From owner-cvs-all@FreeBSD.ORG  Fri Dec  3 22:39:45 2010
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2DE70106564A;
	Fri,  3 Dec 2010 22:39:45 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 036D88FC08;
	Fri,  3 Dec 2010 22:39:45 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id oB3MdiRA096621;
	Fri, 3 Dec 2010 22:39:44 GMT
	(envelope-from dougb@repoman.freebsd.org)
Received: (from dougb@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id oB3Mdi4K096620;
	Fri, 3 Dec 2010 22:39:44 GMT (envelope-from dougb)
Message-Id: <201012032239.oB3Mdi4K096620@repoman.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Fri, 3 Dec 2010 22:39:44 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/dns/bind97 Makefile distinfo pkg-install
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 22:39:45 -0000

dougb       2010-12-03 22:39:44 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind97           Makefile distinfo 
  Added files:
    dns/bind97           pkg-install 
  Log:
  Update to version 9.7.2-P3, the latest from ISC, which addresses
  the following security vulnerabilities.
  
  For more information regarding these issues please see:
  http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
  
  1. Cache incorrectly allows ncache and rrsig for the same type
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
  
     Affects resolver operators whose servers are open to potential
     attackers. Triggering the bug will cause the server to crash.
  
     This bug applies even if you do not have DNSSEC enabled.
  
  2. Using "allow-query" in the "options" or "view" statements to
     restrict access to authoritative zones has no effect.
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  
     Affects authoritative server operators who wish to generally
     restrict queries to their authoritative zones, and are running
     9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
     end users to receive answers to queries they should not.
  
  3. Key algorithm rollover
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
  
     Affects resolver operators who have 9.7.2-P2 installed,
     are validating with DNSSEC, and querying zones which are
     in a key rollover period. The bug will cause answers to
     incorrectly be marked as insecure.
  
  For the port:
  1. Add CONFLICT for the ../bind-tools port
  2. Switch to pkg-install to create the symlinks to /etc/namedb/ as
     requested in [1]
  
  PR:             ports/151635 [1]
  Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
  
  Revision  Changes    Path
  1.13      +4 -8      ports/dns/bind97/Makefile
  1.11      +4 -4      ports/dns/bind97/distinfo
  1.1       +13 -0     ports/dns/bind97/pkg-install (new)