Fix the AXFR subdomain overwrite vulnerability discovered by

Matthew Dempsky.  Also, fix the quoting of the BROKEN messages.

PR:		132366, 132349
Submitted by:	Renato Botelho <garga@FreeBSD.org>,
		Howard Goldstein <hg@queue.to>

dns/djbdns/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME?=	djbdns
 PORTVERSION?=	${DJBDNS_VER}
-PORTREVISION?=	12
+PORTREVISION?=	13
 CATEGORIES?=	dns
 MASTER_SITES=	http://cr.yp.to/djbdns/ \
 		ftp://cr.yp.to/djbdns/
@@ -32,7 +32,7 @@ OPTIONS=	DUMPCACHE	"persistent cache for dnscache" off \
 
 .if defined(WITH_JUMBO)
 .if defined(WITH_IPV6) || defined(WITH_IGNOREIP) || defined(WITH_SRV)
-BROKEN=		"The jumbo patch currently conflicts with the IPv6 and ignoreip2 patches"
+BROKEN=		The jumbo patch currently conflicts with the IPv6 and ignoreip2 patches
 .endif
 
 PATCH_SITES+=	http://www.ro.kde.org/djbdns/mywork/jumbo/:jumbo
@@ -69,7 +69,7 @@ EXTRA_PATCHES+=	${FILESDIR}/uint32.patch
 
 .if defined(WITH_DUMPCACHE) && !defined(WITH_JUMBO)
 .if defined(WITH_IPV6)
-BROKEN=		"The IPv6 and dnscache-dumpcache patches are currently in conflict"
+BROKEN=		The IPv6 and dnscache-dumpcache patches are currently in conflict
 .endif
 PATCH_SITES+=	http://efge.free.fr/djbdns/:dumpcache
 PATCHFILES+=	patch-dnscache-dumpcache-v4.txt:dumpcache

dns/djbdns/files/patch-response.c

@@ -0,0 +1,11 @@
+--- response.c.orig	2009-03-06 13:02:27.000000000 -0300
++++ response.c	2009-03-06 13:03:03.000000000 -0300
+@@ -34,7 +34,7 @@
+         uint16_pack_big(buf,49152 + name_ptr[i]);
+         return response_addbytes(buf,2);
+       }
+-    if (dlen <= 128)
++    if ((dlen <= 128) && (response_len < 16384))
+       if (name_num < NAMES) {
+ 	byte_copy(name[name_num],dlen,d);
+ 	name_ptr[name_num] = response_len;