From 400315c15849b4cda1c15d3c48848986866e61b7 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Fri, 28 Jan 2005 20:47:44 +0000 Subject: Include a patch from ISC to deal with the following vulnerability: Name: BIND: Self Check Failing [Added 2005.25.01] Versions affected: BIND 9.3.0 Severity: LOW Exploitable: Remotely Type: Denial of Service Description: An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting. Workarounds: Turn off dnssec validation (off by default) at the options/view level. dnssec-enable no; Active Exploits: None known Bump PORTREVISION accordingly. It should be noted that the vast majority of users would not have DNSSEC enabled, and therefore are not vulnerable to this bug. --- dns/bind95/Makefile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'dns/bind95/Makefile') diff --git a/dns/bind95/Makefile b/dns/bind95/Makefile index 5dffd8c4d851..6b430e243906 100644 --- a/dns/bind95/Makefile +++ b/dns/bind95/Makefile @@ -13,11 +13,13 @@ PORTNAME= bind9 PORTVERSION= 9.3.0 +PORTREVISION= 1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} DISTNAME= bind-${ISCVERSION} -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \ + 9.3.0-patch1 9.3.0-patch1.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= DougB@FreeBSD.org @@ -91,6 +93,12 @@ MAN5= named.conf.5 rndc.conf.5 MAN8= dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \ named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8 +pre-patch: + @${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \ + ${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1 + +EXTRA_PATCHES= ${WRKDIR}/9.3.0-patch1 + post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \ rndc/rndc.8 -- cgit v1.2.3