aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordougb <dougb@FreeBSD.org>2009-07-29 08:22:52 +0800
committerdougb <dougb@FreeBSD.org>2009-07-29 08:22:52 +0800
commit84c47371d1a52643eb1dbf74aed99201b0e33a18 (patch)
tree443f1ab8aba3cd93bc8086ab40f57fe90da024de
parent8276b6d755065f8242f6e16d17576661bc737956 (diff)
downloadfreebsd-ports-gnome-84c47371d1a52643eb1dbf74aed99201b0e33a18.tar.gz
freebsd-ports-gnome-84c47371d1a52643eb1dbf74aed99201b0e33a18.tar.zst
freebsd-ports-gnome-84c47371d1a52643eb1dbf74aed99201b0e33a18.zip
Apply the patch derived from version 9.6.1-P1 which addresses a remote
DoS vulnerability: Receipt of a specially-crafted dynamic update message may cause BIND 9 servers to exit. This vulnerability affects all servers -- it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround. More details can be found here: https://www.isc.org/node/474 All BIND users are encouraged to update to a patched version ASAP.
-rw-r--r--dns/bind9/Makefile2
-rw-r--r--dns/bind9/files/patch-bin_named_update.c16
2 files changed, 17 insertions, 1 deletions
diff --git a/dns/bind9/Makefile b/dns/bind9/Makefile
index f249af21d0f6..4c0878a520dc 100644
--- a/dns/bind9/Makefile
+++ b/dns/bind9/Makefile
@@ -12,7 +12,7 @@
# release you can generally build it cleanly from the source - Doug
PORTNAME= bind9
-PORTVERSION= 9.3.6.1
+PORTVERSION= 9.3.6.1.1
CATEGORIES= dns net ipv6
MASTER_SITES= ${MASTER_SITE_ISC} \
http://dougbarton.us/Downloads/%SUBDIR%/
diff --git a/dns/bind9/files/patch-bin_named_update.c b/dns/bind9/files/patch-bin_named_update.c
new file mode 100644
index 000000000000..f8a50c938312
--- /dev/null
+++ b/dns/bind9/files/patch-bin_named_update.c
@@ -0,0 +1,16 @@
+diff -ur bind-9.6.1/bin/named/update.c bind-9.6.1-P1/bin/named/update.c
+--- bin/named/update.c 2009-04-30 00:03:37.000000000 -0700
++++ bin/named/update.c 2009-07-28 07:18:08.000000000 -0700
+@@ -979,7 +979,11 @@
+ if (type == dns_rdatatype_rrsig ||
+ type == dns_rdatatype_sig)
+ covers = dns_rdata_covers(&t->rdata);
+- else
++ else if (type == dns_rdatatype_any) {
++ dns_db_detachnode(db, &node);
++ dns_diff_clear(&trash);
++ return (DNS_R_NXRRSET);
++ } else
+ covers = 0;
+
+ /*