diff options
| author | dougb <dougb@FreeBSD.org> | 2011-05-28 07:47:39 +0800 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2011-05-28 07:47:39 +0800 |
| commit | ee99f5213f07bb4de14b19d10559a59c74d3d6ea (patch) | |
| tree | c18fbfe5f43ead04e15468c617b8f358186ff8dd /dns/bind97 | |
| parent | 69d3574cdbe9fd872f73f255dc7f05b823bd6553 (diff) | |
| download | freebsd-ports-gnome-ee99f5213f07bb4de14b19d10559a59c74d3d6ea.tar.gz freebsd-ports-gnome-ee99f5213f07bb4de14b19d10559a59c74d3d6ea.tar.zst freebsd-ports-gnome-ee99f5213f07bb4de14b19d10559a59c74d3d6ea.zip | |
Upgrade to 9.6-ESV-R4-P1 and 9.7.3-P1, which address the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
Diffstat (limited to 'dns/bind97')
| -rw-r--r-- | dns/bind97/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind97/distinfo | 8 | ||||
| -rw-r--r-- | dns/bind97/files/patch-bin__nsupdate__nsupdate.c | 14 |
3 files changed, 19 insertions, 5 deletions
diff --git a/dns/bind97/Makefile b/dns/bind97/Makefile index d332e5835380..380b59220454 100644 --- a/dns/bind97/Makefile +++ b/dns/bind97/Makefile @@ -20,7 +20,7 @@ MAINTAINER= dougb@FreeBSD.org COMMENT?= The BIND DNS suite with updated DNSSEC and threads # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.7.3 +ISCVERSION= 9.7.3-P1 MAKE_JOBS_UNSAFE= yes diff --git a/dns/bind97/distinfo b/dns/bind97/distinfo index e94f8008a541..249acafe3074 100644 --- a/dns/bind97/distinfo +++ b/dns/bind97/distinfo @@ -1,4 +1,4 @@ -SHA256 (bind-9.7.3.tar.gz) = 7c584ca838da4adb6e94e4507b97b180248ca2b1e6aec1513336b58b344a29f7 -SIZE (bind-9.7.3.tar.gz) = 7653584 -SHA256 (bind-9.7.3.tar.gz.asc) = 96386b587a21f86f456fdddc17558f5d799e2428261a7c6348b273b6912ff34d -SIZE (bind-9.7.3.tar.gz.asc) = 481 +SHA256 (bind-9.7.3-P1.tar.gz) = 5ff684039fda0df27b75a771b66dbe77fd612fb4ade5f4c15960fbb8d62bbbf1 +SIZE (bind-9.7.3-P1.tar.gz) = 7586464 +SHA256 (bind-9.7.3-P1.tar.gz.asc) = 81b766f8e11f17d56a83dbc6c4ab5e9564d62a255fd878dc55d3a03253d7cd3c +SIZE (bind-9.7.3-P1.tar.gz.asc) = 481 diff --git a/dns/bind97/files/patch-bin__nsupdate__nsupdate.c b/dns/bind97/files/patch-bin__nsupdate__nsupdate.c new file mode 100644 index 000000000000..1a14ba2fdf2b --- /dev/null +++ b/dns/bind97/files/patch-bin__nsupdate__nsupdate.c @@ -0,0 +1,14 @@ +--- bin/nsupdate/nsupdate.c.orig 2010-12-08 20:31:30.000000000 -0800 ++++ bin/nsupdate/nsupdate.c 2011-05-27 15:21:39.000000000 -0700 +@@ -694,8 +694,10 @@ + keyfile, isc_result_totext(result)); + return; + } +- } else ++ } else { + dst_key_attach(dstkey, &sig0key); ++ dst_key_free(&dstkey); ++ } + } + + static void |