From owner-svn-ports-all@freebsd.org Wed Jun 14 22:56:47 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 719E0BF5817; Wed, 14 Jun 2017 22:56:47 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2FCB17BC34; Wed, 14 Jun 2017 22:56:47 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v5EMukTe028390; Wed, 14 Jun 2017 22:56:46 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v5EMujHZ028375; Wed, 14 Jun 2017 22:56:45 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201706142256.v5EMujHZ028375@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Wed, 14 Jun 2017 22:56:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r443609 - in branches/2017Q2/dns: bind9-devel/files bind910 bind910/files bind911 bind911/files bind99 bind99/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2017 22:56:47 -0000 Author: mat Date: Wed Jun 14 22:56:44 2017 New Revision: 443609 URL: https://svnweb.freebsd.org/changeset/ports/443609 Log: MFH: r443608 r443607 Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1. Security: CVE-2017-3140 Security: CVE-2017-3141 Sponsored by: Absolight Remove special handling for testing and documentation domains, per RFC 6761 recommendations. While there: - Fix invalid syntax in sample slave config. - Add a message about having syslogd working with BIND9 chroot. PR: 217915 Reported by: eserte12 yahoo de Sponsored by: Absolight Modified: branches/2017Q2/dns/bind9-devel/files/named.conf.in branches/2017Q2/dns/bind9-devel/files/pkg-message.in branches/2017Q2/dns/bind910/Makefile branches/2017Q2/dns/bind910/distinfo branches/2017Q2/dns/bind910/files/named.conf.in branches/2017Q2/dns/bind910/files/pkg-message.in branches/2017Q2/dns/bind911/Makefile branches/2017Q2/dns/bind911/distinfo branches/2017Q2/dns/bind911/files/named.conf.in branches/2017Q2/dns/bind911/files/pkg-message.in branches/2017Q2/dns/bind99/Makefile branches/2017Q2/dns/bind99/distinfo branches/2017Q2/dns/bind99/files/named.conf.in branches/2017Q2/dns/bind99/files/pkg-message.in Directory Properties: branches/2017Q2/ (props changed) Modified: branches/2017Q2/dns/bind9-devel/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind9-devel/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind9-devel/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind9-devel/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind9-devel/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind9-devel/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,6 +12,13 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * * * * * * THIS IS A DEVELOPMENT VERSION IF BIND, IT WILL EAT YOUR DATA * Modified: branches/2017Q2/dns/bind910/Makefile ============================================================================== --- branches/2017Q2/dns/bind910/Makefile Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/Makefile Wed Jun 14 22:56:44 2017 (r443609) @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.5 +ISCVERSION= 9.10.5-P1 USES= cpe libedit Modified: branches/2017Q2/dns/bind910/distinfo ============================================================================== --- branches/2017Q2/dns/bind910/distinfo Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/distinfo Wed Jun 14 22:56:44 2017 (r443609) @@ -1,3 +1,3 @@ -TIMESTAMP = 1492690349 -SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e -SIZE (bind-9.10.5.tar.gz) = 9431916 +TIMESTAMP = 1497425849 +SHA256 (bind-9.10.5-P1.tar.gz) = 82fb885de927fdb4db0a0bb5e5efda839a857ff70adbcfcb0486a010924ae5cd +SIZE (bind-9.10.5-P1.tar.gz) = 9406887 Modified: branches/2017Q2/dns/bind910/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind910/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind910/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind910/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind910/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** Modified: branches/2017Q2/dns/bind911/Makefile ============================================================================== --- branches/2017Q2/dns/bind911/Makefile Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/Makefile Wed Jun 14 22:56:44 2017 (r443609) @@ -30,7 +30,7 @@ LICENSE= MPL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.1 +ISCVERSION= 9.11.1-P1 USES= cpe libedit Modified: branches/2017Q2/dns/bind911/distinfo ============================================================================== --- branches/2017Q2/dns/bind911/distinfo Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/distinfo Wed Jun 14 22:56:44 2017 (r443609) @@ -1,3 +1,3 @@ -TIMESTAMP = 1492691449 -SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2 -SIZE (bind-9.11.1.tar.gz) = 9762743 +TIMESTAMP = 1497425959 +SHA256 (bind-9.11.1-P1.tar.gz) = 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 +SIZE (bind-9.11.1-P1.tar.gz) = 9745364 Modified: branches/2017Q2/dns/bind911/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind911/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind911/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind911/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind911/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** Modified: branches/2017Q2/dns/bind99/Makefile ============================================================================== --- branches/2017Q2/dns/bind99/Makefile Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/Makefile Wed Jun 14 22:56:44 2017 (r443609) @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.10 +ISCVERSION= 9.9.10-P1 USES= cpe libedit Modified: branches/2017Q2/dns/bind99/distinfo ============================================================================== --- branches/2017Q2/dns/bind99/distinfo Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/distinfo Wed Jun 14 22:56:44 2017 (r443609) @@ -1,3 +1,3 @@ -TIMESTAMP = 1492688489 -SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a -SIZE (bind-9.9.10.tar.gz) = 8857543 +TIMESTAMP = 1497425667 +SHA256 (bind-9.9.10-P1.tar.gz) = 2c09f361a5936b31dcfd9dfaa324351dc2cd25ca0a380cf4caa2cc94b3ba6bc5 +SIZE (bind-9.9.10-P1.tar.gz) = 8836915 Modified: branches/2017Q2/dns/bind99/files/named.conf.in ============================================================================== --- branches/2017Q2/dns/bind99/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609) @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; Modified: branches/2017Q2/dns/bind99/files/pkg-message.in ============================================================================== --- branches/2017Q2/dns/bind99/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608) +++ branches/2017Q2/dns/bind99/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609) @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * **********************************************************************