include/dns/view.h 2009-05-22 12:24:49.000000000 +0400 -+++ lib/dns/include/dns/view.h 2009-05-22 12:29:03.000000000 +0400 -@@ -131,6 +131,8 @@ - isc_boolean_t provideixfr; +--- lib/dns/include/dns/view.h.orig 2016-02-29 00:29:06 UTC ++++ lib/dns/include/dns/view.h +@@ -150,6 +150,8 @@ struct dns_view { isc_boolean_t requestnsid; + isc_boolean_t requestsit; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; - in_port_t dstport; - dns_aclenv_t aclenv; -diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolver.c ---- lib/dns/resolver.c 2009-05-22 12:24:49.000000000 +0400 -+++ lib/dns/resolver.c 2009-05-22 12:30:41.000000000 +0400 -@@ -4054,6 +4054,18 @@ + dns_ttl_t prefetch_trigger; + dns_ttl_t prefetch_eligible; +--- lib/dns/resolver.c.orig 2016-02-29 00:29:06 UTC ++++ lib/dns/resolver.c +@@ -5345,6 +5345,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -64,11 +60,10 @@ diff -Nabdur bind-9.6.0-P1.orig/lib/dns/ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) -diff -Nabdur bind-9.6.0-P1.orig/lib/isccfg/namedconf.c bind-9.6.0-P1/lib/isccfg/namedconf.c ---- lib/isccfg/namedconf.c 2009-05-22 12:24:49.000000000 +0400 -+++ lib/isccfg/namedconf.c 2009-05-22 12:31:21.000000000 +0400 -@@ -821,6 +821,8 @@ - { "lame-ttl", &cfg_type_uint32, 0 }, +--- lib/isccfg/namedconf.c.orig 2016-02-29 00:29:06 UTC ++++ lib/isccfg/namedconf.c +@@ -1561,6 +1561,8 @@ view_clauses[] = { + #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizenodefault, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, Modified: branches/2016Q1/dns/bind99/Makefile ============================================================================== --- branches/2016Q1/dns/bind99/Makefile Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind99/Makefile Wed Mar 9 21:21:50 2016 (r410729) @@ -15,7 +15,7 @@ COMMENT= BIND DNS suite with updated DNS LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.8-P3 +ISCVERSION= 9.9.8-P4 MAKE_JOBS_UNSAFE= yes Modified: branches/2016Q1/dns/bind99/distinfo ============================================================================== --- branches/2016Q1/dns/bind99/distinfo Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind99/distinfo Wed Mar 9 21:21:50 2016 (r410729) @@ -1,4 +1,4 @@ -SHA256 (bind-9.9.8-P3.tar.gz) = 6a489f98dffaf31cfd8b572aa5cc345e8d775758488a4541f2f0c974c8090a07 -SIZE (bind-9.9.8-P3.tar.gz) = 7998476 -SHA256 (9.9.8-P3-rpz2+rl.14038.05.patch.xz) = d886ee7d350b65068c7502e2d925ce675875ed968f3b8c82ad87de5f6843e372 -SIZE (9.9.8-P3-rpz2+rl.14038.05.patch.xz) = 39224 +SHA256 (bind-9.9.8-P4.tar.gz) = 5ed0b852e4d1dc90e10751c7fa70a9ee29a619bad61d97250eac8161009d89f2 +SIZE (bind-9.9.8-P4.tar.gz) = 7999697 +SHA256 (9.9.8-P4-rpz2+rl.14038.05.patch.xz) = 5415559171c03a9a02e31284552a4888911eeb692d57def8d631b7d0564dc5f0 +SIZE (9.9.8-P4-rpz2+rl.14038.05.patch.xz) = 39240 Modified: branches/2016Q1/dns/bind99/files/extrapatch-bind-min-override-ttl ============================================================================== --- branches/2016Q1/dns/bind99/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:16:31 2016 (r410728) +++ branches/2016Q1/dns/bind99/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:21:50 2016 (r410729) @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2015-09-09 02:23:50 UTC +--- bin/named/config.c.orig 2016-02-29 00:30:52 UTC +++ bin/named/config.c @@ -141,6 +141,8 @@ options {\n\ min-roots 2;\n\ @@ -9,7 +9,7 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ ---- bin/named/server.c.orig 2015-09-09 02:23:50 UTC +--- bin/named/server.c.orig 2016-02-29 00:30:52 UTC +++ bin/named/server.c @@ -2554,6 +2554,16 @@ configure_view(dns_view_t *view, cfg_obj } @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2015-09-09 02:23:50 UTC +--- lib/dns/include/dns/view.h.orig 2016-02-29 00:30:52 UTC +++ lib/dns/include/dns/view.h @@ -148,6 +148,8 @@ struct dns_view { isc_boolean_t provideixfr; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; in_port_t dstport; dns_aclenv_t aclenv; ---- lib/dns/resolver.c.orig 2015-09-09 02:23:50 UTC +--- lib/dns/resolver.c.orig 2016-02-29 00:30:52 UTC +++ lib/dns/resolver.c -@@ -5086,6 +5086,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5088,6 +5088,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,7 +60,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2015-09-09 02:23:50 UTC +--- lib/isccfg/namedconf.c.orig 2016-02-29 00:30:52 UTC +++ lib/isccfg/namedconf.c @@ -1448,6 +1448,8 @@ view_clauses[] = { { "lame-ttl", &cfg_type_uint32, 0 },