Upgrade bind916 to version 9.16.7.

Pkgsrc changes: * Adapt patches Upstream changes: Notes for BIND 9.16.7 --------------------- New Features ~~~~~~~~~~~~ - Add a new ``rndc`` command, ``rndc dnssec -checkds``, which signals to ``named`` that a DS record for a given zone or key has been published or withdrawn from the parent. This command replaces the time-based ``parent-registration-delay`` configuration option. [GL #1613] - Log when ``named`` adds a CDS/CDNSKEY to the zone. [GL #1748] Bug Fixes ~~~~~~~~~ - In rare circumstances, ``named`` would exit with an assertion failure when the number of nodes stored in the red-black tree exceeded the maximum allowed size of the internal hash table. [GL #2104] - Silence spurious system log messages for an EPROTO(71) error code that was seen on older operating systems, where unhandled ICMPv6 errors resulted in a generic protocol error being returned instead of a more specific error code. [GL #1928] - With query name minimization enabled, ``named`` failed to resolve ``ip6.arpa.`` names that had extra labels to the left of the IPv6 part. For example, when ``named`` attempted query name minimization on a name like ``A.B.1.2.3.4.(...).ip6.arpa.``, it stopped at the leftmost IPv6 label, i.e. ``1.2.3.4.(...).ip6.arpa.``, without considering the extra labels (``A.B``). That caused a query loop when resolving the name: if ``named`` received NXDOMAIN answers, then the same query was repeatedly sent until the number of queries sent reached the value of the ``max-recursion-queries`` configuration option. [GL #1847] - Parsing of LOC records was made more strict by rejecting a sole period (``.``) and/or ``m`` as a value. These changes prevent zone files using such values from being loaded. Handling of negative altitudes which are not integers was also corrected. [GL #2074] - Several problems found by `OSS-Fuzz`_ were fixed. (None of these are security issues.) [GL !3953] [GL !3975] .. _OSS-Fuzz: https://github.com/google/oss-fuzz
2020-10-01 14:04:13 +02:00 · 2020-10-01 14:04:13 +02:00 · 0d23db68d8
parent 43cc4c8063
commit 0d23db68d8
4 changed files with 17 additions and 33 deletions
--- a/bind916/Makefile
+++ b/bind916/Makefile
@ -15,7 +15,7 @@ CONFLICTS+=	host-[0-9]*

 MAKE_JOBS_SAFE=	no

-BIND_VERSION=	9.16.6
+BIND_VERSION=	9.16.7

 # For libatomic and 64-bit operations
 #USE_PKGSRC_GCC=	yes
--- a/bind916/distinfo
+++ b/bind916/distinfo
@ -1,9 +1,9 @@
 $NetBSD: distinfo,v 1.14 2020/02/20 16:37:06 taca Exp $

-SHA1 (bind-9.16.6.tar.xz) = f8a4c1bd074cc0305a4c50971e71da5a3b810d78
-RMD160 (bind-9.16.6.tar.xz) = 3b296d967a6a5a709b599efbffc9697060c5f91b
-SHA512 (bind-9.16.6.tar.xz) = 37f57db6d1633cc85a4d954a69bbb3372c65ac43fef965df5aee8dcdd32153bb5b0c6d0d5f00f353dd4464c71d74dc8e801937b930e2b8f6799fa77af5f243e0
-Size (bind-9.16.6.tar.xz) = 3228368 bytes
+SHA1 (bind-9.16.7.tar.xz) = 633667fac05ad1f87d89bddc504b3e1c3fe0549a
+RMD160 (bind-9.16.7.tar.xz) = 55a5a7cb173ff0bb2214f073c90c2e281daedbd1
+SHA512 (bind-9.16.7.tar.xz) = 176c84657e8a7b10a7ca93c939ca6a7fcdefb22f9200c3f01be59bcd8990dee27b8dc0970299225bcbe0f1aa8f49a67c80c4a9853895ffbcd685adb9674e7768
+Size (bind-9.16.7.tar.xz) = 3241476 bytes
 SHA1 (patch-bin_named_Makefile.in) = 8ef44cfa5b7c66562d9e26b0d3052ccd53388b6f
 SHA1 (patch-bin_named_main.c) = c62eb07ae859d022a77d2b3cbaa48df73e4fa8d4
 SHA1 (patch-bin_named_pfilter.c) = b54f872c883c8fbc2d9c04df65c185dc057cc36b
@ -11,7 +11,7 @@ SHA1 (patch-bin_named_pfilter.h) = c14617cb266a4b5d33ba6e5db98562e806792833
 SHA1 (patch-bin_named_server.c) = 57f43d4556588447f44980c5acd36cb00cc528cc
 SHA1 (patch-bin_nsupdate_nsupdate.c) = f71213385ec7c78243c1f93a6940caa111cb5072
 SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
-SHA1 (patch-bin_tests_system_kasp_tests.sh) = 76d49ddc9781dd9f03420f1a0b212cc7d0a4e1e3
+SHA1 (patch-bin_tests_system_kasp_tests.sh) = 88402d84b337c864934618f2707bd6e91e3457e4
 SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28
 SHA1 (patch-bin_tests_system_rpz_tests.sh) = 1bc5e0d5c0cc50608e6314c2d2664bd1dc3f6e34
 SHA1 (patch-bin_tools_arpaname.c) = b17050df38ca9734f40351a37a6faf581481e2da
@ -29,7 +29,6 @@ SHA1 (patch-lib_dns_rbt.c) = c18e79500cae16039020a4fcd8f11a0ced646edc
 SHA1 (patch-lib_dns_rbtdb.c) = 389a83f425050733cb90652ffcb515d7a53d76f2
 SHA1 (patch-lib_dns_request.c) = 890ca130eb515635fe099c92e653a942a91c5253
 SHA1 (patch-lib_dns_sdb.c) = 8a94a65785bb938d330d1446e0100e50fa5fa9bd
-SHA1 (patch-lib_dns_spnego.c) = 817e8d9eceb10a3e7d396ee76b218b4f0009be3f
 SHA1 (patch-lib_dns_validator.c) = 0487bc39326dd6bc9b327aff661045b7416a952d
 SHA1 (patch-lib_dns_view.c) = 54f498d5e2519652498b100789c9c6139a10db12
 SHA1 (patch-lib_isc_backtrace.c) = 5463d3174d1ed809e12e415109fd9b5ecdf8fe2b
--- a/bind916/patches/patch-bin_tests_system_kasp_tests.sh
+++ b/bind916/patches/patch-bin_tests_system_kasp_tests.sh
@ -139,7 +139,7 @@ Portability in shell script, don't use == with test.
 		grep "Published: " "$STATE_FILE" > /dev/null && log_error "unexpected publish in $STATE_FILE"
 		grep "Active: " "$STATE_FILE" > /dev/null && log_error "unexpected active in $STATE_FILE"
 		grep "Retired: " "$STATE_FILE" > /dev/null && log_error "unexpected retired in $STATE_FILE"
-@@ -1324,7 +1324,7 @@ set_keytimes_algorithm_policy() {
+@@ -1589,7 +1589,7 @@ set_keytimes_algorithm_policy() {
 	set_keytime    "KEY1" "PUBLISHED" "${created}"
 	set_keytime    "KEY1" "ACTIVE"    "${created}"
 	# Key was pregenerated.
@ -148,7 +148,7 @@ Portability in shell script, don't use == with test.
 		keyfile=$(key_get KEY1 BASEFILE)
 		grep "; Publish:" "${keyfile}.key" > published.test${n}.key1
 		published=$(awk '{print $3}' < published.test${n}.key1)
-@@ -1351,7 +1351,7 @@ set_keytimes_algorithm_policy() {
+@@ -1616,7 +1616,7 @@ set_keytimes_algorithm_policy() {
 	set_keytime    "KEY2" "PUBLISHED" "${created}"
 	set_keytime    "KEY2" "ACTIVE"    "${created}"
 	# Key was pregenerated.
@ -157,7 +157,7 @@ Portability in shell script, don't use == with test.
 		keyfile=$(key_get KEY2 BASEFILE)
 		grep "; Publish:" "${keyfile}.key" > published.test${n}.key2
 		published=$(awk '{print $3}' < published.test${n}.key2)
-@@ -1374,7 +1374,7 @@ set_keytimes_algorithm_policy() {
+@@ -1639,7 +1639,7 @@ set_keytimes_algorithm_policy() {
 	set_keytime    "KEY3" "PUBLISHED" "${created}"
 	set_keytime    "KEY3" "ACTIVE"    "${created}"
 	# Key was pregenerated.
@ -166,7 +166,7 @@ Portability in shell script, don't use == with test.
 		keyfile=$(key_get KEY3 BASEFILE)
 		grep "; Publish:" "${keyfile}.key" > published.test${n}.key3
 		published=$(awk '{print $3}' < published.test${n}.key3)
-@@ -2541,12 +2541,12 @@ rollover_predecessor_keytimes() {
+@@ -2822,12 +2822,12 @@ rollover_predecessor_keytimes() {
 	set_addkeytime  "KEY1" "PUBLISHED"   "${_created}" "${_addtime}"
 	set_addkeytime  "KEY1" "SYNCPUBLISH" "${_created}" "${_addtime}"
 	set_addkeytime  "KEY1" "ACTIVE"      "${_created}" "${_addtime}"
@ -181,16 +181,16 @@ Portability in shell script, don't use == with test.
 }
 
 # Key properties.
-@@ -2994,7 +2994,7 @@ csk_rollover_predecessor_keytimes() {
- 	set_addkeytime      "KEY1" "PUBLISHED"   "${_created}" "${_addksktime}"
- 	set_addkeytime      "KEY1" "SYNCPUBLISH" "${_created}" "${_addzsktime}"
- 	set_addkeytime      "KEY1" "ACTIVE"      "${_created}" "${_addzsktime}"
+@@ -3306,7 +3306,7 @@ csk_rollover_predecessor_keytimes() {
+ 	set_addkeytime      "KEY1" "PUBLISHED"   "${_created}" "${_addtime}"
+ 	set_addkeytime      "KEY1" "SYNCPUBLISH" "${_created}" "${_addtime}"
+ 	set_addkeytime      "KEY1" "ACTIVE"      "${_created}" "${_addtime}"
 -	[ "$Lcsk" == 0 ] || set_retired_removed "KEY1" "${Lcsk}" "${IretCSK}"
 +	[ "$Lcsk" = 0 ] || set_retired_removed "KEY1" "${Lcsk}" "${IretCSK}"
 }
 
 #
-@@ -3908,8 +3908,8 @@ dnssec_verify
+@@ -4272,8 +4272,8 @@ dnssec_verify
 n=$((n+1))
 echo_i "check that of zone ${ZONE} migration to dnssec-policy uses the same keys ($n)"
 ret=0
@ -201,7 +201,7 @@ Portability in shell script, don't use == with test.
 status=$((status+ret))
 
 # Test migration to dnssec-policy, existing keys do not match key algorithm.
-@@ -4024,8 +4024,8 @@ dnssec_verify
+@@ -4388,8 +4388,8 @@ dnssec_verify
 n=$((n+1))
 echo_i "check that of zone ${ZONE} migration to dnssec-policy keeps existing keys ($n)"
 ret=0
@ -212,7 +212,7 @@ Portability in shell script, don't use == with test.
 status=$((status+ret))
 
 # Test migration to dnssec-policy, existing keys do not match key length.
-@@ -4141,8 +4141,8 @@ dnssec_verify
+@@ -4505,8 +4505,8 @@ dnssec_verify
 n=$((n+1))
 echo_i "check that of zone ${ZONE} migration to dnssec-policy keeps existing keys ($n)"
 ret=0
--- a/bind916/patches/patch-lib_dns_spnego.c
+++ b/bind916/patches/patch-lib_dns_spnego.c
@ -1,15 +0,0 @@
-$NetBSD: patch-lib_dns_spnego.c,v 1.1 2019/04/30 03:34:34 taca Exp $
-
-* Avoid gcc warning.
-
--- lib/dns/spnego.c.orig	2019-04-06 20:09:59.000000000 +0000
-+++ lib/dns/spnego.c
-@@ -1503,7 +1503,7 @@ spnego_initial(OM_uint32 *minor_status,
- 	gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER;
- 	unsigned char *buf = NULL;
- 	size_t buf_size;
-	size_t len;
-+	size_t len = 0; /* XXX: gcc */
- 	int ret;
- 
- 	(void)mech_type;