1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-28 05:29:48 +00:00
freebsd-ports/dns/bind96/distinfo
Doug Barton 0a1b168539 Update to the -P1 versions of the current BIND ports which contain
the fix for the following vulnerability: https://www.isc.org/node/373

Description:
Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

Impact:
It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

In short, if you're not using DNSSEC to verify signatures you have
nothing to worry about.

While I'm here, address the issues raised in the PR by adding a knob
to disable building with OpenSSL altogether (which eliminates DNSSEC
capability), and fix the configure arguments to better deal with the
situation where the user has ssl bits in both the base and LOCALBASE.

PR:		ports/126297
Submitted by:	Ronald F.Guilmette <rfg@tristatelogic.com>
2009-01-08 08:18:45 +00:00

7 lines
402 B
Plaintext

MD5 (bind-9.6.0-P1.tar.gz) = 886b7eae55cfdc8cd8d2ca74a2f99c6e
SHA256 (bind-9.6.0-P1.tar.gz) = 4ccbd33a5b5c974c2778d5e61eeb4841c04a40904db43ee1ad190c3ed82978a9
SIZE (bind-9.6.0-P1.tar.gz) = 6526739
MD5 (bind-9.6.0-P1.tar.gz.asc) = 45bdf652391fc47ae55903d208fa0616
SHA256 (bind-9.6.0-P1.tar.gz.asc) = 560a34288a8946fec7ad2ebf06d7a98964b08772e8bda7a94a99783c79ec04c5
SIZE (bind-9.6.0-P1.tar.gz.asc) = 479