From ced7835c06b507528a27a1ef54de7f2533a2200c Mon Sep 17 00:00:00 2001
From: dougb <dougb@FreeBSD.org>
Date: Sat, 28 May 2011 00:21:28 +0000
Subject: Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
---
 contrib/bind9/lib/dns/rdata/generic/gpos_27.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'contrib/bind9/lib/dns/rdata/generic/gpos_27.h')

diff --git a/contrib/bind9/lib/dns/rdata/generic/gpos_27.h b/contrib/bind9/lib/dns/rdata/generic/gpos_27.h
index f5df4fa..8b0e321 100644
--- a/contrib/bind9/lib/dns/rdata/generic/gpos_27.h
+++ b/contrib/bind9/lib/dns/rdata/generic/gpos_27.h
@@ -18,7 +18,7 @@
 #ifndef GENERIC_GPOS_27_H
 #define GENERIC_GPOS_27_H 1
 
-/* $Id: gpos_27.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: gpos_27.h,v 1.17 2007-06-19 23:47:17 tbox Exp $ */
 
 /*!
  *  \brief per RFC1712 */
-- 
cgit v1.1