From ced7835c06b507528a27a1ef54de7f2533a2200c Mon Sep 17 00:00:00 2001
From: dougb <dougb@FreeBSD.org>
Date: Sat, 28 May 2011 00:21:28 +0000
Subject: Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
---
 contrib/bind9/lib/dns/iptable.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'contrib/bind9/lib/dns/iptable.c')

diff --git a/contrib/bind9/lib/dns/iptable.c b/contrib/bind9/lib/dns/iptable.c
index 55a5351..071f9a6 100644
--- a/contrib/bind9/lib/dns/iptable.c
+++ b/contrib/bind9/lib/dns/iptable.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: iptable.c,v 1.12.44.3 2009/02/18 23:47:12 tbox Exp $ */
+/* $Id: iptable.c,v 1.12.44.3 2009-02-18 23:47:12 tbox Exp $ */
 
 #include <config.h>
 
-- 
cgit v1.1