Date: Wed, 14 Jun 2017 22:56:45 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r443609 - in branches/2017Q2/dns: bind9-devel/files bind910 bind910/files bind911 bind911/files bind99 bind99/files Message-ID: <201706142256.v5EMujHZ028375@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Wed Jun 14 22:56:44 2017 New Revision: 443609 URL: https://svnweb.freebsd.org/changeset/ports/443609 Log: MFH: r443608 r443607 Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1. Security: CVE-2017-3140 Security: CVE-2017-3141 Sponsored by: Absolight Remove special handling for testing and documentation domains, per RFC 6761 recommendations. While there: - Fix invalid syntax in sample slave config. - Add a message about having syslogd working with BIND9 chroot. PR: 217915 Reported by: eserte12 yahoo de Sponsored by: Absolight Modified: branches/2017Q2/dns/bind9-devel/files/named.conf.in branches/2017Q2/dns/bind9-devel/files/pkg-message.in branches/2017Q2/dns/bind910/Makefile branches/2017Q2/dns/bind910/distinfo branches/2017Q2/dns/bind910/files/named.conf.in branches/2017Q2/dns/bind910/files/pkg-message.in branches/2017Q2/dns/bind911/Makefile branches/2017Q2/dns/bind911/distinfo branches/2017Q2/dns/bind911/files/named.conf.in branches/2017Q2/dns/bind911/files/pkg-message.in branches/2017Q2/dns/bind99/Makefile branches/2017Q2/dns/bind99/distinfo branches/2017Q2/dns/bind99/files/named.conf.in branches/2017Q2/dns/bind99/files/pkg-message.in Directory Properties: branches/2017Q2/ (props changed) Modified: branches/2017Q2/dns/bind9-devel/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind9-devel/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind9-devel/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind9-devel/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind9-devel/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind9-devel/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,6 +12,13 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * * * * * * THIS IS A DEVELOPMENT VERSION IF BIND, IT WILL EAT YOUR DATA * Modified: branches/2017Q2/dns/bind910/Makefile ============================================================================== --- branches/2017Q2/dns/bind910/Makefile Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/Makefile Wed Jun 14 22:56:44 2017 (r443609) @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.5 +ISCVERSION= 9.10.5-P1 USES= cpe libedit Modified: branches/2017Q2/dns/bind910/distinfo ============================================================================== --- branches/2017Q2/dns/bind910/distinfo Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/distinfo Wed Jun 14 22:56:44 2017 (r443609) @@ -1,3 +1,3 @@ -TIMESTAMP = 1492690349 -SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e -SIZE (bind-9.10.5.tar.gz) = 9431916 +TIMESTAMP = 1497425849 +SHA256 (bind-9.10.5-P1.tar.gz) = 82fb885de927fdb4db0a0bb5e5efda839a857ff70adbcfcb0486a010924ae5cd +SIZE (bind-9.10.5-P1.tar.gz) = 9406887 Modified: branches/2017Q2/dns/bind910/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind910/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind910/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind910/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** Modified: branches/2017Q2/dns/bind911/Makefile ============================================================================== --- branches/2017Q2/dns/bind911/Makefile Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/Makefile Wed Jun 14 22:56:44 2017 (r443609) @@ -30,7 +30,7 @@ LICENSE= MPL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.1 +ISCVERSION= 9.11.1-P1 USES= cpe libedit Modified: branches/2017Q2/dns/bind911/distinfo ============================================================================== --- branches/2017Q2/dns/bind911/distinfo Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/distinfo Wed Jun 14 22:56:44 2017 (r443609) @@ -1,3 +1,3 @@ -TIMESTAMP = 1492691449 -SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2 -SIZE (bind-9.11.1.tar.gz) = 9762743 +TIMESTAMP = 1497425959 +SHA256 (bind-9.11.1-P1.tar.gz) = 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 +SIZE (bind-9.11.1-P1.tar.gz) = 9745364 Modified: branches/2017Q2/dns/bind911/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind911/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind911/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind911/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** Modified: branches/2017Q2/dns/bind99/Makefile ============================================================================== --- branches/2017Q2/dns/bind99/Makefile Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/Makefile Wed Jun 14 22:56:44 2017 (r443609) @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.10 +ISCVERSION= 9.9.10-P1 USES= cpe libedit Modified: branches/2017Q2/dns/bind99/distinfo ============================================================================== --- branches/2017Q2/dns/bind99/distinfo Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/distinfo Wed Jun 14 22:56:44 2017 (r443609) @@ -1,3 +1,3 @@ -TIMESTAMP = 1492688489 -SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a -SIZE (bind-9.9.10.tar.gz) = 8857543 +TIMESTAMP = 1497425667 +SHA256 (bind-9.9.10-P1.tar.gz) = 2c09f361a5936b31dcfd9dfaa324351dc2cd25ca0a380cf4caa2cc94b3ba6bc5 +SIZE (bind-9.9.10-P1.tar.gz) = 8836915 Modified: branches/2017Q2/dns/bind99/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind99/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind99/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind99/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * **********************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706142256.v5EMujHZ028375>