From 400315c15849b4cda1c15d3c48848986866e61b7 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Fri, 28 Jan 2005 20:47:44 +0000 Subject: [PATCH] Include a patch from ISC to deal with the following vulnerability: Name: BIND: Self Check Failing [Added 2005.25.01] Versions affected: BIND 9.3.0 Severity: LOW Exploitable: Remotely Type: Denial of Service Description: An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting. Workarounds: Turn off dnssec validation (off by default) at the options/view level. dnssec-enable no; Active Exploits: None known Bump PORTREVISION accordingly. It should be noted that the vast majority of users would not have DNSSEC enabled, and therefore are not vulnerable to this bug. --- dns/bind9/Makefile | 10 +++++++++- dns/bind9/distinfo | 4 ++++ dns/bind94/Makefile | 10 +++++++++- dns/bind94/distinfo | 4 ++++ dns/bind95/Makefile | 10 +++++++++- dns/bind95/distinfo | 4 ++++ dns/bind96/Makefile | 10 +++++++++- dns/bind96/distinfo | 4 ++++ 8 files changed, 52 insertions(+), 4 deletions(-) diff --git a/dns/bind9/Makefile b/dns/bind9/Makefile index 5dffd8c4d851..6b430e243906 100644 --- a/dns/bind9/Makefile +++ b/dns/bind9/Makefile @@ -13,11 +13,13 @@ PORTNAME= bind9 PORTVERSION= 9.3.0 +PORTREVISION= 1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} DISTNAME= bind-${ISCVERSION} -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \ + 9.3.0-patch1 9.3.0-patch1.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= DougB@FreeBSD.org @@ -91,6 +93,12 @@ MAN5= named.conf.5 rndc.conf.5 MAN8= dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \ named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8 +pre-patch: + @${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \ + ${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1 + +EXTRA_PATCHES= ${WRKDIR}/9.3.0-patch1 + post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \ rndc/rndc.8 diff --git a/dns/bind9/distinfo b/dns/bind9/distinfo index dd09fb5d019f..e9a0f2c27568 100644 --- a/dns/bind9/distinfo +++ b/dns/bind9/distinfo @@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694 SIZE (bind-9.3.0.tar.gz) = 4730656 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8 SIZE (bind-9.3.0.tar.gz.asc) = 186 +MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7 +SIZE (9.3.0-patch1) = 1019 +MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0 +SIZE (9.3.0-patch1.asc) = 187 diff --git a/dns/bind94/Makefile b/dns/bind94/Makefile index 5dffd8c4d851..6b430e243906 100644 --- a/dns/bind94/Makefile +++ b/dns/bind94/Makefile @@ -13,11 +13,13 @@ PORTNAME= bind9 PORTVERSION= 9.3.0 +PORTREVISION= 1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} DISTNAME= bind-${ISCVERSION} -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \ + 9.3.0-patch1 9.3.0-patch1.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= DougB@FreeBSD.org @@ -91,6 +93,12 @@ MAN5= named.conf.5 rndc.conf.5 MAN8= dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \ named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8 +pre-patch: + @${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \ + ${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1 + +EXTRA_PATCHES= ${WRKDIR}/9.3.0-patch1 + post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \ rndc/rndc.8 diff --git a/dns/bind94/distinfo b/dns/bind94/distinfo index dd09fb5d019f..e9a0f2c27568 100644 --- a/dns/bind94/distinfo +++ b/dns/bind94/distinfo @@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694 SIZE (bind-9.3.0.tar.gz) = 4730656 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8 SIZE (bind-9.3.0.tar.gz.asc) = 186 +MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7 +SIZE (9.3.0-patch1) = 1019 +MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0 +SIZE (9.3.0-patch1.asc) = 187 diff --git a/dns/bind95/Makefile b/dns/bind95/Makefile index 5dffd8c4d851..6b430e243906 100644 --- a/dns/bind95/Makefile +++ b/dns/bind95/Makefile @@ -13,11 +13,13 @@ PORTNAME= bind9 PORTVERSION= 9.3.0 +PORTREVISION= 1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} DISTNAME= bind-${ISCVERSION} -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \ + 9.3.0-patch1 9.3.0-patch1.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= DougB@FreeBSD.org @@ -91,6 +93,12 @@ MAN5= named.conf.5 rndc.conf.5 MAN8= dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \ named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8 +pre-patch: + @${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \ + ${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1 + +EXTRA_PATCHES= ${WRKDIR}/9.3.0-patch1 + post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \ rndc/rndc.8 diff --git a/dns/bind95/distinfo b/dns/bind95/distinfo index dd09fb5d019f..e9a0f2c27568 100644 --- a/dns/bind95/distinfo +++ b/dns/bind95/distinfo @@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694 SIZE (bind-9.3.0.tar.gz) = 4730656 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8 SIZE (bind-9.3.0.tar.gz.asc) = 186 +MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7 +SIZE (9.3.0-patch1) = 1019 +MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0 +SIZE (9.3.0-patch1.asc) = 187 diff --git a/dns/bind96/Makefile b/dns/bind96/Makefile index 5dffd8c4d851..6b430e243906 100644 --- a/dns/bind96/Makefile +++ b/dns/bind96/Makefile @@ -13,11 +13,13 @@ PORTNAME= bind9 PORTVERSION= 9.3.0 +PORTREVISION= 1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} DISTNAME= bind-${ISCVERSION} -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc \ + 9.3.0-patch1 9.3.0-patch1.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= DougB@FreeBSD.org @@ -91,6 +93,12 @@ MAN5= named.conf.5 rndc.conf.5 MAN8= dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \ named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8 +pre-patch: + @${SED} -e 's#bind9/lib/dns/validator.c#lib/dns/validator.c#g' \ + ${DISTDIR}/9.3.0-patch1 > ${WRKDIR}/9.3.0-patch1 + +EXTRA_PATCHES= ${WRKDIR}/9.3.0-patch1 + post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \ rndc/rndc.8 diff --git a/dns/bind96/distinfo b/dns/bind96/distinfo index dd09fb5d019f..e9a0f2c27568 100644 --- a/dns/bind96/distinfo +++ b/dns/bind96/distinfo @@ -2,3 +2,7 @@ MD5 (bind-9.3.0.tar.gz) = fdb42fff7e345372ac52a4493b77b694 SIZE (bind-9.3.0.tar.gz) = 4730656 MD5 (bind-9.3.0.tar.gz.asc) = 131e73f617c649652c6218826bdc92f8 SIZE (bind-9.3.0.tar.gz.asc) = 186 +MD5 (9.3.0-patch1) = 90733dadf1487e035a8b94951e55fbb7 +SIZE (9.3.0-patch1) = 1019 +MD5 (9.3.0-patch1.asc) = 4c8072f375fa53e5ada4e0e4f67402c0 +SIZE (9.3.0-patch1.asc) = 187