From owner-svn-src-all@FreeBSD.ORG Wed Mar 27 10:11:45 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E1BBA4D9; Wed, 27 Mar 2013 10:11:45 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id C500AB1E; Wed, 27 Mar 2013 10:11:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r2RABjXq053741; Wed, 27 Mar 2013 10:11:45 GMT (envelope-from erwin@svn.freebsd.org) Received: (from erwin@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r2RABiKs053723; Wed, 27 Mar 2013 10:11:44 GMT (envelope-from erwin@svn.freebsd.org) Message-Id: <201303271011.r2RABiKs053723@svn.freebsd.org> From: Erwin Lansing Date: Wed, 27 Mar 2013 10:11:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r248788 - in head: contrib/bind9 lib/bind lib/bind/dns lib/bind/dns/dns X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2013 10:11:46 -0000 Author: erwin Date: Wed Mar 27 10:11:43 2013 New Revision: 248788 URL: http://svnweb.freebsd.org/changeset/base/248788 Log: Update to 9.8.4-P2 Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] Security: CVE-2013-2266 Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S Modified: head/contrib/bind9/CHANGES head/contrib/bind9/config.h.in head/contrib/bind9/configure.in head/contrib/bind9/version head/lib/bind/config.h head/lib/bind/dns/code.h head/lib/bind/dns/dns/enumclass.h head/lib/bind/dns/dns/enumtype.h head/lib/bind/dns/dns/rdatastruct.h Directory Properties: head/contrib/bind9/ (props changed) Modified: head/contrib/bind9/CHANGES ============================================================================== --- head/contrib/bind9/CHANGES Wed Mar 27 07:58:29 2013 (r248787) +++ head/contrib/bind9/CHANGES Wed Mar 27 10:11:43 2013 (r248788) @@ -1,3 +1,10 @@ + --- 9.8.4-P2 released --- + +3516. [security] Removed the check for regex.h in configure in order + to disable regex syntax checking, as it exposes + BIND to a critical flaw in libregex on some + platforms. [RT #32688] + --- 9.8.4-P1 released --- 3407. [security] Named could die on specific queries with dns64 enabled. Modified: head/contrib/bind9/config.h.in ============================================================================== --- head/contrib/bind9/config.h.in Wed Mar 27 07:58:29 2013 (r248787) +++ head/contrib/bind9/config.h.in Wed Mar 27 10:11:43 2013 (r248788) @@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int /* Define if your OpenSSL version supports GOST. */ #undef HAVE_OPENSSL_GOST -/* Define to 1 if you have the header file. */ -#undef HAVE_REGEX_H - /* Define to 1 if you have the `setegid' function. */ #undef HAVE_SETEGID Modified: head/contrib/bind9/configure.in ============================================================================== --- head/contrib/bind9/configure.in Wed Mar 27 07:58:29 2013 (r248787) +++ head/contrib/bind9/configure.in Wed Mar 27 10:11:43 2013 (r248788) @@ -298,7 +298,7 @@ esac AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, +AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, [$ac_includes_default #ifdef HAVE_SYS_PARAM_H # include Modified: head/contrib/bind9/version ============================================================================== --- head/contrib/bind9/version Wed Mar 27 07:58:29 2013 (r248787) +++ head/contrib/bind9/version Wed Mar 27 10:11:43 2013 (r248788) @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=8 PATCHVER=4 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2 Modified: head/lib/bind/config.h ============================================================================== --- head/lib/bind/config.h Wed Mar 27 07:58:29 2013 (r248787) +++ head/lib/bind/config.h Wed Mar 27 10:11:43 2013 (r248788) @@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int /* Define if your OpenSSL version supports GOST. */ /* #undef HAVE_OPENSSL_GOST */ -/* Define to 1 if you have the header file. */ -#define HAVE_REGEX_H 1 - /* Define to 1 if you have the `setegid' function. */ #define HAVE_SETEGID 1 Modified: head/lib/bind/dns/code.h ============================================================================== --- head/lib/bind/dns/code.h Wed Mar 27 07:58:29 2013 (r248787) +++ head/lib/bind/dns/code.h Wed Mar 27 10:11:43 2013 (r248788) @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any Modified: head/lib/bind/dns/dns/enumclass.h ============================================================================== --- head/lib/bind/dns/dns/enumclass.h Wed Mar 27 07:58:29 2013 (r248787) +++ head/lib/bind/dns/dns/enumclass.h Wed Mar 27 10:11:43 2013 (r248788) @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any Modified: head/lib/bind/dns/dns/enumtype.h ============================================================================== --- head/lib/bind/dns/dns/enumtype.h Wed Mar 27 07:58:29 2013 (r248787) +++ head/lib/bind/dns/dns/enumtype.h Wed Mar 27 10:11:43 2013 (r248788) @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any Modified: head/lib/bind/dns/dns/rdatastruct.h ============================================================================== --- head/lib/bind/dns/dns/rdatastruct.h Wed Mar 27 07:58:29 2013 (r248787) +++ head/lib/bind/dns/dns/rdatastruct.h Wed Mar 27 10:11:43 2013 (r248788) @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any