Include a patch from ISC to deal with the following vulnerability:

Name:			BIND: Self Check Failing [Added 2005.25.01]
Versions affected:	BIND 9.3.0
Severity:		LOW
Exploitable:		Remotely
Type:			Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.

Workarounds:
Turn off dnssec validation (off by default) at the options/view level.

	dnssec-enable no;

Active Exploits:	None known

Bump PORTREVISION accordingly.

It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.

dns/bind9/Makefile

@@ -13,11 +13,13 @@
 
 PORTNAME=	bind9
 PORTVERSION=	9.3.0
+PORTREVISION=	1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
 DISTNAME=	bind-${ISCVERSION}
-DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \
+		9.3.0-patch1 9.3.0-patch1.asc
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	DougB@FreeBSD.org
@@ -91,6 +93,12 @@ MAN5=	named.conf.5 rndc.conf.5
 MAN8=	dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \
 	named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8
 
+pre-patch:
+	@${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \
+		${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1
+
+EXTRA_PATCHES=	${WRKDIR}/9.3.0-patch1
+
 post-patch:
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \
 	rndc/rndc.8

dns/bind9/distinfo

@@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694
 SIZE (bind-9.3.0.tar.gz) = 4730656
 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8
 SIZE (bind-9.3.0.tar.gz.asc) = 186
+MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7
+SIZE (9.3.0-patch1) = 1019
+MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0
+SIZE (9.3.0-patch1.asc) = 187

dns/bind94/Makefile

@@ -13,11 +13,13 @@
 
 PORTNAME=	bind9
 PORTVERSION=	9.3.0
+PORTREVISION=	1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
 DISTNAME=	bind-${ISCVERSION}
-DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \
+		9.3.0-patch1 9.3.0-patch1.asc
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	DougB@FreeBSD.org
@@ -91,6 +93,12 @@ MAN5=	named.conf.5 rndc.conf.5
 MAN8=	dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \
 	named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8
 
+pre-patch:
+	@${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \
+		${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1
+
+EXTRA_PATCHES=	${WRKDIR}/9.3.0-patch1
+
 post-patch:
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \
 	rndc/rndc.8

dns/bind94/distinfo

@@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694
 SIZE (bind-9.3.0.tar.gz) = 4730656
 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8
 SIZE (bind-9.3.0.tar.gz.asc) = 186
+MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7
+SIZE (9.3.0-patch1) = 1019
+MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0
+SIZE (9.3.0-patch1.asc) = 187

dns/bind95/Makefile

@@ -13,11 +13,13 @@
 
 PORTNAME=	bind9
 PORTVERSION=	9.3.0
+PORTREVISION=	1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
 DISTNAME=	bind-${ISCVERSION}
-DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \
+		9.3.0-patch1 9.3.0-patch1.asc
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	DougB@FreeBSD.org
@@ -91,6 +93,12 @@ MAN5=	named.conf.5 rndc.conf.5
 MAN8=	dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \
 	named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8
 
+pre-patch:
+	@${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \
+		${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1
+
+EXTRA_PATCHES=	${WRKDIR}/9.3.0-patch1
+
 post-patch:
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \
 	rndc/rndc.8

dns/bind95/distinfo

@@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694
 SIZE (bind-9.3.0.tar.gz) = 4730656
 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8
 SIZE (bind-9.3.0.tar.gz.asc) = 186
+MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7
+SIZE (9.3.0-patch1) = 1019
+MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0
+SIZE (9.3.0-patch1.asc) = 187

dns/bind96/Makefile

@@ -13,11 +13,13 @@
 
 PORTNAME=	bind9
 PORTVERSION=	9.3.0
+PORTREVISION=	1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
 DISTNAME=	bind-${ISCVERSION}
-DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \
+		9.3.0-patch1 9.3.0-patch1.asc
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	DougB@FreeBSD.org
@@ -91,6 +93,12 @@ MAN5=	named.conf.5 rndc.conf.5
 MAN8=	dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \
 	named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8
 
+pre-patch:
+	@${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \
+		${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1
+
+EXTRA_PATCHES=	${WRKDIR}/9.3.0-patch1
+
 post-patch:
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \
 	rndc/rndc.8

dns/bind96/distinfo

@@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694
 SIZE (bind-9.3.0.tar.gz) = 4730656
 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8
 SIZE (bind-9.3.0.tar.gz.asc) = 186
+MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7
+SIZE (9.3.0-patch1) = 1019
+MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0
+SIZE (9.3.0-patch1.asc) = 187