cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2fa218459c
freebsd-ports/dns/bind96
History
Doug Barton 0a1b168539 Update to the -P1 versions of the current BIND ports which contain 
the fix for the following vulnerability: https://www.isc.org/node/373

Description:
Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

Impact:
It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

In short, if you're not using DNSSEC to verify signatures you have
nothing to worry about.

While I'm here, address the issues raised in the PR by adding a knob
to disable building with OpenSSL altogether (which eliminates DNSSEC
capability), and fix the configure arguments to better deal with the
situation where the user has ssl bits in both the base and LOCALBASE.

PR:		ports/126297
Submitted by:	Ronald F.Guilmette <rfg@tristatelogic.com>
2009-01-08 08:18:45 +00:00
..
distinfo Update to the -P1 versions of the current BIND ports which contain 2009-01-08 08:18:45 +00:00
Makefile Update to the -P1 versions of the current BIND ports which contain 2009-01-08 08:18:45 +00:00
pkg-descr Update after repo-copy for BIND 9.6.0 2009-01-04 07:15:46 +00:00
pkg-message Update the pkg-message to be even less version-specific, and tell the user 2008-06-02 04:18:45 +00:00
pkg-plist Update after repo-copy for BIND 9.6.0 2009-01-04 07:15:46 +00:00