From owner-svn-src-all@FreeBSD.ORG  Fri Jul 26 22:40:18 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id BF268FC6;
 Fri, 26 Jul 2013 22:40:18 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 91A4A245C;
 Fri, 26 Jul 2013 22:40:18 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6QMeIIe062259;
 Fri, 26 Jul 2013 22:40:18 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6QMeIQg062255;
 Fri, 26 Jul 2013 22:40:18 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201307262240.r6QMeIQg062255@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Fri, 26 Jul 2013 22:40:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r253692 - head/contrib/bind9/lib/dns/rdata/generic
 releng/8.4 releng/8.4/contrib/bind9/lib/dns/rdata/generic releng/8.4/sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2013 22:40:18 -0000

Author: delphij
Date: Fri Jul 26 22:40:17 2013
New Revision: 253692
URL: http://svnweb.freebsd.org/changeset/base/253692

Log:
  Fix Denial of Service vulnerability in named(8). [13:07]
  
  Security:	CVE-2013-4854
  Security:	FreeBSD-SA-13:07.bind
  Approved by:	so

Modified:
  releng/8.4/UPDATING
  releng/8.4/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
  releng/8.4/sys/conf/newvers.sh

Changes in other areas also in this revision:
Modified:
  head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c

Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING	Fri Jul 26 22:04:11 2013	(r253691)
+++ releng/8.4/UPDATING	Fri Jul 26 22:40:17 2013	(r253692)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20130726:	p2	FreeBSD-SA-13:07.bind
+	Fix Denial of Service vulnerability in named(8).
+
 20130628:	p1	FreeBSD-EN-13:01.fxp
 			FreeBSD-EN-13:02.vtnet
 	Fix a problem where dhclient(8) utility tries to initilaize an

Modified: releng/8.4/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
==============================================================================
--- releng/8.4/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c	Fri Jul 26 22:04:11 2013	(r253691)
+++ releng/8.4/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c	Fri Jul 26 22:40:17 2013	(r253692)
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
 	UNUSED(options);
 
 	isc_buffer_activeregion(source, &sr);
-	if (sr.length < 4)
+	if (sr.length < 16)
 		return (ISC_R_UNEXPECTEDEND);
 
 	isc_buffer_forward(source, sr.length);

Modified: releng/8.4/sys/conf/newvers.sh
==============================================================================
--- releng/8.4/sys/conf/newvers.sh	Fri Jul 26 22:04:11 2013	(r253691)
+++ releng/8.4/sys/conf/newvers.sh	Fri Jul 26 22:40:17 2013	(r253692)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="8.4"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi