Update BIND 9.9 and 9.10 to the latest security patch.

Sponsored by:	Absolight

3 files changed, 5 insertions, 57 deletions

diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile
index bc9c25835f45..90c7b3c3e82a 100644
--- a/dns/bind910/Makefile
+++ b/dns/bind910/Makefile
@@ -4,10 +4,10 @@ PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/}
 .if defined(BIND_TOOLS_SLAVE)
 # dns/bind-tools here
-PORTREVISION=	1
+PORTREVISION=	0
 .else
 # dns/bind910 here
-PORTREVISION=	2
+PORTREVISION=	0
 .endif
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
@@ -20,7 +20,7 @@ COMMENT?=	BIND DNS suite with updated DNSSEC and DNS64
 LICENSE=	ISCL
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.10.1-P1
+ISCVERSION=	9.10.1-P2
 
 MAKE_JOBS_UNSAFE=	yes
 
diff --git a/dns/bind910/distinfo b/dns/bind910/distinfo
index e61262c6bf39..0c9277a8ab9a 100644
--- a/dns/bind910/distinfo
+++ b/dns/bind910/distinfo
@@ -1,2 +1,2 @@
-SHA256 (bind-9.10.1-P1.tar.gz) = 974343108d32f253a130383d0ba51290fb7bf372092f1451f264a9e3ac09898d
-SIZE (bind-9.10.1-P1.tar.gz) = 8356463
+SHA256 (bind-9.10.1-P2.tar.gz) = 42dced2300ba6147168fe1b7faa2e7740e47b75e481290cd5e4483bd8b8a7feb
+SIZE (bind-9.10.1-P2.tar.gz) = 8356565
diff --git a/dns/bind910/files/patch-CVE-2015-1349 b/dns/bind910/files/patch-CVE-2015-1349
deleted file mode 100644
index 4eb553a7a479..000000000000
--- a/dns/bind910/files/patch-CVE-2015-1349
+++ /dev/null
@@ -1,52 +0,0 @@
-commit 12df718c23e29b16fcb5c12eace4b4a924de104d
-Author: Evan Hunt <each@isc.org>
-Date:   Tue Feb 3 18:32:05 2015 -0800
-
-    [v9_10_1_patch] avoid crash due to managed-key rollover
-    
-    4053.	[security]	Revoking a managed trust anchor and supplying
-    			an untrusted replacement could cause named
-    			to crash with an assertion failure.
-    			(CVE-2015-1349) [RT #38344]
-
-diff --git a/CHANGES b/CHANGES
-index 1234469..fc58de7 100644
---- CHANGES
-+++ CHANGES
-@@ -1,3 +1,10 @@
-+	--- 9.10.1-P2 released ---
-+
-+4053.	[security]	Revoking a managed trust anchor and supplying
-+			an untrusted replacement could cause named
-+			to crash with an assertion failure.
-+			(CVE-2015-1349) [RT #38344]
-+
- 	--- 9.10.1-P1 released ---
- 
- 4006.	[security]	A flaw in delegation handling could be exploited
-diff --git a/lib/dns/zone.c b/lib/dns/zone.c
-index ef60454..2c4558e 100644
---- lib/dns/zone.c
-+++ lib/dns/zone.c
-@@ -8946,6 +8946,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
- 					     namebuf, tag);
- 				trustkey = ISC_TRUE;
- 			}
-+		} else {
-+			/*
-+			 * No previously known key, and the key is not
-+			 * secure, so skip it.
-+			 */
-+			continue;
- 		}
- 
- 		/* Delete old version */
-@@ -8994,7 +9000,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
- 			trust_key(zone, keyname, &dnskey, mctx);
- 		}
- 
--		if (!deletekey) {
-+		if (secure && !deletekey) {
- 			INSIST(newkey || updatekey);
- 			set_refreshkeytimer(zone, &keydata, now);
- 		}