diff options
| author | dougb <dougb@FreeBSD.org> | 2005-01-28 20:47:44 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2005-01-28 20:47:44 +0000 |
| commit | 2449662f367d263eaa135881faece1d9500ab5c1 (patch) | |
| tree | bf63072948957fa41f28ba6943d29ed2a62fd262 /dns/bind95 | |
| parent | 4fb6496ea77d6df85ebfc5460e30550b718d4a37 (diff) | |
| download | FreeBSD-ports-2449662f367d263eaa135881faece1d9500ab5c1.zip FreeBSD-ports-2449662f367d263eaa135881faece1d9500ab5c1.tar.gz | |
Include a patch from ISC to deal with the following vulnerability:
Name: BIND: Self Check Failing [Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.
Workarounds:
Turn off dnssec validation (off by default) at the options/view level.
dnssec-enable no;
Active Exploits: None known
Bump PORTREVISION accordingly.
It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
Diffstat (limited to 'dns/bind95')
| -rw-r--r-- | dns/bind95/Makefile | 10 | ||||
| -rw-r--r-- | dns/bind95/distinfo | 4 |
2 files changed, 13 insertions, 1 deletions
diff --git a/dns/bind95/Makefile b/dns/bind95/Makefile index 5dffd8c..6b430e2 100644 --- a/dns/bind95/Makefile +++ b/dns/bind95/Makefile @@ -13,11 +13,13 @@ PORTNAME= bind9 PORTVERSION= 9.3.0 +PORTREVISION= 1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} DISTNAME= bind-${ISCVERSION} -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \ + 9.3.0-patch1 9.3.0-patch1.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= DougB@FreeBSD.org @@ -91,6 +93,12 @@ MAN5= named.conf.5 rndc.conf.5 MAN8= dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \ named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8 +pre-patch: + @${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \ + ${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1 + +EXTRA_PATCHES= ${WRKDIR}/9.3.0-patch1 + post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \ rndc/rndc.8 diff --git a/dns/bind95/distinfo b/dns/bind95/distinfo index dd09fb5..e9a0f2c 100644 --- a/dns/bind95/distinfo +++ b/dns/bind95/distinfo @@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694 SIZE (bind-9.3.0.tar.gz) = 4730656 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8 SIZE (bind-9.3.0.tar.gz.asc) = 186 +MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7 +SIZE (9.3.0-patch1) = 1019 +MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0 +SIZE (9.3.0-patch1.asc) = 187 |
