diff options
author | dougb <dougb@FreeBSD.org> | 2009-07-29 08:22:52 +0800 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2009-07-29 08:22:52 +0800 |
commit | 84c47371d1a52643eb1dbf74aed99201b0e33a18 (patch) | |
tree | 443f1ab8aba3cd93bc8086ab40f57fe90da024de /dns | |
parent | 8276b6d755065f8242f6e16d17576661bc737956 (diff) | |
download | freebsd-ports-gnome-84c47371d1a52643eb1dbf74aed99201b0e33a18.tar.gz freebsd-ports-gnome-84c47371d1a52643eb1dbf74aed99201b0e33a18.tar.zst freebsd-ports-gnome-84c47371d1a52643eb1dbf74aed99201b0e33a18.zip |
Apply the patch derived from version 9.6.1-P1 which addresses a remote
DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
cause BIND 9 servers to exit. This vulnerability affects all
servers -- it is not limited to those that are configured to
allow dynamic updates. Access controls will not provide an
effective workaround.
More details can be found here: https://www.isc.org/node/474
All BIND users are encouraged to update to a patched version ASAP.
Diffstat (limited to 'dns')
-rw-r--r-- | dns/bind9/Makefile | 2 | ||||
-rw-r--r-- | dns/bind9/files/patch-bin_named_update.c | 16 |
2 files changed, 17 insertions, 1 deletions
diff --git a/dns/bind9/Makefile b/dns/bind9/Makefile index f249af21d0f6..4c0878a520dc 100644 --- a/dns/bind9/Makefile +++ b/dns/bind9/Makefile @@ -12,7 +12,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind9 -PORTVERSION= 9.3.6.1 +PORTVERSION= 9.3.6.1.1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} \ http://dougbarton.us/Downloads/%SUBDIR%/ diff --git a/dns/bind9/files/patch-bin_named_update.c b/dns/bind9/files/patch-bin_named_update.c new file mode 100644 index 000000000000..f8a50c938312 --- /dev/null +++ b/dns/bind9/files/patch-bin_named_update.c @@ -0,0 +1,16 @@ +diff -ur bind-9.6.1/bin/named/update.c bind-9.6.1-P1/bin/named/update.c +--- bin/named/update.c 2009-04-30 00:03:37.000000000 -0700 ++++ bin/named/update.c 2009-07-28 07:18:08.000000000 -0700 +@@ -979,7 +979,11 @@ + if (type == dns_rdatatype_rrsig || + type == dns_rdatatype_sig) + covers = dns_rdata_covers(&t->rdata); +- else ++ else if (type == dns_rdatatype_any) { ++ dns_db_detachnode(db, &node); ++ dns_diff_clear(&trash); ++ return (DNS_R_NXRRSET); ++ } else + covers = 0; + + /* |