Update to version 9.3.2-P2, which addresses the vulnerability

announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):

Description:
	Because of OpenSSL's recently announced vulnerabilities
	(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
	we are announcing this workaround and releasing patches.  A proof of
	concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

	OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
	Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
	RSAMD5 keys for all old keys using the old default exponent
	and perform a key rollover to these new keys.

	These versions also change the default RSA exponent to be
	65537 which is not vulnerable to the attacks described in
	CAN-2006-4339.

1 files changed, 2 insertions, 2 deletions

diff --git a/dns/bind9/Makefile b/dns/bind9/Makefile
index 843831efd433..4f31d3240d22 100644
--- a/dns/bind9/Makefile
+++ b/dns/bind9/Makefile
@@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug
 
 PORTNAME=	bind9
-PORTVERSION=	9.3.2.1
+PORTVERSION=	9.3.2.2
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
@@ -25,7 +25,7 @@ MAINTAINER=	DougB@FreeBSD.org
 COMMENT=	Completely new version of the BIND DNS suite with updated DNSSEC
 
 # ISC releases things like 9.3.0rc1, which our versioning doesn't like
-ISCVERSION=	9.3.2-P1
+ISCVERSION=	9.3.2-P2
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \