Upgrade to BIND 9.4.3-P5, 9.5.2-P2, and 9.6.1-P3. These versions address

the following vulnerabilities: BIND 9 Cache Update from Additional Section https://www.isc.org/advisories/CVE-2009-4022v6 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses https://www.isc.org/advisories/CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly These issues only affect systems with DNSSEC validation enabled.
svn path=/head/; revision=248498
2010-01-25 00:25:08 +00:00 · 2010-01-25 00:25:08 +00:00 · 9b77b5a942 · 2021-03-31 03:12:20 +00:00
commit 9b77b5a942
parent 3d177dfd51
6 changed files with 24 additions and 27 deletions
--- a/dns/bind94/Makefile
+++ b/dns/bind94/Makefile
@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug

 PORTNAME=	bind94
-PORTVERSION=	9.4.3.4
+PORTVERSION=	9.4.3.5
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
@ -25,7 +25,7 @@ MAINTAINER=	dougb@FreeBSD.org
 COMMENT=	The BIND DNS suite with updated DNSSEC and threads

 # ISC releases things like 9.4.0b3, which our versioning doesn't like
-ISCVERSION=	9.4.3-P4
+ISCVERSION=	9.4.3-P5

 MAKE_JOBS_UNSAFE=	yes

--- a/dns/bind94/distinfo
+++ b/dns/bind94/distinfo
@ -1,9 +1,6 @@
-MD5 (bind-9.4.3-P4.tar.gz) = 926d4664629a04af9a9afa9022bf0080
-SHA256 (bind-9.4.3-P4.tar.gz) = 6374354f72a25335ae54799e84f2f0f90b94e8849084ef50709ea8eef8534fc9
-SIZE (bind-9.4.3-P4.tar.gz) = 6545707
-MD5 (bind-9.4.3-P4.tar.gz.asc) = 3fdb975cc61be688a11b607afcf88b39
-SHA256 (bind-9.4.3-P4.tar.gz.asc) = 38ba45a70f18dc833440afc8d430944037365ed591d2d9db3c5816fdcbd35690
-SIZE (bind-9.4.3-P4.tar.gz.asc) = 481
-MD5 (bind-9.4.1-geodns-patch.tar.gz) = d3d515bdef525f9a31787b36a105e690
-SHA256 (bind-9.4.1-geodns-patch.tar.gz) = 352413037e4779519c0a5b70aef801c8f84bcf15d1d485b16096d75f83644a65
-SIZE (bind-9.4.1-geodns-patch.tar.gz) = 2057
+MD5 (bind-9.4.3-P5.tar.gz) = f14f4b59639068c9a611a9c03b821dde
+SHA256 (bind-9.4.3-P5.tar.gz) = 7ca93553d1f488af1b21ab26f0297be5c7b7b5920d29ad9743382bf3623b2939
+SIZE (bind-9.4.3-P5.tar.gz) = 6447497
+MD5 (bind-9.4.3-P5.tar.gz.asc) = eb83f72e9c305d660903fd1ba33f0f37
+SHA256 (bind-9.4.3-P5.tar.gz.asc) = 12f414d6890d543e584e008986c0912de7b22913c37a7be79f9dc1039cb9f414
+SIZE (bind-9.4.3-P5.tar.gz.asc) = 481
--- a/dns/bind95/Makefile
+++ b/dns/bind95/Makefile
@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug

 PORTNAME=	bind95
-PORTVERSION=	9.5.2.1
+PORTVERSION=	9.5.2.2
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
@ -25,7 +25,7 @@ MAINTAINER=	dougb@FreeBSD.org
 COMMENT=	The BIND DNS suite with updated DNSSEC and threads

 # ISC releases things like 9.4.0b3, which our versioning doesn't like
-ISCVERSION=	9.5.2-P1
+ISCVERSION=	9.5.2-P2

 MAKE_JOBS_UNSAFE=	yes

--- a/dns/bind95/distinfo
+++ b/dns/bind95/distinfo
@ -1,6 +1,6 @@
-MD5 (bind-9.5.2-P1.tar.gz) = e3c691aa8d6b1a7ad4691fbb49f3cc58
-SHA256 (bind-9.5.2-P1.tar.gz) = ad892a8914fe6765621e0fa01b4acec5cf5487157ce93734f3f7d47ecccae5a0
-SIZE (bind-9.5.2-P1.tar.gz) = 6799718
-MD5 (bind-9.5.2-P1.tar.gz.asc) = 21382fa45433a2272171e8e718824335
-SHA256 (bind-9.5.2-P1.tar.gz.asc) = 3600ed113c6ebd95e0d72fcd5bce9c238e29a9be8579e9110079db5dc440f491
-SIZE (bind-9.5.2-P1.tar.gz.asc) = 481
+MD5 (bind-9.5.2-P2.tar.gz) = 67f228a9083de7509dacd87256060afb
+SHA256 (bind-9.5.2-P2.tar.gz) = 8d980a864c83212e4ab68675dd2bda5c6828b3785e7111142a0a83a0a4b63100
+SIZE (bind-9.5.2-P2.tar.gz) = 6674868
+MD5 (bind-9.5.2-P2.tar.gz.asc) = 4335c30ed5514381db789612523b4adf
+SHA256 (bind-9.5.2-P2.tar.gz.asc) = 860e68fd3d7089521c8c280cf4ad8461c24c2704d4f7a85314e18c5914f44e0a
+SIZE (bind-9.5.2-P2.tar.gz.asc) = 481
--- a/dns/bind96/Makefile
+++ b/dns/bind96/Makefile
@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug

 PORTNAME=	bind96
-PORTVERSION=	9.6.1.2
+PORTVERSION=	9.6.1.3
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
@ -25,7 +25,7 @@ MAINTAINER=	dougb@FreeBSD.org
 COMMENT=	The BIND DNS suite with updated DNSSEC and threads

 # ISC releases things like 9.4.0b3, which our versioning doesn't like
-ISCVERSION=	9.6.1-P2
+ISCVERSION=	9.6.1-P3

 MAKE_JOBS_UNSAFE=	yes

--- a/dns/bind96/distinfo
+++ b/dns/bind96/distinfo
@ -1,6 +1,6 @@
-MD5 (bind-9.6.1-P2.tar.gz) = 435bc2e26e470d46ddf2acb24abb6ea6
-SHA256 (bind-9.6.1-P2.tar.gz) = 8ad9593ae7ae6903150cfd9202200c26a1caf47816becdd5821b5360d544fc30
-SIZE (bind-9.6.1-P2.tar.gz) = 6601674
-MD5 (bind-9.6.1-P2.tar.gz.asc) = 8475a614b95592e4440a2be31f9fe80e
-SHA256 (bind-9.6.1-P2.tar.gz.asc) = 0acd6fc9e3005a1040d85fd8de2ff8b3b5bf77a4890a6737a766c26725dd7dc4
-SIZE (bind-9.6.1-P2.tar.gz.asc) = 481
+MD5 (bind-9.6.1-P3.tar.gz) = a0952d589b3051538033387be4c983f9
+SHA256 (bind-9.6.1-P3.tar.gz) = 869f5079a900b280c051d4c9cf7eefea000a0e70ccec9e6fcddd79e3caa10198
+SIZE (bind-9.6.1-P3.tar.gz) = 6508797
+MD5 (bind-9.6.1-P3.tar.gz.asc) = 3a8a0b5b1b342903f5ee661bceee4057
+SHA256 (bind-9.6.1-P3.tar.gz.asc) = 150217597c1ca61dc50ce46392e81f7533f9bf1031b41dd2dd387750ab61b583
+SIZE (bind-9.6.1-P3.tar.gz.asc) = 481