From owner-svn-ports-all@freebsd.org Wed Mar 9 21:16:34 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3BC86AC8919; Wed, 9 Mar 2016 21:16:34 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 13F821289; Wed, 9 Mar 2016 21:16:34 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u29LGXdK066248; Wed, 9 Mar 2016 21:16:33 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u29LGWHc066238; Wed, 9 Mar 2016 21:16:32 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201603092116.u29LGWHc066238@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Wed, 9 Mar 2016 21:16:32 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410728 - in head/dns: bind9-devel bind9-devel/files bind910 bind910/files bind99 bind99/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 21:16:34 -0000 Author: mat Date: Wed Mar 9 21:16:31 2016 New Revision: 410728 URL: https://svnweb.freebsd.org/changeset/ports/410728 Log: Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot. MFH: 2016Q1 (obviously) Security: CVE-2016-1285 Security: CVE-2016-1286 Security: CVE-2016-2088 Sponsored by: Absolight Modified: head/dns/bind9-devel/Makefile head/dns/bind9-devel/distinfo head/dns/bind9-devel/files/extrapatch-bind-min-override-ttl head/dns/bind9-devel/files/patch-configure head/dns/bind910/Makefile head/dns/bind910/distinfo head/dns/bind910/files/extrapatch-bind-min-override-ttl head/dns/bind99/Makefile head/dns/bind99/distinfo head/dns/bind99/files/extrapatch-bind-min-override-ttl Modified: head/dns/bind9-devel/Makefile ============================================================================== --- head/dns/bind9-devel/Makefile Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind9-devel/Makefile Wed Mar 9 21:16:31 2016 (r410728) @@ -19,8 +19,8 @@ COMMENT= BIND DNS suite with updated DNS LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.0.a20160211 -HASH= ee2e5fe +ISCVERSION= 9.11.0.a20160309 +HASH= 0c7a779 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind9-devel/distinfo ============================================================================== --- head/dns/bind9-devel/distinfo Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind9-devel/distinfo Wed Mar 9 21:16:31 2016 (r410728) @@ -1,2 +1,2 @@ -SHA256 (bind9-ee2e5fe.tar.gz) = fbe1dfe64e58e0851d890ee6176c76c849be2e4e8202277a8073077d21e39a95 -SIZE (bind9-ee2e5fe.tar.gz) = 11683506 +SHA256 (bind9-0c7a779.tar.gz) = 691e2e196f7c286375a540747a06dfe3ca5c62860859e3f728637bd92ebcdb72 +SIZE (bind9-0c7a779.tar.gz) = 11690194 Modified: head/dns/bind9-devel/files/extrapatch-bind-min-override-ttl ============================================================================== --- head/dns/bind9-devel/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind9-devel/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:16:31 2016 (r410728) @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2016-01-25 05:55:02 UTC +--- bin/named/config.c.orig 2016-03-09 04:02:43 UTC +++ bin/named/config.c @@ -159,6 +159,8 @@ options {\n\ lame-ttl 600;\n\ @@ -9,7 +9,7 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 90%;\n\ ---- bin/named/server.c.orig 2016-01-25 05:55:02 UTC +--- bin/named/server.c.orig 2016-03-09 04:02:43 UTC +++ bin/named/server.c @@ -3022,6 +3022,16 @@ configure_view(dns_view_t *view, dns_vie } @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2016-01-25 05:55:02 UTC +--- lib/dns/include/dns/view.h.orig 2016-03-09 04:02:43 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { isc_boolean_t requestnsid; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2016-01-25 05:55:02 UTC +--- lib/dns/resolver.c.orig 2016-03-09 04:02:43 UTC +++ lib/dns/resolver.c -@@ -5396,6 +5396,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5419,6 +5419,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,7 +60,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2016-01-25 05:55:02 UTC +--- lib/isccfg/namedconf.c.orig 2016-03-09 04:02:43 UTC +++ lib/isccfg/namedconf.c @@ -1677,6 +1677,8 @@ view_clauses[] = { { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, Modified: head/dns/bind9-devel/files/patch-configure ============================================================================== --- head/dns/bind9-devel/files/patch-configure Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind9-devel/files/patch-configure Wed Mar 9 21:16:31 2016 (r410728) @@ -1,6 +1,6 @@ ---- configure.orig 2016-02-01 03:29:49 UTC +--- configure.orig 2016-03-09 04:02:43 UTC +++ configure -@@ -14150,27 +14150,9 @@ done +@@ -14151,27 +14151,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14213,47 +14195,7 @@ $as_echo "no" >&6; } ;; +@@ -14214,47 +14196,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -21946,7 +21888,7 @@ $as_echo "" >&6; } +@@ -21949,7 +21891,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). Modified: head/dns/bind910/Makefile ============================================================================== --- head/dns/bind910/Makefile Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind910/Makefile Wed Mar 9 21:16:31 2016 (r410728) @@ -29,7 +29,7 @@ COMMENT= BIND DNS suite with updated DNS LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.3-P3 +ISCVERSION= 9.10.3-P4 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind910/distinfo ============================================================================== --- head/dns/bind910/distinfo Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind910/distinfo Wed Mar 9 21:16:31 2016 (r410728) @@ -1,2 +1,2 @@ -SHA256 (bind-9.10.3-P3.tar.gz) = 690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83 -SIZE (bind-9.10.3-P3.tar.gz) = 8527540 +SHA256 (bind-9.10.3-P4.tar.gz) = 2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e +SIZE (bind-9.10.3-P4.tar.gz) = 8529535 Modified: head/dns/bind910/files/extrapatch-bind-min-override-ttl ============================================================================== --- head/dns/bind910/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind910/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:16:31 2016 (r410728) @@ -1,7 +1,6 @@ -diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/config.c ---- bin/named/config.c 2009-05-22 12:24:49.000000000 +0400 -+++ bin/named/config.c 2009-05-22 12:31:35.000000000 +0400 -@@ -129,6 +129,8 @@ +--- bin/named/config.c.orig 2016-02-29 00:29:06 UTC ++++ bin/named/config.c +@@ -151,6 +151,8 @@ options {\n\ min-roots 2;\n\ lame-ttl 600;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ @@ -10,11 +9,10 @@ diff -Nabdur bind-9.6.0-P1.orig/bin/name max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ -diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/server.c ---- bin/named/server.c 2009-05-22 12:24:49.000000000 +0400 -+++ bin/named/server.c 2009-05-22 12:32:18.000000000 +0400 -@@ -1727,6 +1727,16 @@ - CHECK(mustbesecure(obj, view->resolver)); +--- bin/named/server.c.orig 2016-02-29 00:29:06 UTC ++++ bin/named/server.c +@@ -2797,6 +2797,16 @@ configure_view(dns_view_t *view, dns_vie + } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); @@ -30,22 +28,20 @@ diff -Nabdur bind-9.6.0-P1.orig/bin/name result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); -diff -Nabdur bind-9.6.0-P1.orig/lib/dns/include/dns/view.h bind-9.6.0-P1/lib/dns/include/dns/view.h ---- lib/dns/include/dns/view.h 2009-05-22 12:24:49.000000000 +0400 -+++ lib/dns/include/dns/view.h 2009-05-22 12:29:03.000000000 +0400 -@@ -131,6 +131,8 @@ - isc_boolean_t provideixfr; +--- lib/dns/include/dns/view.h.orig 2016-02-29 00:29:06 UTC ++++ lib/dns/include/dns/view.h +@@ -150,6 +150,8 @@ struct dns_view { isc_boolean_t requestnsid; + isc_boolean_t requestsit; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; - in_port_t dstport; - dns_aclenv_t aclenv; -diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolver.c ---- lib/dns/resolver.c 2009-05-22 12:24:49.000000000 +0400 -+++ lib/dns/resolver.c 2009-05-22 12:30:41.000000000 +0400 -@@ -4054,6 +4054,18 @@ + dns_ttl_t prefetch_trigger; + dns_ttl_t prefetch_eligible; +--- lib/dns/resolver.c.orig 2016-02-29 00:29:06 UTC ++++ lib/dns/resolver.c +@@ -5345,6 +5345,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -64,11 +60,10 @@ diff -Nabdur bind-9.6.0-P1.orig/lib/dns/ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) -diff -Nabdur bind-9.6.0-P1.orig/lib/isccfg/namedconf.c bind-9.6.0-P1/lib/isccfg/namedconf.c ---- lib/isccfg/namedconf.c 2009-05-22 12:24:49.000000000 +0400 -+++ lib/isccfg/namedconf.c 2009-05-22 12:31:21.000000000 +0400 -@@ -821,6 +821,8 @@ - { "lame-ttl", &cfg_type_uint32, 0 }, +--- lib/isccfg/namedconf.c.orig 2016-02-29 00:29:06 UTC ++++ lib/isccfg/namedconf.c +@@ -1561,6 +1561,8 @@ view_clauses[] = { + #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizenodefault, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind99/Makefile Wed Mar 9 21:16:31 2016 (r410728) @@ -15,7 +15,7 @@ COMMENT= BIND DNS suite with updated DNS LICENSE= ISCL # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.8-P3 +ISCVERSION= 9.9.8-P4 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind99/distinfo ============================================================================== --- head/dns/bind99/distinfo Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind99/distinfo Wed Mar 9 21:16:31 2016 (r410728) @@ -1,4 +1,4 @@ -SHA256 (bind-9.9.8-P3.tar.gz) = 6a489f98dffaf31cfd8b572aa5cc345e8d775758488a4541f2f0c974c8090a07 -SIZE (bind-9.9.8-P3.tar.gz) = 7998476 -SHA256 (9.9.8-P3-rpz2+rl.14038.05.patch.xz) = d886ee7d350b65068c7502e2d925ce675875ed968f3b8c82ad87de5f6843e372 -SIZE (9.9.8-P3-rpz2+rl.14038.05.patch.xz) = 39224 +SHA256 (bind-9.9.8-P4.tar.gz) = 5ed0b852e4d1dc90e10751c7fa70a9ee29a619bad61d97250eac8161009d89f2 +SIZE (bind-9.9.8-P4.tar.gz) = 7999697 +SHA256 (9.9.8-P4-rpz2+rl.14038.05.patch.xz) = 5415559171c03a9a02e31284552a4888911eeb692d57def8d631b7d0564dc5f0 +SIZE (9.9.8-P4-rpz2+rl.14038.05.patch.xz) = 39240 Modified: head/dns/bind99/files/extrapatch-bind-min-override-ttl ============================================================================== --- head/dns/bind99/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:14:55 2016 (r410727) +++ head/dns/bind99/files/extrapatch-bind-min-override-ttl Wed Mar 9 21:16:31 2016 (r410728) @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2015-09-09 02:23:50 UTC +--- bin/named/config.c.orig 2016-02-29 00:30:52 UTC +++ bin/named/config.c @@ -141,6 +141,8 @@ options {\n\ min-roots 2;\n\ @@ -9,7 +9,7 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ ---- bin/named/server.c.orig 2015-09-09 02:23:50 UTC +--- bin/named/server.c.orig 2016-02-29 00:30:52 UTC +++ bin/named/server.c @@ -2554,6 +2554,16 @@ configure_view(dns_view_t *view, cfg_obj } @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2015-09-09 02:23:50 UTC +--- lib/dns/include/dns/view.h.orig 2016-02-29 00:30:52 UTC +++ lib/dns/include/dns/view.h @@ -148,6 +148,8 @@ struct dns_view { isc_boolean_t provideixfr; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; in_port_t dstport; dns_aclenv_t aclenv; ---- lib/dns/resolver.c.orig 2015-09-09 02:23:50 UTC +--- lib/dns/resolver.c.orig 2016-02-29 00:30:52 UTC +++ lib/dns/resolver.c -@@ -5086,6 +5086,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5088,6 +5088,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,7 +60,7 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2015-09-09 02:23:50 UTC +--- lib/isccfg/namedconf.c.orig 2016-02-29 00:30:52 UTC +++ lib/isccfg/namedconf.c @@ -1448,6 +1448,8 @@ view_clauses[] = { { "lame-ttl", &cfg_type_uint32, 0 },