From owner-cvs-src-old@FreeBSD.ORG  Thu Dec  9 21:12:07 2010
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2C797106566C
	for <cvs-src-old@freebsd.org>; Thu,  9 Dec 2010 21:12:07 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 157968FC08
	for <cvs-src-old@freebsd.org>; Thu,  9 Dec 2010 21:12:07 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id oB9LC6Zp051217
	for <cvs-src-old@freebsd.org>; Thu, 9 Dec 2010 21:12:06 GMT
	(envelope-from dougb@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id oB9LC6X5051216
	for cvs-src-old@freebsd.org; Thu, 9 Dec 2010 21:12:06 GMT
	(envelope-from dougb@repoman.freebsd.org)
Message-Id: <201012092112.oB9LC6X5051216@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	dougb@repoman.freebsd.org using -f
From: Doug Barton <dougb@FreeBSD.org>
Date: Thu, 9 Dec 2010 21:11:53 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: RELENG_7
Subject: cvs commit: src/contrib/bind9 CHANGES
 RELEASE-NOTES-BIND-9.4-ESV.html
 RELEASE-NOTES-BIND-9.4-ESV.pdf RELEASE-NOTES-BIND-9.4-ESV.txt
 release-notes.css version src/contrib/bind9/bin/named query.c
 src/contrib/bind9/doc/draft draft-ietf-behave-dns64-10.txt
 draft-ietf-behave-dns64-11.txt ...
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 21:12:07 -0000

dougb       2010-12-09 21:11:53 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    contrib/bind9        CHANGES version 
    contrib/bind9/bin/named query.c 
    contrib/bind9/lib/dns api rbtdb.c validator.c 
    contrib/bind9/lib/dns/include/dns db.h 
    contrib/bind9/lib/isc api print.c 
  Added files:           (Branch: RELENG_7)
    contrib/bind9        RELEASE-NOTES-BIND-9.4-ESV.html 
                         RELEASE-NOTES-BIND-9.4-ESV.pdf 
                         RELEASE-NOTES-BIND-9.4-ESV.txt 
                         release-notes.css 
    contrib/bind9/doc/draft draft-ietf-behave-dns64-11.txt 
                            draft-ietf-dnsext-dnssec-bis-updates-12.txt 
  Removed files:         (Branch: RELENG_7)
    contrib/bind9/doc/draft draft-ietf-behave-dns64-10.txt 
                            draft-ietf-dnsext-dnssec-bis-updates-10.txt 
  Log:
  SVN rev 216336 on 2010-12-09 21:11:53Z by dougb
  
  MFV: vendor/bind9/dist-9.4
  
  Update to version 9.4-ESV-R4, the latest from ISC, which addresses
  the following security vulnerabilities.
  
  For more information regarding these issues please see:
  http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
  
  1. Cache incorrectly allows ncache and rrsig for the same type
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
  
     Affects resolver operators whose servers are open to potential
     attackers. Triggering the bug will cause the server to crash.
  
     This bug applies even if you do not have DNSSEC enabled.
  
  2. Key algorithm rollover
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
  
     Affects resolver operators who are validating with DNSSEC, and
     querying zones which are in a key rollover period. The bug will
     cause answers to incorrectly be marked as insecure.
  
  Approved by:    re (kib)
  
  Revision       Changes    Path
  1.1.1.10.2.12  +27 -0     src/contrib/bind9/CHANGES
  1.1.2.1        +123 -0    src/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.html (new)
  1.1.2.1        +232 -0    src/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.pdf (new)
  1.1.2.1        +70 -0     src/contrib/bind9/RELEASE-NOTES-BIND-9.4-ESV.txt (new)
  1.1.1.6.2.6    +5 -3      src/contrib/bind9/bin/named/query.c
  1.1.2.2        +0 -1736   src/contrib/bind9/doc/draft/draft-ietf-behave-dns64-10.txt (dead)
  1.1.2.1        +1792 -0   src/contrib/bind9/doc/draft/draft-ietf-behave-dns64-11.txt (new)
  1.1.2.2        +0 -785    src/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-10.txt (dead)
  1.1.2.1        +785 -0    src/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-12.txt (new)
  1.1.1.6.2.8    +1 -1      src/contrib/bind9/lib/dns/api
  1.1.1.2.2.3    +15 -9     src/contrib/bind9/lib/dns/include/dns/db.h
  1.1.1.4.2.6    +28 -12    src/contrib/bind9/lib/dns/rbtdb.c
  1.1.1.6.2.9    +47 -11    src/contrib/bind9/lib/dns/validator.c
  1.1.1.5.2.5    +1 -1      src/contrib/bind9/lib/isc/api
  1.1.1.3.2.2    +3 -3      src/contrib/bind9/lib/isc/print.c
  1.1.4.2        +60 -0     src/contrib/bind9/release-notes.css (new)
  1.1.1.10.2.12  +2 -2      src/contrib/bind9/version