cvs commit: ports/dns/bind98 Makefile distinfo ports/dns/bind98/files patch-bin__named__query.c patch-bin__nsupdate__nsupdate.c

[Doug Barton]

dougb       2011-05-27 23:47:56 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind98           Makefile distinfo 
  Added files:
    dns/bind98/files     patch-bin__named__query.c 
                         patch-bin__nsupdate__nsupdate.c 
  Log:
  Upgrade to 9.8.0-P2, which addresses the following issues:
  
  1. Very large RRSIG RRsets included in a negative cache can trigger
  an assertion failure that will crash named (BIND 9 DNS) due to an
  off-by-one error in a buffer size check.
  
  This bug affects all resolving name servers, whether DNSSEC validation
  is enabled or not, on all BIND versions prior to today. There is a
  possibility of malicious exploitation of this bug by remote users.
  
  2. Named could fail to validate zones listed in a DLV that validated
  insecure without using DLV and had DS records in the parent zone.
  
  Add a patch provided by ru@ and confirmed by ISC to fix a crash at
  shutdown time when a SIG(0) key is being used.
  
  Add a patch from ISC that will be in 9.8.1 to handle intermittent
  failure of recursive queries involving CNAMEs and previously cached
  responses.
  
  Revision  Changes    Path
  1.8       +2 -2      ports/dns/bind98/Makefile
  1.6       +4 -4      ports/dns/bind98/distinfo
  1.1       +18 -0     ports/dns/bind98/files/patch-bin__named__query.c (new)
  1.1       +14 -0     ports/dns/bind98/files/patch-bin__nsupdate__nsupdate.c (new)