Apply the patch derived from version 9.6.1-P1 which addresses a remote

DoS vulnerability: Receipt of a specially-crafted dynamic update message may cause BIND 9 servers to exit. This vulnerability affects all servers -- it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround. More details can be found here: https://www.isc.org/node/474 All BIND users are encouraged to update to a patched version ASAP.
svn path=/head/; revision=238572
2009-07-29 00:22:52 +00:00 · 2009-07-29 00:22:52 +00:00 · 85e089ac76 · 2021-03-31 03:12:20 +00:00
commit 85e089ac76
parent 4c8fa525b2
2 changed files with 17 additions and 1 deletions
--- a/dns/bind9/Makefile
+++ b/dns/bind9/Makefile
@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug

 PORTNAME=	bind9
-PORTVERSION=	9.3.6.1
+PORTVERSION=	9.3.6.1.1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
--- a/dns/bind9/files/patch-bin_named_update.c
+++ b/dns/bind9/files/patch-bin_named_update.c
@ -0,0 +1,16 @@
+diff -ur bind-9.6.1/bin/named/update.c bind-9.6.1-P1/bin/named/update.c
+--- bin/named/update.c	2009-04-30 00:03:37.000000000 -0700
+++ bin/named/update.c	2009-07-28 07:18:08.000000000 -0700
+@@ -979,7 +979,11 @@
+ 			if (type == dns_rdatatype_rrsig ||
+ 			    type == dns_rdatatype_sig)
+ 				covers = dns_rdata_covers(&t->rdata);
+-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
+ 				covers = 0;
+ 
+ 			/*