Update to 9.14.3.

MFH:		2019Q2 (security blanket)
Security:	CVE-2019-6471

4 files changed, 9 insertions, 44 deletions

diff --git a/dns/bind914/Makefile b/dns/bind914/Makefile
index 898c981d83ff..249f200262fc 100644
--- a/dns/bind914/Makefile
+++ b/dns/bind914/Makefile
@@ -8,7 +8,7 @@ PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
 PORTREVISION=	0
 .else
 # dns/bind914 here
-PORTREVISION=	2
+PORTREVISION=	0
 .endif
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
@@ -36,7 +36,7 @@ RUN_DEPENDS=	bind-tools>0:dns/bind-tools
 
 USES=	compiler:c11 cpe libedit pkgconfig ssl
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.14.2
+ISCVERSION=	9.14.3
 
 CPE_VENDOR=	isc
 CPE_VERSION=	${ISCVERSION:C/-.*//}
diff --git a/dns/bind914/distinfo b/dns/bind914/distinfo
index cf3d62b47bd9..9f4ef6d88b32 100644
--- a/dns/bind914/distinfo
+++ b/dns/bind914/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1557990570
-SHA256 (bind-9.14.2.tar.gz) = 0e4027573726502ec038db3973a086c02508671723a4845e21da1769a5c27f0c
-SIZE (bind-9.14.2.tar.gz) = 6263879
+TIMESTAMP = 1560947468
+SHA256 (bind-9.14.3.tar.gz) = ce878aabcf01b61ed114522c32fff9e268b02da55b3c248349860bc3d0c8bdfa
+SIZE (bind-9.14.3.tar.gz) = 6258311
diff --git a/dns/bind914/files/patch-configure b/dns/bind914/files/patch-configure
index 96d95f29c28b..60bc8b47b833 100644
--- a/dns/bind914/files/patch-configure
+++ b/dns/bind914/files/patch-configure
@@ -1,6 +1,6 @@
---- configure.orig	2019-05-10 04:51:34 UTC
+--- configure.orig	2019-06-04 15:20:04 UTC
 +++ configure
-@@ -16320,27 +16320,9 @@ done
+@@ -16347,27 +16347,9 @@ done
  		# problems start to show up.
  		saved_libs="$LIBS"
  		for TRY_LIBS in \
@@ -30,7 +30,7 @@
  		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
  $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
  		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -16383,47 +16365,7 @@ $as_echo "no" >&6; } ;;
+@@ -16410,47 +16392,7 @@ $as_echo "no" >&6; } ;;
  		no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
  		esac
  
@@ -79,7 +79,7 @@
  		DNS_GSSAPI_LIBS="$LIBS"
  
  		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -20927,7 +20869,7 @@ $as_echo "" >&6; }
+@@ -20960,7 +20902,7 @@ $as_echo "" >&6; }
  			# Check other locations for includes.
  			# Order is important (sigh).
  
diff --git a/dns/bind914/files/patch-lib_isc_unix_socket.c b/dns/bind914/files/patch-lib_isc_unix_socket.c
deleted file mode 100644
index 06db1cc3e9f5..000000000000
--- a/dns/bind914/files/patch-lib_isc_unix_socket.c
+++ /dev/null
@@ -1,35 +0,0 @@
-From e517c18d98c248e891558ce5194e3663d244f956 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
-Date: Fri, 31 May 2019 10:40:52 +0200
-Subject: [PATCH 1/2] Fix a possible race between udp dispatch and socket code
-
-There's a small possibility of race between udp dispatcher and
-socket code - socket code can still hold internal reference to a
-socket while dispatcher calls isc_socket_open, which can cause
-an assertion failure. Fix it by relaxing the assertion test, and
-instead simply locking the socket in isc_socket_open.
-
---- lib/isc/unix/socket.c.orig	2019-05-10 04:51:34 UTC
-+++ lib/isc/unix/socket.c
-@@ -2598,15 +2598,16 @@ isc_socket_open(isc_socket_t *sock0) {
- 
- 	REQUIRE(VALID_SOCKET(sock));
- 
--	REQUIRE(isc_refcount_current(&sock->references) == 1);
--	/*
--	 * We don't need to retain the lock hereafter, since no one else has
--	 * this socket.
--	 */
-+	LOCK(&sock->lock);
-+
-+	REQUIRE(isc_refcount_current(&sock->references) >= 1);
- 	REQUIRE(sock->fd == -1);
- 	REQUIRE(sock->threadid == -1);
- 
- 	result = opensocket(sock->manager, sock, NULL);
-+
-+	UNLOCK(&sock->lock);
-+
- 	if (result != ISC_R_SUCCESS) {
- 		sock->fd = -1;
- 	} else {