Update to version 9.7.2-P3, the latest from ISC, which addresses

the following security vulnerabilities. For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories 1. Cache incorrectly allows ncache and rrsig for the same type http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 Affects resolver operators whose servers are open to potential attackers. Triggering the bug will cause the server to crash. This bug applies even if you do not have DNSSEC enabled. 2. Using "allow-query" in the "options" or "view" statements to restrict access to authoritative zones has no effect. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 Affects authoritative server operators who wish to generally restrict queries to their authoritative zones, and are running 9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized end users to receive answers to queries they should not. 3. Key algorithm rollover http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 Affects resolver operators who have 9.7.2-P2 installed, are validating with DNSSEC, and querying zones which are in a key rollover period. The bug will cause answers to incorrectly be marked as insecure. For the port: 1. Add CONFLICT for the ../bind-tools port 2. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee <ben@b1c1l1.com> [1]
svn path=/head/; revision=265648
2025-01-21 08:42:23 +00:00 · 2010-12-03 22:39:44 +00:00 · 2010-12-03 22:39:44 +00:00 · 8a993c4fbb · 2021-03-31 03:12:20 +00:00
commit 8a993c4fbb
parent 2592b3d263
3 changed files with 21 additions and 12 deletions
--- a/dns/bind97/Makefile
+++ b/dns/bind97/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME?=	bind97
-PORTVERSION=	9.7.2.2
+PORTVERSION=	9.7.2.3
 PORTREVISION?=	0
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
@ -20,7 +20,7 @@ MAINTAINER=	dougb@FreeBSD.org
 COMMENT?=	The BIND DNS suite with updated DNSSEC and threads

 # ISC releases things like 9.4.0b3, which our versioning doesn't like
-ISCVERSION=	9.7.2-P2
+ISCVERSION=	9.7.2-P3

 MAKE_JOBS_UNSAFE=	yes

@ -47,6 +47,7 @@ OPTIONS+=	LINKS "Create conf file symlinks in ${PREFIX}" on \
 		DLZ_LDAP "DLZ LDAP driver" off \
 		DLZ_FILESYSTEM "DLZ filesystem driver" off \
 		DLZ_STUB "DLZ stub driver" off
+CONFLICTS+=	bind-tools-9.*
 .endif

 # Just in case
@ -221,12 +222,7 @@ post-install:
 	    ${WRKSRC}/README* ${DOCSDIR}/
 .endif
 .if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE)
-	${MKDIR} /var/named${PREFIX}/etc
-.for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc
-.for FILE in named.conf rndc.key
-	${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE}
-.endfor
-.endfor
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 .endif

 	@${CAT} ${PKGMESSAGE}
--- a/dns/bind97/distinfo
+++ b/dns/bind97/distinfo
@ -1,4 +1,4 @@
-SHA256 (bind-9.7.2-P2.tar.gz) = e6d5938184066fc793c28ff975e09e9721116aede2a2d6d93b1be5e8654a5c8a
-SIZE (bind-9.7.2-P2.tar.gz) = 7573857
-SHA256 (bind-9.7.2-P2.tar.gz.asc) = a9aa8ee425dbc4530acde04db818a13c2e9fe919dd700d3f472a852a3c2bbeba
-SIZE (bind-9.7.2-P2.tar.gz.asc) = 481
+SHA256 (bind-9.7.2-P3.tar.gz) = cd945f4766be664f4528ec065df626ad3624481695316ec8e13ad272f4abfb7e
+SIZE (bind-9.7.2-P3.tar.gz) = 7643996
+SHA256 (bind-9.7.2-P3.tar.gz.asc) = 3f9047dbd123f211b8f9d6b7cbb53f9d6db3cd713a6fc144644b0d87a75afe93
+SIZE (bind-9.7.2-P3.tar.gz.asc) = 481
--- a/dns/bind97/pkg-install
+++ b/dns/bind97/pkg-install
@ -0,0 +1,13 @@
+#!/bin/sh
+
+[ "$2" = 'POST-INSTALL' ] || exit 0
+
+/bin/mkdir -p /var/named${PKG_PREFIX}/etc
+
+for DIR in ${PKG_PREFIX}/etc /var/named${PKG_PREFIX}/etc; do
+	for FILE in named.conf rndc.key; do
+		/bin/ln -sf /etc/namedb/${FILE} ${DIR}/${FILE}
+	done
+done
+
+exit 0