From: Noah Meyerhans <frodo@morgul.net>
Date: Mon, 24 Aug 2020 02:33:32 +0000 (-0700)
Subject: bind: New upstream version 9.16.6
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=cf61f7f8ef17bbf518b2ccc7536bb0f3c8828f52;p=feed%2Fpackages.git

bind: New upstream version 9.16.6

Several security issures are addressed:

 - CVE-2020-8620 It was possible to trigger an assertion failure by sending
   a specially crafted large TCP DNS message.
 - CVE-2020-8621 named could crash after failing an assertion check in
   certain query resolution scenarios where QNAME minimization and
   forwarding were both enabled. To prevent such crashes, QNAME minimization is
   now always disabled for a given query resolution process, if forwarders are
   used at any point.
 - CVE-2020-8622 It was possible to trigger an assertion failure when
   verifying the response to a TSIG-signed request.
 - CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
   was possible to trigger an assertion failure in code determining the
   number of bits in the PKCS#11 RSA public key with a specially crafted
   packet.
 - CVE-2020-8624 update-policy rules of type subdomain were incorrectly
   treated as zonesub rules, which allowed keys used in subdomain rules to
   update names outside of the specified subdomains. The problem was fixed by
   making sure subdomain rules are again processed as described in the ARM.

Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
---

diff --git a/net/bind/Makefile b/net/bind/Makefile
index 1cf1d37587..46354e8e78 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,8 +9,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.16.4
-PKG_RELEASE:=2
+PKG_VERSION:=9.16.6
+PKG_RELEASE:=1
 USERID:=bind=57:bind=57
 
 PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
 	https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=7522088d3daac8bcabaae37998178e09139ef5ccae6631cb1d8a625b770f370a
+PKG_HASH:=b567b0f3b47dd03b345a4848af7f2acdd3f5cea2bd804edd85d9ef50743571cb
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4