diff options
| author | dougb <dougb@FreeBSD.org> | 2006-11-03 15:47:21 +0800 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2006-11-03 15:47:21 +0800 |
| commit | ae1f6f71622699a079e25978e9f8bddea74b0997 (patch) | |
| tree | f57289a1d526861e3b6c930f92bfc47d54782818 /dns/bind9 | |
| parent | 53e1eb9b6141777bba3dfe03a713fcd8c9a9f55b (diff) | |
| download | freebsd-ports-graphics-ae1f6f71622699a079e25978e9f8bddea74b0997.tar.gz freebsd-ports-graphics-ae1f6f71622699a079e25978e9f8bddea74b0997.tar.zst freebsd-ports-graphics-ae1f6f71622699a079e25978e9f8bddea74b0997.zip | |
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
Diffstat (limited to 'dns/bind9')
| -rw-r--r-- | dns/bind9/Makefile | 4 | ||||
| -rw-r--r-- | dns/bind9/distinfo | 12 |
2 files changed, 8 insertions, 8 deletions
diff --git a/dns/bind9/Makefile b/dns/bind9/Makefile index 843831efd43..4f31d3240d2 100644 --- a/dns/bind9/Makefile +++ b/dns/bind9/Makefile @@ -12,7 +12,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind9 -PORTVERSION= 9.3.2.1 +PORTVERSION= 9.3.2.2 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} \ http://dougbarton.us/Downloads/%SUBDIR%/ @@ -25,7 +25,7 @@ MAINTAINER= DougB@FreeBSD.org COMMENT= Completely new version of the BIND DNS suite with updated DNSSEC # ISC releases things like 9.3.0rc1, which our versioning doesn't like -ISCVERSION= 9.3.2-P1 +ISCVERSION= 9.3.2-P2 GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ diff --git a/dns/bind9/distinfo b/dns/bind9/distinfo index e783b58da44..2171f829bf2 100644 --- a/dns/bind9/distinfo +++ b/dns/bind9/distinfo @@ -1,6 +1,6 @@ -MD5 (bind-9.3.2-P1.tar.gz) = a0b86647ef6a2d5f1e759112d08e2229 -SHA256 (bind-9.3.2-P1.tar.gz) = 7c61230a0bd5b85de383a7053ec9b1b101295aa6a6bb681968f5fe0deeacefe0 -SIZE (bind-9.3.2-P1.tar.gz) = 5303237 -MD5 (bind-9.3.2-P1.tar.gz.asc) = 8a00ea7a53e6cc6da894a2a4e1c41ada -SHA256 (bind-9.3.2-P1.tar.gz.asc) = fc3360ac49cec1d61777a0b1d68287832b15e9277b4a946a4038ef7dd083d2e1 -SIZE (bind-9.3.2-P1.tar.gz.asc) = 478 +MD5 (bind-9.3.2-P2.tar.gz) = 948101be324deb15ff94a5b6a639ea39 +SHA256 (bind-9.3.2-P2.tar.gz) = 2f82beca3bfbc28be4a9f42d0dbba8cc5442fb6394c94b4ac7530ea9a1bb4864 +SIZE (bind-9.3.2-P2.tar.gz) = 5316388 +MD5 (bind-9.3.2-P2.tar.gz.asc) = 1a15c9d9fcc1772a77fbd1f90f068592 +SHA256 (bind-9.3.2-P2.tar.gz.asc) = 7935933b31ebd5e611401d10a6f706e8a7e5aa961275b1f1c2770afe845a9a21 +SIZE (bind-9.3.2-P2.tar.gz.asc) = 479 |