svn commit: r443609 - in branches/2017Q2/dns: bind9-devel/files bind910 bind910/files bind911 bind911/files bind99 bind99/files
Mathieu Arnold
mat at FreeBSD.org
Wed Jun 14 22:56:47 UTC 2017
Author: mat
Date: Wed Jun 14 22:56:44 2017
New Revision: 443609
URL: https://svnweb.freebsd.org/changeset/ports/443609
Log:
MFH: r443608 r443607
Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.
Security: CVE-2017-3140
Security: CVE-2017-3141
Sponsored by: Absolight
Remove special handling for testing and documentation domains, per RFC
6761 recommendations.
While there:
- Fix invalid syntax in sample slave config.
- Add a message about having syslogd working with BIND9 chroot.
PR: 217915
Reported by: eserte12 yahoo de
Sponsored by: Absolight
Modified:
branches/2017Q2/dns/bind9-devel/files/named.conf.in
branches/2017Q2/dns/bind9-devel/files/pkg-message.in
branches/2017Q2/dns/bind910/Makefile
branches/2017Q2/dns/bind910/distinfo
branches/2017Q2/dns/bind910/files/named.conf.in
branches/2017Q2/dns/bind910/files/pkg-message.in
branches/2017Q2/dns/bind911/Makefile
branches/2017Q2/dns/bind911/distinfo
branches/2017Q2/dns/bind911/files/named.conf.in
branches/2017Q2/dns/bind911/files/pkg-message.in
branches/2017Q2/dns/bind99/Makefile
branches/2017Q2/dns/bind99/distinfo
branches/2017Q2/dns/bind99/files/named.conf.in
branches/2017Q2/dns/bind99/files/pkg-message.in
Directory Properties:
branches/2017Q2/ (props changed)
Modified: branches/2017Q2/dns/bind9-devel/files/named.conf.in
==============================================================================
--- branches/2017Q2/dns/bind9-devel/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind9-devel/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -130,7 +130,7 @@ zone "in-addr.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
zone "ip6.arpa" {
type slave;
file "%%ETCDIR%%/slave/ip6.arpa.slave";
@@ -141,7 +141,7 @@ zone "ip6.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
*/
/* Serving the following zones locally will prevent any queries
@@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
Modified: branches/2017Q2/dns/bind9-devel/files/pkg-message.in
==============================================================================
--- branches/2017Q2/dns/bind9-devel/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind9-devel/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -12,6 +12,13 @@
* *
* The %%PREFIX%%/etc/rc.d/named script will do that for you. *
* *
+* If using syslog to log the BIND9 activity, and using a *
+* chroot'ed installation, you will need to tell syslog to *
+* install a log socket in the BIND9 chroot by running: *
+* *
+* # sysrc altlog_proglist+=named *
+* *
+* And then restarting syslogd with: service syslogd restart *
* *
* *
* THIS IS A DEVELOPMENT VERSION IF BIND, IT WILL EAT YOUR DATA *
Modified: branches/2017Q2/dns/bind910/Makefile
==============================================================================
--- branches/2017Q2/dns/bind910/Makefile Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind910/Makefile Wed Jun 14 22:56:44 2017 (r443609)
@@ -16,7 +16,7 @@ LICENSE= ISCL
LICENSE_FILE= ${WRKSRC}/COPYRIGHT
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.10.5
+ISCVERSION= 9.10.5-P1
USES= cpe libedit
Modified: branches/2017Q2/dns/bind910/distinfo
==============================================================================
--- branches/2017Q2/dns/bind910/distinfo Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind910/distinfo Wed Jun 14 22:56:44 2017 (r443609)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1492690349
-SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e
-SIZE (bind-9.10.5.tar.gz) = 9431916
+TIMESTAMP = 1497425849
+SHA256 (bind-9.10.5-P1.tar.gz) = 82fb885de927fdb4db0a0bb5e5efda839a857ff70adbcfcb0486a010924ae5cd
+SIZE (bind-9.10.5-P1.tar.gz) = 9406887
Modified: branches/2017Q2/dns/bind910/files/named.conf.in
==============================================================================
--- branches/2017Q2/dns/bind910/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind910/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -130,7 +130,7 @@ zone "in-addr.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
zone "ip6.arpa" {
type slave;
file "%%ETCDIR%%/slave/ip6.arpa.slave";
@@ -141,7 +141,7 @@ zone "ip6.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
*/
/* Serving the following zones locally will prevent any queries
@@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
Modified: branches/2017Q2/dns/bind910/files/pkg-message.in
==============================================================================
--- branches/2017Q2/dns/bind910/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind910/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -12,4 +12,12 @@
* *
* The %%PREFIX%%/etc/rc.d/named script will do that for you. *
* *
+* If using syslog to log the BIND9 activity, and using a *
+* chroot'ed installation, you will need to tell syslog to *
+* install a log socket in the BIND9 chroot by running: *
+* *
+* # sysrc altlog_proglist+=named *
+* *
+* And then restarting syslogd with: service syslogd restart *
+* *
**********************************************************************
Modified: branches/2017Q2/dns/bind911/Makefile
==============================================================================
--- branches/2017Q2/dns/bind911/Makefile Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind911/Makefile Wed Jun 14 22:56:44 2017 (r443609)
@@ -30,7 +30,7 @@ LICENSE= MPL
LICENSE_FILE= ${WRKSRC}/COPYRIGHT
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.11.1
+ISCVERSION= 9.11.1-P1
USES= cpe libedit
Modified: branches/2017Q2/dns/bind911/distinfo
==============================================================================
--- branches/2017Q2/dns/bind911/distinfo Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind911/distinfo Wed Jun 14 22:56:44 2017 (r443609)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1492691449
-SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2
-SIZE (bind-9.11.1.tar.gz) = 9762743
+TIMESTAMP = 1497425959
+SHA256 (bind-9.11.1-P1.tar.gz) = 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638
+SIZE (bind-9.11.1-P1.tar.gz) = 9745364
Modified: branches/2017Q2/dns/bind911/files/named.conf.in
==============================================================================
--- branches/2017Q2/dns/bind911/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind911/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -130,7 +130,7 @@ zone "in-addr.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
zone "ip6.arpa" {
type slave;
file "%%ETCDIR%%/slave/ip6.arpa.slave";
@@ -141,7 +141,7 @@ zone "ip6.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
*/
/* Serving the following zones locally will prevent any queries
@@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
Modified: branches/2017Q2/dns/bind911/files/pkg-message.in
==============================================================================
--- branches/2017Q2/dns/bind911/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind911/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -12,4 +12,12 @@
* *
* The %%PREFIX%%/etc/rc.d/named script will do that for you. *
* *
+* If using syslog to log the BIND9 activity, and using a *
+* chroot'ed installation, you will need to tell syslog to *
+* install a log socket in the BIND9 chroot by running: *
+* *
+* # sysrc altlog_proglist+=named *
+* *
+* And then restarting syslogd with: service syslogd restart *
+* *
**********************************************************************
Modified: branches/2017Q2/dns/bind99/Makefile
==============================================================================
--- branches/2017Q2/dns/bind99/Makefile Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind99/Makefile Wed Jun 14 22:56:44 2017 (r443609)
@@ -16,7 +16,7 @@ LICENSE= ISCL
LICENSE_FILE= ${WRKSRC}/COPYRIGHT
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.9.10
+ISCVERSION= 9.9.10-P1
USES= cpe libedit
Modified: branches/2017Q2/dns/bind99/distinfo
==============================================================================
--- branches/2017Q2/dns/bind99/distinfo Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind99/distinfo Wed Jun 14 22:56:44 2017 (r443609)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1492688489
-SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a
-SIZE (bind-9.9.10.tar.gz) = 8857543
+TIMESTAMP = 1497425667
+SHA256 (bind-9.9.10-P1.tar.gz) = 2c09f361a5936b31dcfd9dfaa324351dc2cd25ca0a380cf4caa2cc94b3ba6bc5
+SIZE (bind-9.9.10-P1.tar.gz) = 8836915
Modified: branches/2017Q2/dns/bind99/files/named.conf.in
==============================================================================
--- branches/2017Q2/dns/bind99/files/named.conf.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind99/files/named.conf.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -130,7 +130,7 @@ zone "in-addr.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
zone "ip6.arpa" {
type slave;
file "%%ETCDIR%%/slave/ip6.arpa.slave";
@@ -141,7 +141,7 @@ zone "ip6.arpa" {
2620:0:2830:202::132; // iad.xfr.dns.icann.org
};
notify no;
-}
+};
*/
/* Serving the following zones locally will prevent any queries
@@ -260,14 +260,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%E
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
Modified: branches/2017Q2/dns/bind99/files/pkg-message.in
==============================================================================
--- branches/2017Q2/dns/bind99/files/pkg-message.in Wed Jun 14 22:54:49 2017 (r443608)
+++ branches/2017Q2/dns/bind99/files/pkg-message.in Wed Jun 14 22:56:44 2017 (r443609)
@@ -12,4 +12,12 @@
* *
* The %%PREFIX%%/etc/rc.d/named script will do that for you. *
* *
+* If using syslog to log the BIND9 activity, and using a *
+* chroot'ed installation, you will need to tell syslog to *
+* install a log socket in the BIND9 chroot by running: *
+* *
+* # sysrc altlog_proglist+=named *
+* *
+* And then restarting syslogd with: service syslogd restart *
+* *
**********************************************************************
More information about the svn-ports-all
mailing list