cvs commit: ports/dns/bind98 Makefile distinfo
ports/dns/bind98/files patch-bin__named__query.c
patch-bin__nsupdate__nsupdate.c
Doug Barton
dougb at FreeBSD.org
Fri May 27 23:47:56 UTC 2011
dougb 2011-05-27 23:47:56 UTC
FreeBSD ports repository
Modified files:
dns/bind98 Makefile distinfo
Added files:
dns/bind98/files patch-bin__named__query.c
patch-bin__nsupdate__nsupdate.c
Log:
Upgrade to 9.8.0-P2, which addresses the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
Add a patch from ISC that will be in 9.8.1 to handle intermittent
failure of recursive queries involving CNAMEs and previously cached
responses.
Revision Changes Path
1.8 +2 -2 ports/dns/bind98/Makefile
1.6 +4 -4 ports/dns/bind98/distinfo
1.1 +18 -0 ports/dns/bind98/files/patch-bin__named__query.c (new)
1.1 +14 -0 ports/dns/bind98/files/patch-bin__nsupdate__nsupdate.c (new)
More information about the cvs-all
mailing list