From owner-cvs-ports@FreeBSD.ORG  Fri Dec  3 23:21:31 2010
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E63A0106564A;
	Fri,  3 Dec 2010 23:21:31 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id D65678FC16;
	Fri,  3 Dec 2010 23:21:31 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id oB3NLVFZ001585;
	Fri, 3 Dec 2010 23:21:31 GMT
	(envelope-from dougb@repoman.freebsd.org)
Received: (from dougb@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id oB3NLV1m001584;
	Fri, 3 Dec 2010 23:21:31 GMT (envelope-from dougb)
Message-Id: <201012032321.oB3NLV1m001584@repoman.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Fri, 3 Dec 2010 23:21:31 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/dns/bind96 Makefile distinfo
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 23:21:32 -0000

dougb       2010-12-03 23:21:31 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind96           Makefile distinfo 
  Log:
  Update to version 9.6-ESV-R3, the latest from ISC, which addresses
  the following security vulnerabilities.
  
  For more information regarding these issues please see:
  http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
  
  1. Cache incorrectly allows ncache and rrsig for the same type
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
  
     Affects resolver operators whose servers are open to potential
     attackers. Triggering the bug will cause the server to crash.
  
     This bug applies even if you do not have DNSSEC enabled.
  
  2. Using "allow-query" in the "options" or "view" statements to
     restrict access to authoritative zones has no effect.
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  
     Affects authoritative server operators who wish to generally
     restrict queries to their authoritative zones, and are running
     9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
     end users to receive answers to queries they should not.
  
  For the port:
  1. Add CONFLICT for the ../bind-tools port
  2. Remove CONFLICT for the removed ../bind9 port
  3. Remove OPTION for threads on < RELENG_7
  4. Switch to pkg-install to create the symlinks to /etc/namedb/ as
     requested in [1]
  
  PR:             ports/151635 [1]
  Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
  
  Revision  Changes    Path
  1.112     +6 -16     ports/dns/bind96/Makefile
  1.65      +4 -4      ports/dns/bind96/distinfo