From 49b20cc2f21ef6aa64a1a407b1d23487d7774457 Mon Sep 17 00:00:00 2001
From: Doug Barton <dougb@FreeBSD.org>
Date: Fri, 3 Nov 2006 07:47:21 +0000
Subject: Update to version 9.3.2-P2, which addresses the vulnerability
 announced by ISC dated 31 October (delivered via e-mail to the
 bind-announce@isc.org list today):

Description:
	Because of OpenSSL's recently announced vulnerabilities
	(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
	we are announcing this workaround and releasing patches.  A proof of
	concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

	OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
	Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
	RSAMD5 keys for all old keys using the old default exponent
	and perform a key rollover to these new keys.

	These versions also change the default RSA exponent to be
	65537 which is not vulnerable to the attacks described in
	CAN-2006-4339.
---
 dns/bind96/Makefile |  4 ++--
 dns/bind96/distinfo | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'dns/bind96')

diff --git a/dns/bind96/Makefile b/dns/bind96/Makefile
index 843831efd433..4f31d3240d22 100644
--- a/dns/bind96/Makefile
+++ b/dns/bind96/Makefile
@@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug
 
 PORTNAME=	bind9
-PORTVERSION=	9.3.2.1
+PORTVERSION=	9.3.2.2
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
@@ -25,7 +25,7 @@ MAINTAINER=	DougB@FreeBSD.org
 COMMENT=	Completely new version of the BIND DNS suite with updated DNSSEC
 
 # ISC releases things like 9.3.0rc1, which our versioning doesn't like
-ISCVERSION=	9.3.2-P1
+ISCVERSION=	9.3.2-P2
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
diff --git a/dns/bind96/distinfo b/dns/bind96/distinfo
index e783b58da449..2171f829bf29 100644
--- a/dns/bind96/distinfo
+++ b/dns/bind96/distinfo
@@ -1,6 +1,6 @@
-MD5 (bind-9.3.2-P1.tar.gz) = a0b86647ef6a2d5f1e759112d08e2229
-SHA256 (bind-9.3.2-P1.tar.gz) = 7c61230a0bd5b85de383a7053ec9b1b101295aa6a6bb681968f5fe0deeacefe0
-SIZE (bind-9.3.2-P1.tar.gz) = 5303237
-MD5 (bind-9.3.2-P1.tar.gz.asc) = 8a00ea7a53e6cc6da894a2a4e1c41ada
-SHA256 (bind-9.3.2-P1.tar.gz.asc) = fc3360ac49cec1d61777a0b1d68287832b15e9277b4a946a4038ef7dd083d2e1
-SIZE (bind-9.3.2-P1.tar.gz.asc) = 478
+MD5 (bind-9.3.2-P2.tar.gz) = 948101be324deb15ff94a5b6a639ea39
+SHA256 (bind-9.3.2-P2.tar.gz) = 2f82beca3bfbc28be4a9f42d0dbba8cc5442fb6394c94b4ac7530ea9a1bb4864
+SIZE (bind-9.3.2-P2.tar.gz) = 5316388
+MD5 (bind-9.3.2-P2.tar.gz.asc) = 1a15c9d9fcc1772a77fbd1f90f068592
+SHA256 (bind-9.3.2-P2.tar.gz.asc) = 7935933b31ebd5e611401d10a6f706e8a7e5aa961275b1f1c2770afe845a9a21
+SIZE (bind-9.3.2-P2.tar.gz.asc) = 479
-- 
cgit v1.2.3