From owner-svn-ports-branches@freebsd.org Tue May 19 09:29:03 2020 Return-Path: Delivered-To: svn-ports-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D25AA2C921D; Tue, 19 May 2020 09:29:03 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49R9Yq5FWmz4Gcw; Tue, 19 May 2020 09:29:03 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AF6908C97; Tue, 19 May 2020 09:29:03 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04J9T3IB057349; Tue, 19 May 2020 09:29:03 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04J9T2nt057342; Tue, 19 May 2020 09:29:02 GMT (envelope-from mat@FreeBSD.org) Message-Id: <202005190929.04J9T2nt057342@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Tue, 19 May 2020 09:29:02 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r535851 - in branches/2020Q2/dns: bind911 bind911/files bind916 bind916/files X-SVN-Group: ports-branches X-SVN-Commit-Author: mat X-SVN-Commit-Paths: in branches/2020Q2/dns: bind911 bind911/files bind916 bind916/files X-SVN-Commit-Revision: 535851 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2020 09:29:03 -0000 Author: mat Date: Tue May 19 09:29:01 2020 New Revision: 535851 URL: https://svnweb.freebsd.org/changeset/ports/535851 Log: MFH: r535847 r535849 Update to 9.11.19 & 9.16.3. Security: CVE-2020-8616, CVE-2020-8617 Approved by: security blanket. Modified: branches/2020Q2/dns/bind911/Makefile branches/2020Q2/dns/bind911/distinfo branches/2020Q2/dns/bind911/files/extrapatch-bind-min-override-ttl branches/2020Q2/dns/bind916/Makefile branches/2020Q2/dns/bind916/distinfo branches/2020Q2/dns/bind916/files/extrapatch-bind-min-override-ttl branches/2020Q2/dns/bind916/files/patch-configure branches/2020Q2/dns/bind916/pkg-plist Directory Properties: branches/2020Q2/ (props changed) Modified: branches/2020Q2/dns/bind911/Makefile ============================================================================== --- branches/2020Q2/dns/bind911/Makefile Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind911/Makefile Tue May 19 09:29:01 2020 (r535851) @@ -23,7 +23,7 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools USES= cpe libedit pkgconfig # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.18 +ISCVERSION= 9.11.19 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} Modified: branches/2020Q2/dns/bind911/distinfo ============================================================================== --- branches/2020Q2/dns/bind911/distinfo Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind911/distinfo Tue May 19 09:29:01 2020 (r535851) @@ -1,3 +1,3 @@ -TIMESTAMP = 1586982298 -SHA256 (bind-9.11.18.tar.gz) = 59af1a8aaa85d2f2f035ca5dc2682889ff96a47b59424824bcb3a6b1fe079a6f -SIZE (bind-9.11.18.tar.gz) = 8221186 +TIMESTAMP = 1589559723 +SHA256 (bind-9.11.19.tar.gz) = 0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329 +SIZE (bind-9.11.19.tar.gz) = 8230483 Modified: branches/2020Q2/dns/bind911/files/extrapatch-bind-min-override-ttl ============================================================================== --- branches/2020Q2/dns/bind911/files/extrapatch-bind-min-override-ttl Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind911/files/extrapatch-bind-min-override-ttl Tue May 19 09:29:01 2020 (r535851) @@ -1,7 +1,7 @@ - Add the min-cache-ttl config knob. - Add the override-cache-ttl config knob. ---- bin/named/config.c.orig 2020-01-16 14:46:40 UTC +--- bin/named/config.c.orig 2020-05-06 12:50:24 UTC +++ bin/named/config.c @@ -182,6 +182,8 @@ options {\n\ " max-acache-size 16M;\n\ @@ -12,7 +12,7 @@ max-clients-per-query 100;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-recursion-depth 7;\n\ ---- bin/named/server.c.orig 2020-01-16 14:46:40 UTC +--- bin/named/server.c.orig 2020-05-06 12:50:24 UTC +++ bin/named/server.c @@ -3720,6 +3720,16 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } @@ -31,7 +31,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2020-01-16 14:46:40 UTC +--- lib/dns/include/dns/view.h.orig 2020-05-06 12:50:24 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { bool requestnsid; @@ -42,9 +42,9 @@ dns_ttl_t maxncachettl; uint32_t nta_lifetime; uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2020-01-16 14:46:40 UTC +--- lib/dns/resolver.c.orig 2020-05-06 12:50:24 UTC +++ lib/dns/resolver.c -@@ -5534,6 +5534,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb +@@ -5553,6 +5553,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* @@ -63,7 +63,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2020-01-16 14:46:40 UTC +--- lib/isccfg/namedconf.c.orig 2020-05-06 12:50:24 UTC +++ lib/isccfg/namedconf.c @@ -1773,6 +1773,8 @@ view_clauses[] = { #endif Modified: branches/2020Q2/dns/bind916/Makefile ============================================================================== --- branches/2020Q2/dns/bind916/Makefile Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind916/Makefile Tue May 19 09:29:01 2020 (r535851) @@ -41,7 +41,7 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools USES= compiler:c11 cpe libedit pkgconfig ssl tar:xz # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.16.2 +ISCVERSION= 9.16.3 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} Modified: branches/2020Q2/dns/bind916/distinfo ============================================================================== --- branches/2020Q2/dns/bind916/distinfo Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind916/distinfo Tue May 19 09:29:01 2020 (r535851) @@ -1,3 +1,3 @@ -TIMESTAMP = 1586982482 -SHA256 (bind-9.16.2.tar.xz) = d9e5b77cfca5ccad97f19cddc87128758ec15c16e6585000c6b2f84fc225993f -SIZE (bind-9.16.2.tar.xz) = 4559216 +TIMESTAMP = 1589559917 +SHA256 (bind-9.16.3.tar.xz) = 27ac6513de5f8d0db34b9f241da53baa15a14b2ad21338d0cde0826eaf564f7e +SIZE (bind-9.16.3.tar.xz) = 4573044 Modified: branches/2020Q2/dns/bind916/files/extrapatch-bind-min-override-ttl ============================================================================== --- branches/2020Q2/dns/bind916/files/extrapatch-bind-min-override-ttl Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind916/files/extrapatch-bind-min-override-ttl Tue May 19 09:29:01 2020 (r535851) @@ -1,6 +1,6 @@ Add the override-cache-ttl feature. ---- bin/named/config.c.orig 2020-03-11 16:46:53 UTC +--- bin/named/config.c.orig 2020-05-06 09:59:35 UTC +++ bin/named/config.c @@ -179,6 +179,7 @@ options {\n\ notify-source *;\n\ @@ -10,9 +10,9 @@ Add the override-cache-ttl feature. provide-ixfr true;\n\ qname-minimization relaxed;\n\ query-source address *;\n\ ---- bin/named/server.c.orig 2020-03-11 16:46:53 UTC +--- bin/named/server.c.orig 2020-05-06 09:59:35 UTC +++ bin/named/server.c -@@ -4324,6 +4324,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl +@@ -4328,6 +4328,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; @@ -24,7 +24,7 @@ Add the override-cache-ttl feature. result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asduration(obj); ---- lib/dns/include/dns/view.h.orig 2020-03-11 16:46:53 UTC +--- lib/dns/include/dns/view.h.orig 2020-05-06 09:59:35 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,7 @@ struct dns_view { bool requestnsid; @@ -34,9 +34,9 @@ Add the override-cache-ttl feature. dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2020-03-11 16:46:53 UTC +--- lib/dns/resolver.c.orig 2020-05-06 09:59:35 UTC +++ lib/dns/resolver.c -@@ -6233,6 +6233,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb +@@ -6248,6 +6248,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* @@ -49,7 +49,7 @@ Add the override-cache-ttl feature. * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2020-03-11 16:46:53 UTC +--- lib/isccfg/namedconf.c.orig 2020-05-06 09:59:35 UTC +++ lib/isccfg/namedconf.c @@ -1990,6 +1990,7 @@ static cfg_clausedef_t view_clauses[] = { #endif /* ifdef HAVE_LMDB */ Modified: branches/2020Q2/dns/bind916/files/patch-configure ============================================================================== --- branches/2020Q2/dns/bind916/files/patch-configure Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind916/files/patch-configure Tue May 19 09:29:01 2020 (r535851) @@ -1,8 +1,8 @@ Fixup gssapi and db detection. ---- configure.orig 2020-03-11 16:46:53 UTC +--- configure.orig 2020-05-06 09:59:35 UTC +++ configure -@@ -17437,27 +17437,9 @@ done +@@ -17491,27 +17491,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -32,7 +32,7 @@ Fixup gssapi and db detection. { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -17500,47 +17482,7 @@ $as_echo "no" >&6; } ;; +@@ -17554,47 +17536,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -81,7 +81,7 @@ Fixup gssapi and db detection. DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23049,7 +22991,7 @@ $as_echo "" >&6; } +@@ -23103,7 +23045,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). Modified: branches/2020Q2/dns/bind916/pkg-plist ============================================================================== --- branches/2020Q2/dns/bind916/pkg-plist Tue May 19 09:28:36 2020 (r535850) +++ branches/2020Q2/dns/bind916/pkg-plist Tue May 19 09:29:01 2020 (r535851) @@ -262,7 +262,6 @@ include/pk11/internal.h include/pk11/pk11.h include/pk11/result.h include/pk11/site.h -include/pkcs11/eddsa.h include/pkcs11/pkcs11.h lib/libbind9.a lib/libdns.a