diff options
| author | mat <mat@FreeBSD.org> | 2017-06-14 22:56:44 +0000 |
|---|---|---|
| committer | mat <mat@FreeBSD.org> | 2017-06-14 22:56:44 +0000 |
| commit | 7d60e0aa046e738f6fae6e715637544852c00bfb (patch) | |
| tree | a931cbfaf15ffd1fdfa7d46e89336adfee6f617c | |
| parent | c62111c77070a08f83820b2d0f8fcae4c0cc1b38 (diff) | |
| download | FreeBSD-ports-7d60e0aa046e738f6fae6e715637544852c00bfb.zip FreeBSD-ports-7d60e0aa046e738f6fae6e715637544852c00bfb.tar.gz | |
MFH: r443608 r443607
Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.
Security: CVE-2017-3140
Security: CVE-2017-3141
Sponsored by: Absolight
Remove special handling for testing and documentation domains, per RFC
6761 recommendations.
While there:
- Fix invalid syntax in sample slave config.
- Add a message about having syslogd working with BIND9 chroot.
PR: 217915
Reported by: eserte12 yahoo de
Sponsored by: Absolight
| -rw-r--r-- | dns/bind9-devel/files/named.conf.in | 12 | ||||
| -rw-r--r-- | dns/bind9-devel/files/pkg-message.in | 7 | ||||
| -rw-r--r-- | dns/bind910/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind910/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind910/files/named.conf.in | 12 | ||||
| -rw-r--r-- | dns/bind910/files/pkg-message.in | 8 | ||||
| -rw-r--r-- | dns/bind911/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind911/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind911/files/named.conf.in | 12 | ||||
| -rw-r--r-- | dns/bind911/files/pkg-message.in | 8 | ||||
| -rw-r--r-- | dns/bind99/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind99/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind99/files/named.conf.in | 12 | ||||
| -rw-r--r-- | dns/bind99/files/pkg-message.in | 8 |
14 files changed, 51 insertions, 52 deletions
diff --git a/dns/bind9-devel/files/named.conf.in b/dns/bind9-devel/files/named.conf.in index 254a65f..2d23a65 100644 --- a/dns/bind9-devel/files/named.conf.in +++ b/dns/bind9-devel/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind9-devel/files/pkg-message.in b/dns/bind9-devel/files/pkg-message.in index 13383a1..e62ff81 100644 --- a/dns/bind9-devel/files/pkg-message.in +++ b/dns/bind9-devel/files/pkg-message.in @@ -12,6 +12,13 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * * * * * * THIS IS A DEVELOPMENT VERSION IF BIND, IT WILL EAT YOUR DATA * diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile index 0a25fc7..03eb099 100644 --- a/dns/bind910/Makefile +++ b/dns/bind910/Makefile @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.5 +ISCVERSION= 9.10.5-P1 USES= cpe libedit diff --git a/dns/bind910/distinfo b/dns/bind910/distinfo index b2b5353..fed094a2 100644 --- a/dns/bind910/distinfo +++ b/dns/bind910/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492690349 -SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e -SIZE (bind-9.10.5.tar.gz) = 9431916 +TIMESTAMP = 1497425849 +SHA256 (bind-9.10.5-P1.tar.gz) = 82fb885de927fdb4db0a0bb5e5efda839a857ff70adbcfcb0486a010924ae5cd +SIZE (bind-9.10.5-P1.tar.gz) = 9406887 diff --git a/dns/bind910/files/named.conf.in b/dns/bind910/files/named.conf.in index 254a65f..2d23a65 100644 --- a/dns/bind910/files/named.conf.in +++ b/dns/bind910/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind910/files/pkg-message.in b/dns/bind910/files/pkg-message.in index eb26dbb..a1bfad9 100644 --- a/dns/bind910/files/pkg-message.in +++ b/dns/bind910/files/pkg-message.in @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile index 1136bb1..a74c804 100644 --- a/dns/bind911/Makefile +++ b/dns/bind911/Makefile @@ -30,7 +30,7 @@ LICENSE= MPL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.1 +ISCVERSION= 9.11.1-P1 USES= cpe libedit diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo index 78d19e4..32648bc 100644 --- a/dns/bind911/distinfo +++ b/dns/bind911/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492691449 -SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2 -SIZE (bind-9.11.1.tar.gz) = 9762743 +TIMESTAMP = 1497425959 +SHA256 (bind-9.11.1-P1.tar.gz) = 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 +SIZE (bind-9.11.1-P1.tar.gz) = 9745364 diff --git a/dns/bind911/files/named.conf.in b/dns/bind911/files/named.conf.in index 254a65f..2d23a65 100644 --- a/dns/bind911/files/named.conf.in +++ b/dns/bind911/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind911/files/pkg-message.in b/dns/bind911/files/pkg-message.in index eb26dbb..a1bfad9 100644 --- a/dns/bind911/files/pkg-message.in +++ b/dns/bind911/files/pkg-message.in @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile index cb1891a..c23f2b2 100644 --- a/dns/bind99/Makefile +++ b/dns/bind99/Makefile @@ -16,7 +16,7 @@ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.10 +ISCVERSION= 9.9.10-P1 USES= cpe libedit diff --git a/dns/bind99/distinfo b/dns/bind99/distinfo index 8e4f40e2..2417bce 100644 --- a/dns/bind99/distinfo +++ b/dns/bind99/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492688489 -SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a -SIZE (bind-9.9.10.tar.gz) = 8857543 +TIMESTAMP = 1497425667 +SHA256 (bind-9.9.10-P1.tar.gz) = 2c09f361a5936b31dcfd9dfaa324351dc2cd25ca0a380cf4caa2cc94b3ba6bc5 +SIZE (bind-9.9.10-P1.tar.gz) = 8836915 diff --git a/dns/bind99/files/named.conf.in b/dns/bind99/files/named.conf.in index 254a65f..2d23a65 100644 --- a/dns/bind99/files/named.conf.in +++ b/dns/bind99/files/named.conf.in @@ -130,7 +130,7 @@ zone "in-addr.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; zone "ip6.arpa" { type slave; file "%%ETCDIR%%/slave/ip6.arpa.slave"; @@ -141,7 +141,7 @@ zone "ip6.arpa" { 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; -} +}; */ /* Serving the following zones locally will prevent any queries @@ -261,14 +261,6 @@ zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; }; - // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; diff --git a/dns/bind99/files/pkg-message.in b/dns/bind99/files/pkg-message.in index eb26dbb..a1bfad9 100644 --- a/dns/bind99/files/pkg-message.in +++ b/dns/bind99/files/pkg-message.in @@ -12,4 +12,12 @@ * * * The %%PREFIX%%/etc/rc.d/named script will do that for you. * * * +* If using syslog to log the BIND9 activity, and using a * +* chroot'ed installation, you will need to tell syslog to * +* install a log socket in the BIND9 chroot by running: * +* * +* # sysrc altlog_proglist+=named * +* * +* And then restarting syslogd with: service syslogd restart * +* * ********************************************************************** |
