From 5664d0b5e14b27f69c74a6d9eaef0120987d1463 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Sun, 17 Nov 2002 08:36:20 +0000 Subject: Upgrade to version 8.3.4, which simply cleans up and slightly improves the security patches released for 8.3.3. --- net/bind8/Makefile | 3 +- net/bind8/distinfo | 4 +- net/bind8/files/patch-bind833.diff | 234 ------------------------------------- 3 files changed, 3 insertions(+), 238 deletions(-) delete mode 100644 net/bind8/files/patch-bind833.diff (limited to 'net/bind8') diff --git a/net/bind8/Makefile b/net/bind8/Makefile index e456cc4aaf48..62cbc9e3be87 100644 --- a/net/bind8/Makefile +++ b/net/bind8/Makefile @@ -11,8 +11,7 @@ # you can generally build it cleanly from the source. - Doug PORTNAME= bind -PORTVERSION= 8.3.3 -PORTREVISION= 1 +PORTVERSION= 8.3.4 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind/src/${PORTVERSION} diff --git a/net/bind8/distinfo b/net/bind8/distinfo index a588e5bdbde1..c74316625a63 100644 --- a/net/bind8/distinfo +++ b/net/bind8/distinfo @@ -1,2 +1,2 @@ -MD5 (bind-8.3.3/bind-src.tar.gz) = 4e904fdc3d908294147054276eba4064 -MD5 (bind-8.3.3/bind-doc.tar.gz) = b5b09e7c00709ee4cd550aff3a21e958 +MD5 (bind-8.3.4/bind-src.tar.gz) = 214a5116782f439534b9d47cba88d44b +MD5 (bind-8.3.4/bind-doc.tar.gz) = d1c7b87c2575e14e76223d1e89c5568a diff --git a/net/bind8/files/patch-bind833.diff b/net/bind8/files/patch-bind833.diff deleted file mode 100644 index 23b32b9b426e..000000000000 --- a/net/bind8/files/patch-bind833.diff +++ /dev/null @@ -1,234 +0,0 @@ -diff -ur src-patched/CHANGES src/CHANGES ---- src-patched/CHANGES Wed Jun 26 21:25:08 2002 -+++ src/CHANGES Wed Nov 13 22:11:17 2002 -@@ -1,3 +1,23 @@ -+1469. [bug] buffer length calculation for PX was wrong. -+ -+1468. [bug] ns_name_ntol() could overwite a zero length buffer. -+ -+1467. [bug] off by one bug in ns_makecannon(). -+ -+1466. [bug] large ENDS UDP buffer size could trigger a assertion. -+ -+1465. [bug] possible NULL pointer dereference in db_sec.c -+ -+1464. [bug] the buffer used to construct the -ve record was not -+ big enough for all possible SOA records. use pointer -+ arithmetic to calculate the remaining size in this -+ buffer. -+ -+1463. [bug] use serial space arithmetic to determine if a SIG is -+ too old, in the future or has internally constistant -+ times. -+ -+1462. [bug] write buffer overflow in make_rr(). - - --- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002) - -diff -ur src-patched/bin/named/db_defs.h src/bin/named/db_defs.h ---- src-patched/bin/named/db_defs.h Fri May 17 18:02:53 2002 -+++ src/bin/named/db_defs.h Wed Nov 13 22:11:17 2002 -@@ -78,7 +78,7 @@ - */ - - /* max length of data in RR data field */ --#define MAXDATA (2*MAXDNAME + 5*INT32SZ) -+#define MAXDATA (3*MAXDNAME + 5*INT32SZ) - - /* max length of data in a TXT RR segment */ - #define MAXCHARSTRING 255 -diff -ur src-patched/bin/named/db_sec.c src/bin/named/db_sec.c ---- src-patched/bin/named/db_sec.c Mon Jun 18 07:42:57 2001 -+++ src/bin/named/db_sec.c Wed Nov 13 22:11:17 2002 -@@ -479,7 +479,9 @@ - struct sig_record *sigdata; - struct dnode *sigdn; - struct databuf *sigdp; -- time_t now; -+ u_int32_t now; -+ u_int32_t exptime; -+ u_int32_t signtime; - char *signer; - u_char name_n[MAXDNAME]; - u_char *sig, *eom; -@@ -492,6 +494,7 @@ - int dnssec_failed = 0, dnssec_succeeded = 0; - int return_value; - int i; -+ int expired = 0; - - if (rrset == NULL || rrset->rr_name == NULL) { - ns_warning (ns_log_default, "verify_set: missing rrset/name"); -@@ -527,11 +530,14 @@ - * Don't verify a set if the SIG inception time is in - * the future. This should be fixed before 2038 (BEW) - */ -- if ((time_t)ntohl(sigdata->sig_time_n) > now) -+ signtime = ntohl(sigdata->sig_time_n); -+ if (SEQ_GT(signtime, now)) - continue; - - /* An expired set is dropped, but the data is not. */ -- if ((time_t)ntohl(sigdata->sig_exp_n) < now) { -+ exptime = ntohl(sigdata->sig_exp_n); -+ if (SEQ_GT(now, exptime)) { -+ expired++; - db_detach(&sigdn->dp); - sigdp = NULL; - continue; -@@ -723,7 +729,7 @@ - } - - end: -- if (dnssec_failed > 0) -+ if (dnssec_failed > 0 || expired > 0) - rrset_trim_sigs(rrset); - if (trustedkey == 0 && key != NULL) - dst_free_key(key); -diff -ur src-patched/bin/named/ns_defs.h src/bin/named/ns_defs.h ---- src-patched/bin/named/ns_defs.h Tue Jun 25 20:27:19 2002 -+++ src/bin/named/ns_defs.h Wed Nov 13 22:11:17 2002 -@@ -469,7 +469,7 @@ - q_cmsglen, /* len of cname message */ - q_cmsgsize; /* allocated size of cname message */ - int16_t q_dfd; /* UDP file descriptor */ -- int16_t q_udpsize; /* UDP message size */ -+ u_int16_t q_udpsize; /* UDP message size */ - int q_distance; /* distance this query is from the - * original query that the server - * received. */ -diff -ur src-patched/bin/named/ns_ncache.c src/bin/named/ns_ncache.c ---- src-patched/bin/named/ns_ncache.c Mon Jun 18 07:43:16 2001 -+++ src/bin/named/ns_ncache.c Wed Nov 13 22:11:17 2002 -@@ -66,7 +66,7 @@ - u_int16_t atype; - u_char *sp, *cp1; - u_char data[MAXDATA]; -- size_t len = sizeof data; -+ u_char *eod = data + sizeof(data); - #endif - - nameserIncr(from.sin_addr, nssRcvdNXD); -@@ -186,7 +186,7 @@ - rdatap = cp; - - /* origin */ -- n = dn_expand(msg, msg + msglen, cp, (char*)data, len); -+ n = dn_expand(msg, msg + msglen, cp, (char*)data, eod - data); - if (n < 0) { - ns_debug(ns_log_ncache, 3, - "ncache: origin form error"); -@@ -195,9 +195,8 @@ - cp += n; - n = strlen((char*)data) + 1; - cp1 = data + n; -- len -= n; - /* mail */ -- n = dn_expand(msg, msg + msglen, cp, (char*)cp1, len); -+ n = dn_expand(msg, msg + msglen, cp, (char*)cp1, eod - cp1); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: mail form error"); - return; -@@ -205,20 +204,20 @@ - cp += n; - n = strlen((char*)cp1) + 1; - cp1 += n; -- len -= n; - n = 5 * INT32SZ; -+ if (n > (eod - cp1)) /* Can't happen. See MAXDATA. */ -+ return; - BOUNDS_CHECK(cp, n); - memcpy(cp1, cp, n); - /* serial, refresh, retry, expire, min */ - cp1 += n; -- len -= n; - cp += n; - if (cp != rdatap + dlen) { - ns_debug(ns_log_ncache, 3, "ncache: form error"); - return; - } - /* store the zone of the soa record */ -- n = dn_expand(msg, msg + msglen, sp, (char*)cp1, len); -+ n = dn_expand(msg, msg + msglen, sp, (char*)cp1, eod - cp1); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: form error 2"); - return; -diff -ur src-patched/bin/named/ns_req.c src/bin/named/ns_req.c ---- src-patched/bin/named/ns_req.c Sun May 12 16:41:52 2002 -+++ src/bin/named/ns_req.c Wed Nov 13 22:11:17 2002 -@@ -2195,7 +2195,7 @@ - - /* first just copy over the type_covered, algorithm, */ - /* labels, orig ttl, two timestamps, and the footprint */ -- if ((dp->d_size - 18) > buflen) -+ if (buflen < 18) - goto cleanup; /* out of room! */ - memcpy(cp, cp1, 18); - cp += 18; -diff -ur src-patched/bin/named/ns_resp.c src/bin/named/ns_resp.c ---- src-patched/bin/named/ns_resp.c Wed Jun 26 20:09:19 2002 -+++ src/bin/named/ns_resp.c Wed Nov 13 22:11:17 2002 -@@ -2001,7 +2001,7 @@ - * to BOUNDS_CHECK() here. - */ - cp1 += (n = strlen((char *)cp1) + 1); -- n1 = sizeof(data) - n; -+ n1 = sizeof(data) - n - INT16SZ; - n = dn_expand(msg, eom, cp, (char *)cp1, n1); - if (n < 0) { - hp->rcode = FORMERR; -@@ -2043,8 +2043,18 @@ - ttl = origTTL; - } - -+ /* -+ * Check that expire and signature times are internally -+ * consistant. -+ */ -+ if (!SEQ_GT(exptime, signtime) && exptime != signtime) { -+ ns_debug(ns_log_default, 3, -+ "ignoring SIG: signature expires before it was signed"); -+ return ((cp - rrp) + dlen); -+ } -+ - /* Don't let bogus signers "sign" in the future. */ -- if (signtime > now) { -+ if (SEQ_GT(signtime, now)) { - ns_debug(ns_log_default, 3, - "ignoring SIG: signature date %s is in the future", - p_secstodate (signtime)); -@@ -2052,7 +2062,7 @@ - } - - /* Ignore received SIG RR's that are already expired. */ -- if (exptime <= now) { -+ if (SEQ_GT(now, exptime)) { - ns_debug(ns_log_default, 3, - "ignoring SIG: expiration %s is in the past", - p_secstodate (exptime)); -diff -ur src-patched/lib/nameser/ns_name.c src/lib/nameser/ns_name.c ---- src-patched/lib/nameser/ns_name.c Thu May 23 22:10:40 2002 -+++ src/lib/nameser/ns_name.c Wed Nov 13 22:11:17 2002 -@@ -341,6 +341,10 @@ - dn = dst; - eom = dst + dstsiz; - -+ if (dn >= eom) { -+ errno = EMSGSIZE; -+ return (-1); -+ } - while ((n = *cp++) != 0) { - if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { - /* Some kind of compression pointer. */ -diff -ur src-patched/lib/nameser/ns_samedomain.c src/lib/nameser/ns_samedomain.c ---- src-patched/lib/nameser/ns_samedomain.c Fri Oct 15 14:06:51 1999 -+++ src/lib/nameser/ns_samedomain.c Wed Nov 13 22:11:17 2002 -@@ -166,7 +166,7 @@ - ns_makecanon(const char *src, char *dst, size_t dstsize) { - size_t n = strlen(src); - -- if (n + sizeof "." > dstsize) { -+ if (n + sizeof "." + 1 > dstsize) { - errno = EMSGSIZE; - return (-1); - } -- cgit v1.2.3