From ced7835c06b507528a27a1ef54de7f2533a2200c Mon Sep 17 00:00:00 2001
From: dougb <dougb@FreeBSD.org>
Date: Sat, 28 May 2011 00:21:28 +0000
Subject: Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
---
 contrib/bind9/lib/isc/hmacsha.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'contrib/bind9/lib/isc/hmacsha.c')

diff --git a/contrib/bind9/lib/isc/hmacsha.c b/contrib/bind9/lib/isc/hmacsha.c
index dfcd8bf..9f27163 100644
--- a/contrib/bind9/lib/isc/hmacsha.c
+++ b/contrib/bind9/lib/isc/hmacsha.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: hmacsha.c,v 1.8 2007/08/27 03:27:53 marka Exp $ */
+/* $Id: hmacsha.c,v 1.8 2007-08-27 03:27:53 marka Exp $ */
 
 /*
  * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
-- 
cgit v1.1