From ced7835c06b507528a27a1ef54de7f2533a2200c Mon Sep 17 00:00:00 2001
From: dougb <dougb@FreeBSD.org>
Date: Sat, 28 May 2011 00:21:28 +0000
Subject: Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
---
 contrib/bind9/lib/isc/mutexblock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'contrib/bind9/lib/isc/mutexblock.c')

diff --git a/contrib/bind9/lib/isc/mutexblock.c b/contrib/bind9/lib/isc/mutexblock.c
index d45ad0e..38f423a 100644
--- a/contrib/bind9/lib/isc/mutexblock.c
+++ b/contrib/bind9/lib/isc/mutexblock.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mutexblock.c,v 1.20 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: mutexblock.c,v 1.20 2007-06-19 23:47:17 tbox Exp $ */
 
 /*! \file */
 
-- 
cgit v1.1