From 0d23db68d877671a273f0059851bd970f09e6a41 Mon Sep 17 00:00:00 2001 From: Havard Eidnes Date: Thu, 1 Oct 2020 14:04:13 +0200 Subject: [PATCH] Upgrade bind916 to version 9.16.7. Pkgsrc changes: * Adapt patches Upstream changes: Notes for BIND 9.16.7 --------------------- New Features ~~~~~~~~~~~~ - Add a new ``rndc`` command, ``rndc dnssec -checkds``, which signals to ``named`` that a DS record for a given zone or key has been published or withdrawn from the parent. This command replaces the time-based ``parent-registration-delay`` configuration option. [GL #1613] - Log when ``named`` adds a CDS/CDNSKEY to the zone. [GL #1748] Bug Fixes ~~~~~~~~~ - In rare circumstances, ``named`` would exit with an assertion failure when the number of nodes stored in the red-black tree exceeded the maximum allowed size of the internal hash table. [GL #2104] - Silence spurious system log messages for an EPROTO(71) error code that was seen on older operating systems, where unhandled ICMPv6 errors resulted in a generic protocol error being returned instead of a more specific error code. [GL #1928] - With query name minimization enabled, ``named`` failed to resolve ``ip6.arpa.`` names that had extra labels to the left of the IPv6 part. For example, when ``named`` attempted query name minimization on a name like ``A.B.1.2.3.4.(...).ip6.arpa.``, it stopped at the leftmost IPv6 label, i.e. ``1.2.3.4.(...).ip6.arpa.``, without considering the extra labels (``A.B``). That caused a query loop when resolving the name: if ``named`` received NXDOMAIN answers, then the same query was repeatedly sent until the number of queries sent reached the value of the ``max-recursion-queries`` configuration option. [GL #1847] - Parsing of LOC records was made more strict by rejecting a sole period (``.``) and/or ``m`` as a value. These changes prevent zone files using such values from being loaded. Handling of negative altitudes which are not integers was also corrected. [GL #2074] - Several problems found by `OSS-Fuzz`_ were fixed. (None of these are security issues.) [GL !3953] [GL !3975] .. _OSS-Fuzz: https://github.com/google/oss-fuzz --- bind916/Makefile | 2 +- bind916/distinfo | 11 +++++----- .../patch-bin_tests_system_kasp_tests.sh | 22 +++++++++---------- bind916/patches/patch-lib_dns_spnego.c | 15 ------------- 4 files changed, 17 insertions(+), 33 deletions(-) delete mode 100644 bind916/patches/patch-lib_dns_spnego.c diff --git a/bind916/Makefile b/bind916/Makefile index afe2d6e64f..a3393fa2f6 100644 --- a/bind916/Makefile +++ b/bind916/Makefile @@ -15,7 +15,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.16.6 +BIND_VERSION= 9.16.7 # For libatomic and 64-bit operations #USE_PKGSRC_GCC= yes diff --git a/bind916/distinfo b/bind916/distinfo index 064faa0b44..18517c6a42 100644 --- a/bind916/distinfo +++ b/bind916/distinfo @@ -1,9 +1,9 @@ $NetBSD: distinfo,v 1.14 2020/02/20 16:37:06 taca Exp $ -SHA1 (bind-9.16.6.tar.xz) = f8a4c1bd074cc0305a4c50971e71da5a3b810d78 -RMD160 (bind-9.16.6.tar.xz) = 3b296d967a6a5a709b599efbffc9697060c5f91b -SHA512 (bind-9.16.6.tar.xz) = 37f57db6d1633cc85a4d954a69bbb3372c65ac43fef965df5aee8dcdd32153bb5b0c6d0d5f00f353dd4464c71d74dc8e801937b930e2b8f6799fa77af5f243e0 -Size (bind-9.16.6.tar.xz) = 3228368 bytes +SHA1 (bind-9.16.7.tar.xz) = 633667fac05ad1f87d89bddc504b3e1c3fe0549a +RMD160 (bind-9.16.7.tar.xz) = 55a5a7cb173ff0bb2214f073c90c2e281daedbd1 +SHA512 (bind-9.16.7.tar.xz) = 176c84657e8a7b10a7ca93c939ca6a7fcdefb22f9200c3f01be59bcd8990dee27b8dc0970299225bcbe0f1aa8f49a67c80c4a9853895ffbcd685adb9674e7768 +Size (bind-9.16.7.tar.xz) = 3241476 bytes SHA1 (patch-bin_named_Makefile.in) = 8ef44cfa5b7c66562d9e26b0d3052ccd53388b6f SHA1 (patch-bin_named_main.c) = c62eb07ae859d022a77d2b3cbaa48df73e4fa8d4 SHA1 (patch-bin_named_pfilter.c) = b54f872c883c8fbc2d9c04df65c185dc057cc36b @@ -11,7 +11,7 @@ SHA1 (patch-bin_named_pfilter.h) = c14617cb266a4b5d33ba6e5db98562e806792833 SHA1 (patch-bin_named_server.c) = 57f43d4556588447f44980c5acd36cb00cc528cc SHA1 (patch-bin_nsupdate_nsupdate.c) = f71213385ec7c78243c1f93a6940caa111cb5072 SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e -SHA1 (patch-bin_tests_system_kasp_tests.sh) = 76d49ddc9781dd9f03420f1a0b212cc7d0a4e1e3 +SHA1 (patch-bin_tests_system_kasp_tests.sh) = 88402d84b337c864934618f2707bd6e91e3457e4 SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28 SHA1 (patch-bin_tests_system_rpz_tests.sh) = 1bc5e0d5c0cc50608e6314c2d2664bd1dc3f6e34 SHA1 (patch-bin_tools_arpaname.c) = b17050df38ca9734f40351a37a6faf581481e2da @@ -29,7 +29,6 @@ SHA1 (patch-lib_dns_rbt.c) = c18e79500cae16039020a4fcd8f11a0ced646edc SHA1 (patch-lib_dns_rbtdb.c) = 389a83f425050733cb90652ffcb515d7a53d76f2 SHA1 (patch-lib_dns_request.c) = 890ca130eb515635fe099c92e653a942a91c5253 SHA1 (patch-lib_dns_sdb.c) = 8a94a65785bb938d330d1446e0100e50fa5fa9bd -SHA1 (patch-lib_dns_spnego.c) = 817e8d9eceb10a3e7d396ee76b218b4f0009be3f SHA1 (patch-lib_dns_validator.c) = 0487bc39326dd6bc9b327aff661045b7416a952d SHA1 (patch-lib_dns_view.c) = 54f498d5e2519652498b100789c9c6139a10db12 SHA1 (patch-lib_isc_backtrace.c) = 5463d3174d1ed809e12e415109fd9b5ecdf8fe2b diff --git a/bind916/patches/patch-bin_tests_system_kasp_tests.sh b/bind916/patches/patch-bin_tests_system_kasp_tests.sh index e125bac928..fa21650aed 100644 --- a/bind916/patches/patch-bin_tests_system_kasp_tests.sh +++ b/bind916/patches/patch-bin_tests_system_kasp_tests.sh @@ -139,7 +139,7 @@ Portability in shell script, don't use == with test. grep "Published: " "$STATE_FILE" > /dev/null && log_error "unexpected publish in $STATE_FILE" grep "Active: " "$STATE_FILE" > /dev/null && log_error "unexpected active in $STATE_FILE" grep "Retired: " "$STATE_FILE" > /dev/null && log_error "unexpected retired in $STATE_FILE" -@@ -1324,7 +1324,7 @@ set_keytimes_algorithm_policy() { +@@ -1589,7 +1589,7 @@ set_keytimes_algorithm_policy() { set_keytime "KEY1" "PUBLISHED" "${created}" set_keytime "KEY1" "ACTIVE" "${created}" # Key was pregenerated. @@ -148,7 +148,7 @@ Portability in shell script, don't use == with test. keyfile=$(key_get KEY1 BASEFILE) grep "; Publish:" "${keyfile}.key" > published.test${n}.key1 published=$(awk '{print $3}' < published.test${n}.key1) -@@ -1351,7 +1351,7 @@ set_keytimes_algorithm_policy() { +@@ -1616,7 +1616,7 @@ set_keytimes_algorithm_policy() { set_keytime "KEY2" "PUBLISHED" "${created}" set_keytime "KEY2" "ACTIVE" "${created}" # Key was pregenerated. @@ -157,7 +157,7 @@ Portability in shell script, don't use == with test. keyfile=$(key_get KEY2 BASEFILE) grep "; Publish:" "${keyfile}.key" > published.test${n}.key2 published=$(awk '{print $3}' < published.test${n}.key2) -@@ -1374,7 +1374,7 @@ set_keytimes_algorithm_policy() { +@@ -1639,7 +1639,7 @@ set_keytimes_algorithm_policy() { set_keytime "KEY3" "PUBLISHED" "${created}" set_keytime "KEY3" "ACTIVE" "${created}" # Key was pregenerated. @@ -166,7 +166,7 @@ Portability in shell script, don't use == with test. keyfile=$(key_get KEY3 BASEFILE) grep "; Publish:" "${keyfile}.key" > published.test${n}.key3 published=$(awk '{print $3}' < published.test${n}.key3) -@@ -2541,12 +2541,12 @@ rollover_predecessor_keytimes() { +@@ -2822,12 +2822,12 @@ rollover_predecessor_keytimes() { set_addkeytime "KEY1" "PUBLISHED" "${_created}" "${_addtime}" set_addkeytime "KEY1" "SYNCPUBLISH" "${_created}" "${_addtime}" set_addkeytime "KEY1" "ACTIVE" "${_created}" "${_addtime}" @@ -181,16 +181,16 @@ Portability in shell script, don't use == with test. } # Key properties. -@@ -2994,7 +2994,7 @@ csk_rollover_predecessor_keytimes() { - set_addkeytime "KEY1" "PUBLISHED" "${_created}" "${_addksktime}" - set_addkeytime "KEY1" "SYNCPUBLISH" "${_created}" "${_addzsktime}" - set_addkeytime "KEY1" "ACTIVE" "${_created}" "${_addzsktime}" +@@ -3306,7 +3306,7 @@ csk_rollover_predecessor_keytimes() { + set_addkeytime "KEY1" "PUBLISHED" "${_created}" "${_addtime}" + set_addkeytime "KEY1" "SYNCPUBLISH" "${_created}" "${_addtime}" + set_addkeytime "KEY1" "ACTIVE" "${_created}" "${_addtime}" - [ "$Lcsk" == 0 ] || set_retired_removed "KEY1" "${Lcsk}" "${IretCSK}" + [ "$Lcsk" = 0 ] || set_retired_removed "KEY1" "${Lcsk}" "${IretCSK}" } # -@@ -3908,8 +3908,8 @@ dnssec_verify +@@ -4272,8 +4272,8 @@ dnssec_verify n=$((n+1)) echo_i "check that of zone ${ZONE} migration to dnssec-policy uses the same keys ($n)" ret=0 @@ -201,7 +201,7 @@ Portability in shell script, don't use == with test. status=$((status+ret)) # Test migration to dnssec-policy, existing keys do not match key algorithm. -@@ -4024,8 +4024,8 @@ dnssec_verify +@@ -4388,8 +4388,8 @@ dnssec_verify n=$((n+1)) echo_i "check that of zone ${ZONE} migration to dnssec-policy keeps existing keys ($n)" ret=0 @@ -212,7 +212,7 @@ Portability in shell script, don't use == with test. status=$((status+ret)) # Test migration to dnssec-policy, existing keys do not match key length. -@@ -4141,8 +4141,8 @@ dnssec_verify +@@ -4505,8 +4505,8 @@ dnssec_verify n=$((n+1)) echo_i "check that of zone ${ZONE} migration to dnssec-policy keeps existing keys ($n)" ret=0 diff --git a/bind916/patches/patch-lib_dns_spnego.c b/bind916/patches/patch-lib_dns_spnego.c deleted file mode 100644 index b024874382..0000000000 --- a/bind916/patches/patch-lib_dns_spnego.c +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-lib_dns_spnego.c,v 1.1 2019/04/30 03:34:34 taca Exp $ - -* Avoid gcc warning. - ---- lib/dns/spnego.c.orig 2019-04-06 20:09:59.000000000 +0000 -+++ lib/dns/spnego.c -@@ -1503,7 +1503,7 @@ spnego_initial(OM_uint32 *minor_status, - gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER; - unsigned char *buf = NULL; - size_t buf_size; -- size_t len; -+ size_t len = 0; /* XXX: gcc */ - int ret; - - (void)mech_type;