From owner-cvs-all@FreeBSD.ORG  Fri Nov  3 07:47:22 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7717616A407;
	Fri,  3 Nov 2006 07:47:22 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4B96E43D6D;
	Fri,  3 Nov 2006 07:47:22 +0000 (GMT)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kA37lMm1018602;
	Fri, 3 Nov 2006 07:47:22 GMT
	(envelope-from dougb@repoman.freebsd.org)
Received: (from dougb@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kA37lMZ0018601;
	Fri, 3 Nov 2006 07:47:22 GMT (envelope-from dougb)
Message-Id: <200611030747.kA37lMZ0018601@repoman.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Fri, 3 Nov 2006 07:47:22 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/dns/bind9 Makefile distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2006 07:47:22 -0000

dougb       2006-11-03 07:47:22 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind9            Makefile distinfo 
  Log:
  Update to version 9.3.2-P2, which addresses the vulnerability
  announced by ISC dated 31 October (delivered via e-mail to the
  bind-announce@isc.org list today):
  
  Description:
          Because of OpenSSL's recently announced vulnerabilities
          (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
          we are announcing this workaround and releasing patches.  A proof of
          concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
  
          OpenSSL is required to use DNSSEC with BIND.
  
  Fix for version 9.3.2-P1 and lower:
          Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
          RSAMD5 keys for all old keys using the old default exponent
          and perform a key rollover to these new keys.
  
          These versions also change the default RSA exponent to be
          65537 which is not vulnerable to the attacks described in
          CAN-2006-4339.
  
  Revision  Changes    Path
  1.72      +2 -2      ports/dns/bind9/Makefile
  1.39      +6 -6      ports/dns/bind9/distinfo