From owner-freebsd-security@FreeBSD.ORG Fri Sep 8 05:55:26 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C47B16A534 for ; Fri, 8 Sep 2006 05:55:26 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 1C6C843D79 for ; Fri, 8 Sep 2006 05:55:19 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 5439 invoked by uid 399); 8 Sep 2006 05:55:19 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 8 Sep 2006 05:55:19 -0000 Message-ID: <450105C4.9050300@FreeBSD.org> Date: Thu, 07 Sep 2006 22:55:16 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: eol1@yahoo.com References: <20060906230642.39757.qmail@web51909.mail.yahoo.com> In-Reply-To: <20060906230642.39757.qmail@web51909.mail.yahoo.com> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:20.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 05:55:26 -0000 Peter Thoenen wrote: > Just to verify as not mentioned in the security advisory, if you are > using both the BIND and OPENSSL ports with the REPLACE_BASE directive, > these don't apply correct? Assuming you've updated to the 9.3.2-P1 version (ports version 9.3.2.1) of BIND 9, then yes for the BIND part of the advisory. The BIND ports with REPLACE_BASE will overwrite all the system binaries, and actually install a couple things that the base doesn't (not that I'd expect anyone would need or want them, I just don't like to muck with the ports more than absolutely necessary). For completeness sake, I should note that what I said up there is not 100% accurate in the case where you have BIND 8 in the base (such as in RELENG_4), and try to replace it with BIND 9, or vice versa. In that case, you're better off first doing a build/installworld with the NO_BIND option set in make.conf, removing all the old binaries, libs, and includes; and then installing the port. hth, Doug -- This .signature sanitized for your protection