From 83aa56c48faf0e726f652730c742a8d0e5034f1d Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Tue, 24 Jul 2007 22:02:16 +0000 Subject: Update to 9.4.1-P1, which has fixes for the following: 1. The default access control lists (acls) are not being correctly set. If not set anyone can make recursive queries and/or query the cache contents. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 2. The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 --- dns/bind94/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'dns/bind94/Makefile') diff --git a/dns/bind94/Makefile b/dns/bind94/Makefile index ccf426c441cc..93f1680d74b0 100644 --- a/dns/bind94/Makefile +++ b/dns/bind94/Makefile @@ -12,7 +12,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind94 -PORTVERSION= 9.4.1 +PORTVERSION= 9.4.1.1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} \ http://dougbarton.us/Downloads/%SUBDIR%/ @@ -25,7 +25,7 @@ MAINTAINER= dougb@FreeBSD.org COMMENT= The BIND DNS suite with updated DNSSEC and threads # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.4.1 +ISCVERSION= 9.4.1-P1 GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ -- cgit v1.2.3