FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
non port: head/dns/bind9/distinfo
SVNWeb

Number of commits found: 20

Wed, 1 Dec 2010
[ 00:48 dougb ] Original commit 
1.2307 MOVED
1.122 dns/Makefile
1.95 dns/bind9/Makefile
1.49 dns/bind9/distinfo
1.2 dns/bind9/files/patch-bin_named_update.c
1.12 dns/bind9/pkg-descr
1.5 dns/bind9/pkg-message
1.25 dns/bind9/pkg-plist
As previously advertised, remove BIND 9.3.x coincident with the
EOL of RELENG_6.
Thu, 8 Jan 2009
[ 08:18 dougb ] Original commit 
1.86 dns/bind9/Makefile
1.48 dns/bind9/distinfo
1.91 dns/bind94/Makefile
1.51 dns/bind94/distinfo
1.93 dns/bind95/Makefile
1.53 dns/bind95/distinfo
1.95 dns/bind96/Makefile
1.55 dns/bind96/distinfo
Update to the -P1 versions of the current BIND ports which contain
the fix for the following vulnerability: https://www.isc.org/node/373

Description:
Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

Impact:
It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

In short, if you're not using DNSSEC to verify signatures you have
nothing to worry about.

While I'm here, address the issues raised in the PR by adding a knob
to disable building with OpenSSL altogether (which eliminates DNSSEC
capability), and fix the configure arguments to better deal with the
situation where the user has ssl bits in both the base and LOCALBASE.

PR:             ports/126297
Submitted by:   Ronald F.Guilmette <rfg@tristatelogic.com>
Fri, 19 Dec 2008
[ 22:30 dougb ] Original commit 
1.84 dns/bind9/Makefile
1.47 dns/bind9/distinfo
1.4 dns/bind9/pkg-message
Upgrade to version 9.3.6.

Add a note to pkg-message indicating that ISC declared this version EOL
as of 1 December, but that we will support the port through the RELENG_6
lifetime.
Sat, 9 Aug 2008
[ 07:23 dougb ] Original commit 
1.46 dns/bind9/distinfo
1.49 dns/bind94/distinfo
1.51 dns/bind95/distinfo
All -P2 versions now have PGP signatures with ISC's standard
signing key.

PR:             ports/126389 (for bind9)
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Sat, 2 Aug 2008
[ 07:01 dougb ] Original commit 
1.83 dns/bind9/Makefile
1.45 dns/bind9/distinfo
1.88 dns/bind94/Makefile
1.48 dns/bind94/distinfo
1.90 dns/bind95/Makefile
1.50 dns/bind95/distinfo
Update to patchlevel 2 for all versions:

- performance improvement over the P1 releases, namely
   + significantly remedying the port allocation issues
   + allowing TCP queries and zone transfers while issuing as many
      outstanding UDP queries as possible
   + additional security of port randomization at the same level as P1

- also includes fixes for several bugs in the 9.5.0 base code
Wed, 9 Jul 2008
[ 19:02 dougb ] Original commit 
1.82 dns/bind9/Makefile
1.44 dns/bind9/distinfo
1.85 dns/bind94/Makefile
1.47 dns/bind94/distinfo
1.87 dns/bind95/Makefile
1.49 dns/bind95/distinfo
Upgrade to the -P1 versions of each port, which add stronger randomization
of the UDP query-source ports. The server will still use the same query
port for the life of the process, so users for whom the issue of cache
poisoning is highly significant may wish to periodically restart their
server using /etc/rc.d/named restart, or other suitable method.

In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] option.

The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Mon, 2 Jun 2008
[ 05:20 dougb ] Original commit 
1.80 dns/bind9/Makefile
1.43 dns/bind9/distinfo
1.10 dns/bind9/pkg-descr
1.3 dns/bind9/pkg-message
1.23 dns/bind9/pkg-plist
Update to version 9.3.5. It contains the latest bug fixes, updates
to root server addresses, and a fix for the vulnerability mentioned
here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122

Users of BIND 9.3.x are strongly encouraged to upgrade to this
version. Also, the 9.3.x branch is now in maintenance-only mode.
Users are encouraged to investigate BIND 9.4.x or perhaps 9.5.x.

http://www.isc.org/index.pl?/sw/bind/versions_and_support.php
Tue, 24 Jul 2007
[ 22:00 dougb ] Original commit 
1.78 dns/bind9/Makefile
1.42 dns/bind9/distinfo
Update to 9.3.4-P1, which fixes the following:

The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.

All users are encouraged to upgrade.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Thu, 25 Jan 2007
[ 01:57 dougb ] Original commit 
1.75 dns/bind9/Makefile
1.41 dns/bind9/distinfo
Upgrade to version 9.3.4, the latest from ISC, which addresses the
following security issues. All users of BIND are encouraged to upgrade
to this version.

2126.   [security]      Serialise validation of type ANY responses. [RT #16555]

2124.   [security]      It was possible to dereference a freed fetch
                        context. [RT #16584]

2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]

2088.   [security]      Change the default RSA exponent from 3 to 65537.
                        [RT #16391]

2066.   [security]      Handle SIG queries gracefully. [RT #16300]

1941.   [bug]           ncache_adderesult() should set eresult even if no
                        rdataset is passed to it. [RT #15642]
Sat, 9 Dec 2006
[ 22:20 dougb ] Original commit 
1.73 dns/bind9/Makefile
1.40 dns/bind9/distinfo
Upgrade to version 9.3.3, the latest from ISC. This is
a maintenance release, with the usual round of bug and
security fixes.

All users of BIND 9 are encouraged to upgrade to this
version.
Fri, 3 Nov 2006
[ 07:47 dougb ] Original commit 
1.72 dns/bind9/Makefile
1.39 dns/bind9/distinfo
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):

Description:
        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
        CAN-2006-4339.
Wed, 6 Sep 2006
[ 18:42 dougb ] Original commit 
1.71 dns/bind9/Makefile
1.38 dns/bind9/distinfo
Upgrade to version 9.3.2-P1, which addresses the following security
vulnerabilities:

http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066.  [security]      Handle SIG queries gracefully. [RT #16300]

http://www.kb.cert.org/vuls/id/697164
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
Wed, 28 Dec 2005
[ 01:07 dougb ] Original commit 
1.69 dns/bind9/Makefile
1.37 dns/bind9/distinfo
1.2 dns/bind9/files/patch-lib_dns_resolver.c
1.21 dns/bind9/pkg-plist
Update to 9.3.2, the latest from ISC
Thu, 24 Nov 2005
[ 00:08 dougb ] Original commit 
1.26 dns/bind8/distinfo
1.6 dns/bind84/distinfo
1.36 dns/bind9/distinfo
1.4 dns/fpdns/distinfo
1.34 dns/p5-Net-DNS/distinfo
1.15 editors/pico/distinfo
1.3 irc/sirc/distinfo
1.6 mail/pine-pgp-filters/distinfo
1.36 mail/pine4/distinfo
1.14 print/hpijs/distinfo

(Only the first 10 of 14 ports in this commit are shown above. View all ports for this commit)
Add SHA256 checksums to my ports
Sun, 13 Mar 2005
[ 10:52 dougb ] Original commit 
1.62 dns/bind9/Makefile
1.35 dns/bind9/distinfo
1.2 dns/bind9/files/patch-bin_named_Makefile.in
Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.

All users of BIND 9 are highly encouraged to upgrade to this version.

Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
FreeBSD.
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
Fri, 28 Jan 2005
[ 20:47 dougb ] Original commit 
1.61 dns/bind9/Makefile
1.34 dns/bind9/distinfo
Include a patch from ISC to deal with the following vulnerability:

Name:                   BIND: Self Check Failing [Added 2005.25.01]
Versions affected:      BIND 9.3.0
Severity:               LOW
Exploitable:            Remotely
Type:                   Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.

Workarounds:
Turn off dnssec validation (off by default) at the options/view level.

        dnssec-enable no;

Active Exploits:        None known

Bump PORTREVISION accordingly.

It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
Fri, 24 Sep 2004
[ 04:03 dougb ] Original commit 
1.59 dns/bind9/Makefile
1.33 dns/bind9/distinfo
1.1 dns/bind9/files/patch-bin_named_Makefile.in
1.9 dns/bind9/pkg-descr
1.2 dns/bind9/pkg-message
1.20 dns/bind9/pkg-plist
Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).

Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current

There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.

Approved by:    portmgr (marcus)
Sun, 14 Mar 2004
[ 00:17 dougb ] Original commit 
1.24 dns/bind8/distinfo
1.32 dns/bind9/distinfo
1.9 editors/pico/distinfo
1.2 irc/sirc/distinfo
1.4 mail/pine-pgp-filters/distinfo
1.27 mail/pine4/distinfo
1.2 net/hawk/distinfo
1.9 print/hpijs/distinfo
1.4 sysutils/shlock/distinfo
Now that the SIZE thing has stabilized, add it to the ports I maintain.
Fri, 24 Oct 2003
[ 23:10 dougb ] Original commit 
1.54 dns/bind9/Makefile
1.31 dns/bind9/distinfo
Upgrade to the 9.2.3 release version
Thu, 25 Sep 2003
[ 05:08 dougb ] Original commit 
1.52 dns/bind9/Makefile
1.30 dns/bind9/distinfo
Upgrade to version 9.2.3rc4.

The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.

The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.

Number of commits found: 20

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
bashOct 01
bashOct 01
bash-staticOct 01
bash-staticOct 01
jenkinsOct 01
jenkins-ltsOct 01
phpmyadminOct 01
rsyslog7Sep 30
fishSep 29
bash*Sep 25
bash-static*Sep 25
chromiumSep 25
krfbSep 25
linux-c6-nssSep 25
linux-firefoxSep 25

12 vulnerabilities affecting 35 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24166
Broken 104
Deprecated 26
Ignore 360
Forbidden 3
Restricted 205
No CDROM 93
Vulnerable 20
Expired 1
Set to expire 21
Interactive 0
new 24 hours 2
new 48 hours6
new 7 days56
new fortnight146
new month287

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.