FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us

non port: head/dns/bind9/distinfo

Number of commits found: 20

Wed, 1 Dec 2010
[ 00:48 dougb ] Original commit 
1.2307 MOVED
1.122 dns/Makefile
1.95 dns/bind9/Makefile
1.49 dns/bind9/distinfo
1.2 dns/bind9/files/patch-bin_named_update.c
1.12 dns/bind9/pkg-descr
1.5 dns/bind9/pkg-message
1.25 dns/bind9/pkg-plist
As previously advertised, remove BIND 9.3.x coincident with the
Thu, 8 Jan 2009
[ 08:18 dougb ] Original commit 
1.86 dns/bind9/Makefile
1.48 dns/bind9/distinfo
1.91 dns/bind94/Makefile
1.51 dns/bind94/distinfo
1.93 dns/bind95/Makefile
1.53 dns/bind95/distinfo
1.95 dns/bind96/Makefile
1.55 dns/bind96/distinfo
Update to the -P1 versions of the current BIND ports which contain
the fix for the following vulnerability:

Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

In short, if you're not using DNSSEC to verify signatures you have
nothing to worry about.

While I'm here, address the issues raised in the PR by adding a knob
to disable building with OpenSSL altogether (which eliminates DNSSEC
capability), and fix the configure arguments to better deal with the
situation where the user has ssl bits in both the base and LOCALBASE.

PR:             ports/126297
Submitted by:   Ronald F.Guilmette <>
Fri, 19 Dec 2008
[ 22:30 dougb ] Original commit 
1.84 dns/bind9/Makefile
1.47 dns/bind9/distinfo
1.4 dns/bind9/pkg-message
Upgrade to version 9.3.6.

Add a note to pkg-message indicating that ISC declared this version EOL
as of 1 December, but that we will support the port through the RELENG_6
Sat, 9 Aug 2008
[ 07:23 dougb ] Original commit 
1.46 dns/bind9/distinfo
1.49 dns/bind94/distinfo
1.51 dns/bind95/distinfo
All -P2 versions now have PGP signatures with ISC's standard
signing key.

PR:             ports/126389 (for bind9)
Submitted by:   Tsurutani Naoki <>
Sat, 2 Aug 2008
[ 07:01 dougb ] Original commit 
1.83 dns/bind9/Makefile
1.45 dns/bind9/distinfo
1.88 dns/bind94/Makefile
1.48 dns/bind94/distinfo
1.90 dns/bind95/Makefile
1.50 dns/bind95/distinfo
Update to patchlevel 2 for all versions:

- performance improvement over the P1 releases, namely
   + significantly remedying the port allocation issues
   + allowing TCP queries and zone transfers while issuing as many
      outstanding UDP queries as possible
   + additional security of port randomization at the same level as P1

- also includes fixes for several bugs in the 9.5.0 base code
Wed, 9 Jul 2008
[ 19:02 dougb ] Original commit 
1.82 dns/bind9/Makefile
1.44 dns/bind9/distinfo
1.85 dns/bind94/Makefile
1.47 dns/bind94/distinfo
1.87 dns/bind95/Makefile
1.49 dns/bind95/distinfo
Upgrade to the -P1 versions of each port, which add stronger randomization
of the UDP query-source ports. The server will still use the same query
port for the life of the process, so users for whom the issue of cache
poisoning is highly significant may wish to periodically restart their
server using /etc/rc.d/named restart, or other suitable method.

In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] option.

The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Mon, 2 Jun 2008
[ 05:20 dougb ] Original commit 
1.80 dns/bind9/Makefile
1.43 dns/bind9/distinfo
1.10 dns/bind9/pkg-descr
1.3 dns/bind9/pkg-message
1.23 dns/bind9/pkg-plist
Update to version 9.3.5. It contains the latest bug fixes, updates
to root server addresses, and a fix for the vulnerability mentioned

Users of BIND 9.3.x are strongly encouraged to upgrade to this
version. Also, the 9.3.x branch is now in maintenance-only mode.
Users are encouraged to investigate BIND 9.4.x or perhaps 9.5.x.
Tue, 24 Jul 2007
[ 22:00 dougb ] Original commit 
1.78 dns/bind9/Makefile
1.42 dns/bind9/distinfo
Update to 9.3.4-P1, which fixes the following:

The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name

All users are encouraged to upgrade.

See also:
Thu, 25 Jan 2007
[ 01:57 dougb ] Original commit 
1.75 dns/bind9/Makefile
1.41 dns/bind9/distinfo
Upgrade to version 9.3.4, the latest from ISC, which addresses the
following security issues. All users of BIND are encouraged to upgrade
to this version.

2126.   [security]      Serialise validation of type ANY responses. [RT #16555]

2124.   [security]      It was possible to dereference a freed fetch
                        context. [RT #16584]

2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]

2088.   [security]      Change the default RSA exponent from 3 to 65537.
                        [RT #16391]

2066.   [security]      Handle SIG queries gracefully. [RT #16300]

1941.   [bug]           ncache_adderesult() should set eresult even if no
                        rdataset is passed to it. [RT #15642]
Sat, 9 Dec 2006
[ 22:20 dougb ] Original commit 
1.73 dns/bind9/Makefile
1.40 dns/bind9/distinfo
Upgrade to version 9.3.3, the latest from ISC. This is
a maintenance release, with the usual round of bug and
security fixes.

All users of BIND 9 are encouraged to upgrade to this
Fri, 3 Nov 2006
[ 07:47 dougb ] Original commit 
1.72 dns/bind9/Makefile
1.39 dns/bind9/distinfo
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the list today):

        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
Wed, 6 Sep 2006
[ 18:42 dougb ] Original commit 
1.71 dns/bind9/Makefile
1.38 dns/bind9/distinfo
Upgrade to version 9.3.2-P1, which addresses the following security
2066.  [security]      Handle SIG queries gracefully. [RT #16300]
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
Wed, 28 Dec 2005
[ 01:07 dougb ] Original commit 
1.69 dns/bind9/Makefile
1.37 dns/bind9/distinfo
1.2 dns/bind9/files/patch-lib_dns_resolver.c
1.21 dns/bind9/pkg-plist
Update to 9.3.2, the latest from ISC
Thu, 24 Nov 2005
[ 00:08 dougb ] Original commit 
1.26 dns/bind8/distinfo
1.6 dns/bind84/distinfo
1.36 dns/bind9/distinfo
1.4 dns/fpdns/distinfo
1.34 dns/p5-Net-DNS/distinfo
1.15 editors/pico/distinfo
1.3 irc/sirc/distinfo
1.6 mail/pine-pgp-filters/distinfo
1.36 mail/pine4/distinfo
1.14 print/hpijs/distinfo

(Only the first 10 of 14 ports in this commit are shown above. View all ports for this commit)
Add SHA256 checksums to my ports
Sun, 13 Mar 2005
[ 10:52 dougb ] Original commit 
1.62 dns/bind9/Makefile
1.35 dns/bind9/distinfo
1.2 dns/bind9/files/
Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.

All users of BIND 9 are highly encouraged to upgrade to this version.

Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
Fri, 28 Jan 2005
[ 20:47 dougb ] Original commit 
1.61 dns/bind9/Makefile
1.34 dns/bind9/distinfo
Include a patch from ISC to deal with the following vulnerability:

Name:                   BIND: Self Check Failing [Added 2005.25.01]
Versions affected:      BIND 9.3.0
Severity:               LOW
Exploitable:            Remotely
Type:                   Denial of Service
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.

Turn off dnssec validation (off by default) at the options/view level.

        dnssec-enable no;

Active Exploits:        None known

Bump PORTREVISION accordingly.

It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
Fri, 24 Sep 2004
[ 04:03 dougb ] Original commit 
1.59 dns/bind9/Makefile
1.33 dns/bind9/distinfo
1.1 dns/bind9/files/
1.9 dns/bind9/pkg-descr
1.2 dns/bind9/pkg-message
1.20 dns/bind9/pkg-plist
Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).

Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current

There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.

Approved by:    portmgr (marcus)
Sun, 14 Mar 2004
[ 00:17 dougb ] Original commit 
1.24 dns/bind8/distinfo
1.32 dns/bind9/distinfo
1.9 editors/pico/distinfo
1.2 irc/sirc/distinfo
1.4 mail/pine-pgp-filters/distinfo
1.27 mail/pine4/distinfo
1.2 net/hawk/distinfo
1.9 print/hpijs/distinfo
1.4 sysutils/shlock/distinfo
Now that the SIZE thing has stabilized, add it to the ports I maintain.
Fri, 24 Oct 2003
[ 23:10 dougb ] Original commit 
1.54 dns/bind9/Makefile
1.31 dns/bind9/distinfo
Upgrade to the 9.2.3 release version
Thu, 25 Sep 2003
[ 05:08 dougb ] Original commit 
1.52 dns/bind9/Makefile
1.30 dns/bind9/distinfo
Upgrade to version 9.2.3rc4.

The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.

The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.

Number of commits found: 20

User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
libsoup*Aug 20
drupal8Aug 19
zabbix2-proxyAug 16
zabbix2-serverAug 16
zabbix22-proxyAug 16
zabbix22-serverAug 16
zabbix3-proxyAug 16
zabbix3-serverAug 16
zabbix32-proxyAug 16
zabbix32-serverAug 16
gitlab*Aug 15
py-supervisorAug 15
freeradius3Aug 14
mariadb100-server*Aug 12
mariadb101-server*Aug 12

17 vulnerabilities affecting 122 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 31196
Broken 165
Deprecated 107
Ignore 470
Forbidden 0
Restricted 212
Vulnerable 222
Expired 40
Set to expire 102
Interactive 0
new 24 hours 11
new 48 hours25
new 7 days107
new fortnight229
new month416

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2017 Dan Langille. All rights reserved.