pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2009Q4]: pkgsrc/net/bind95 Pullup ticket #2965 - requested by spz



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ca2fc040af77
branches:  pkgsrc-2009Q4
changeset: 569203:ca2fc040af77
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jan 21 21:11:20 2010 +0000

description:
Pullup ticket #2965 - requested by spz
bind95: security update

Revisions pulled up:
- net/bind95/Makefile                   1.16 via patch
- net/bind95/distinfo                   1.12
---
Module Name:    pkgsrc
Committed By:   spz
Date:           Thu Jan 21 19:42:16 UTC 2010

Modified Files:
        pkgsrc/net/bind95: Makefile distinfo

Log Message:
security update:
BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.5.2-P1:

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]

diffstat:

 net/bind95/Makefile |  5 ++---
 net/bind95/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diffs (38 lines):

diff -r c334800219a1 -r ca2fc040af77 net/bind95/Makefile
--- a/net/bind95/Makefile       Thu Jan 21 19:04:34 2010 +0000
+++ b/net/bind95/Makefile       Thu Jan 21 21:11:20 2010 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2009/12/11 16:22:08 taca Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2010/01/21 21:11:20 tron Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
-PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
                http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -17,7 +16,7 @@
 PKG_DESTDIR_SUPPORT=   user-destdir
 MAKE_JOBS_SAFE=        no
 
-BIND_VERSION=  9.5.2-P1
+BIND_VERSION=  9.5.2-P2
 
 # IPv6 ready, automatically detected
 .include "../../mk/bsd.prefs.mk"
diff -r c334800219a1 -r ca2fc040af77 net/bind95/distinfo
--- a/net/bind95/distinfo       Thu Jan 21 19:04:34 2010 +0000
+++ b/net/bind95/distinfo       Thu Jan 21 21:11:20 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.11 2009/11/30 11:58:30 tron Exp $
+$NetBSD: distinfo,v 1.11.2.1 2010/01/21 21:11:20 tron Exp $
 
-SHA1 (bind-9.5.2-P1.tar.gz) = 532d448554601cec13a645df812638d46fd41743
-RMD160 (bind-9.5.2-P1.tar.gz) = 2e2872a06fc1d97e4bcecaea3fb4f009f83cdb2b
-Size (bind-9.5.2-P1.tar.gz) = 6799718 bytes
+SHA1 (bind-9.5.2-P2.tar.gz) = ffa6df6752976e6bdd05508c5cc5131ef9a097f1
+RMD160 (bind-9.5.2-P2.tar.gz) = a0864dadb1af7268a0c54fed3bc178bd17abb55c
+Size (bind-9.5.2-P2.tar.gz) = 6674868 bytes
 SHA1 (patch-ab) = dd12c457791a75a8b43d9dfd0c0b236dcdbe31a5
 SHA1 (patch-ac) = a2c24198044f8cf29198e08a1a10b7e4ea739c40
 SHA1 (patch-ad) = 5c8af5a826e4f6891dfdf949b8a541ee33e16c3e



Home | Main Index | Thread Index | Old Index