From owner-cvs-all@FreeBSD.ORG  Thu Jan  8 08:18:45 2009
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5C4F3106564A;
	Thu,  8 Jan 2009 08:18:45 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 49F398FC19;
	Thu,  8 Jan 2009 08:18:45 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n088IjvY063448;
	Thu, 8 Jan 2009 08:18:45 GMT
	(envelope-from dougb@repoman.freebsd.org)
Received: (from dougb@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n088IjL7063447;
	Thu, 8 Jan 2009 08:18:45 GMT (envelope-from dougb)
Message-Id: <200901080818.n088IjL7063447@repoman.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Thu, 8 Jan 2009 08:18:45 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94
 Makefile distinfo ports/dns/bind95 Makefile distinfo
 ports/dns/bind96 Makefile distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jan 2009 08:18:45 -0000

dougb       2009-01-08 08:18:45 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind9            Makefile distinfo 
    dns/bind94           Makefile distinfo 
    dns/bind95           Makefile distinfo 
    dns/bind96           Makefile distinfo 
  Log:
  Update to the -P1 versions of the current BIND ports which contain
  the fix for the following vulnerability: https://www.isc.org/node/373
  
  Description:
  Return values from OpenSSL library functions EVP_VerifyFinal()
  and DSA_do_verify() were not checked properly.
  
  Impact:
  It is theoretically possible to spoof answers returned from
  zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).
  
  In short, if you're not using DNSSEC to verify signatures you have
  nothing to worry about.
  
  While I'm here, address the issues raised in the PR by adding a knob
  to disable building with OpenSSL altogether (which eliminates DNSSEC
  capability), and fix the configure arguments to better deal with the
  situation where the user has ssl bits in both the base and LOCALBASE.
  
  PR:             ports/126297
  Submitted by:   Ronald F.Guilmette <rfg@tristatelogic.com>
  
  Revision  Changes    Path
  1.86      +11 -8     ports/dns/bind9/Makefile
  1.48      +6 -6      ports/dns/bind9/distinfo
  1.91      +11 -8     ports/dns/bind94/Makefile
  1.51      +6 -6      ports/dns/bind94/distinfo
  1.93      +12 -8     ports/dns/bind95/Makefile
  1.53      +6 -6      ports/dns/bind95/distinfo
  1.95      +11 -8     ports/dns/bind96/Makefile
  1.55      +6 -6      ports/dns/bind96/distinfo