notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)

Two new features

Two new features were added on 2020-05-30:
  1. Repology links - each port now has a link to See issue 148 for details.
  2. Ports I maintain report - port maintainers can now subscribe to a daily report of commits to the ports they maintain. See Watch ports I maintain at Report Subscriptions. Details at issue 138
non port: dns/bind9/distinfo

Number of commits found XX: 20

Wed, 1 Dec 2010
[ 00:48 dougb ] Original commit 
1.2307 MOVED
1.122 dns/Makefile
1.95 dns/bind9/Makefile
1.49 dns/bind9/distinfo
1.2 dns/bind9/files/patch-bin_named_update.c
1.12 dns/bind9/pkg-descr
1.5 dns/bind9/pkg-message
1.25 dns/bind9/pkg-plist
As previously advertised, remove BIND 9.3.x coincident with the
Thu, 8 Jan 2009
[ 08:18 dougb ] Original commit 
1.86 dns/bind9/Makefile
1.48 dns/bind9/distinfo
1.91 dns/bind94/Makefile
1.51 dns/bind94/distinfo
1.93 dns/bind95/Makefile
1.53 dns/bind95/distinfo
1.95 dns/bind96/Makefile
1.55 dns/bind96/distinfo
Update to the -P1 versions of the current BIND ports which contain
the fix for the following vulnerability:

Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

In short, if you're not using DNSSEC to verify signatures you have
nothing to worry about.

While I'm here, address the issues raised in the PR by adding a knob
to disable building with OpenSSL altogether (which eliminates DNSSEC
capability), and fix the configure arguments to better deal with the
situation where the user has ssl bits in both the base and LOCALBASE.

PR:             ports/126297
Submitted by:   Ronald F.Guilmette <>
Fri, 19 Dec 2008
[ 22:30 dougb ] Original commit 
1.84 dns/bind9/Makefile
1.47 dns/bind9/distinfo
1.4 dns/bind9/pkg-message
Upgrade to version 9.3.6.

Add a note to pkg-message indicating that ISC declared this version EOL
as of 1 December, but that we will support the port through the RELENG_6
Sat, 9 Aug 2008
[ 07:23 dougb ] Original commit 
1.46 dns/bind9/distinfo
1.49 dns/bind94/distinfo
1.51 dns/bind95/distinfo
All -P2 versions now have PGP signatures with ISC's standard
signing key.

PR:             ports/126389 (for bind9)
Submitted by:   Tsurutani Naoki <>
Sat, 2 Aug 2008
[ 07:01 dougb ] Original commit 
1.83 dns/bind9/Makefile
1.45 dns/bind9/distinfo
1.88 dns/bind94/Makefile
1.48 dns/bind94/distinfo
1.90 dns/bind95/Makefile
1.50 dns/bind95/distinfo
Update to patchlevel 2 for all versions:

- performance improvement over the P1 releases, namely
   + significantly remedying the port allocation issues
   + allowing TCP queries and zone transfers while issuing as many
      outstanding UDP queries as possible
   + additional security of port randomization at the same level as P1

- also includes fixes for several bugs in the 9.5.0 base code
Wed, 9 Jul 2008
[ 19:02 dougb ] Original commit 
1.82 dns/bind9/Makefile
1.44 dns/bind9/distinfo
1.85 dns/bind94/Makefile
1.47 dns/bind94/distinfo
1.87 dns/bind95/Makefile
1.49 dns/bind95/distinfo
Upgrade to the -P1 versions of each port, which add stronger randomization
of the UDP query-source ports. The server will still use the same query
port for the life of the process, so users for whom the issue of cache
poisoning is highly significant may wish to periodically restart their
server using /etc/rc.d/named restart, or other suitable method.

In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] option.

The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Mon, 2 Jun 2008
[ 05:20 dougb ] Original commit 
1.80 dns/bind9/Makefile
1.43 dns/bind9/distinfo
1.10 dns/bind9/pkg-descr
1.3 dns/bind9/pkg-message
1.23 dns/bind9/pkg-plist
Update to version 9.3.5. It contains the latest bug fixes, updates
to root server addresses, and a fix for the vulnerability mentioned

Users of BIND 9.3.x are strongly encouraged to upgrade to this
version. Also, the 9.3.x branch is now in maintenance-only mode.
Users are encouraged to investigate BIND 9.4.x or perhaps 9.5.x.
Tue, 24 Jul 2007
[ 22:00 dougb ] Original commit 
1.78 dns/bind9/Makefile
1.42 dns/bind9/distinfo
Update to 9.3.4-P1, which fixes the following:

The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name

All users are encouraged to upgrade.

See also:
Thu, 25 Jan 2007
[ 01:57 dougb ] Original commit 
1.75 dns/bind9/Makefile
1.41 dns/bind9/distinfo
Upgrade to version 9.3.4, the latest from ISC, which addresses the
following security issues. All users of BIND are encouraged to upgrade
to this version.

2126.   [security]      Serialise validation of type ANY responses. [RT #16555]

2124.   [security]      It was possible to dereference a freed fetch
                        context. [RT #16584]

2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]

2088.   [security]      Change the default RSA exponent from 3 to 65537.
                        [RT #16391]

2066.   [security]      Handle SIG queries gracefully. [RT #16300]

1941.   [bug]           ncache_adderesult() should set eresult even if no
                        rdataset is passed to it. [RT #15642]
Sat, 9 Dec 2006
[ 22:20 dougb ] Original commit 
1.73 dns/bind9/Makefile
1.40 dns/bind9/distinfo
Upgrade to version 9.3.3, the latest from ISC. This is
a maintenance release, with the usual round of bug and
security fixes.

All users of BIND 9 are encouraged to upgrade to this
Fri, 3 Nov 2006
[ 07:47 dougb ] Original commit 
1.72 dns/bind9/Makefile
1.39 dns/bind9/distinfo
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the list today):

        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
Wed, 6 Sep 2006
[ 18:42 dougb ] Original commit 
1.71 dns/bind9/Makefile
1.38 dns/bind9/distinfo
Upgrade to version 9.3.2-P1, which addresses the following security
2066.  [security]      Handle SIG queries gracefully. [RT #16300]
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
Wed, 28 Dec 2005
[ 01:07 dougb ] Original commit 
1.69 dns/bind9/Makefile
1.37 dns/bind9/distinfo
1.2 dns/bind9/files/patch-lib_dns_resolver.c
1.21 dns/bind9/pkg-plist
Update to 9.3.2, the latest from ISC
Thu, 24 Nov 2005
[ 00:08 dougb ] Original commit 
1.26 dns/bind8/distinfo
1.6 dns/bind84/distinfo
1.36 dns/bind9/distinfo
1.4 dns/fpdns/distinfo
1.34 dns/p5-Net-DNS/distinfo
1.15 editors/pico/distinfo
1.3 irc/sirc/distinfo
1.6 mail/pine-pgp-filters/distinfo
1.36 mail/pine4/distinfo
1.14 print/hpijs/distinfo

(Only the first 10 of 14 ports in this commit are shown above. View all ports for this commit)
Add SHA256 checksums to my ports
Sun, 13 Mar 2005
[ 10:52 dougb ] Original commit 
1.62 dns/bind9/Makefile
1.35 dns/bind9/distinfo
1.2 dns/bind9/files/
Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.

All users of BIND 9 are highly encouraged to upgrade to this version.

Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
Fri, 28 Jan 2005
[ 20:47 dougb ] Original commit 
1.61 dns/bind9/Makefile
1.34 dns/bind9/distinfo
Include a patch from ISC to deal with the following vulnerability:

Name:                   BIND: Self Check Failing [Added 2005.25.01]
Versions affected:      BIND 9.3.0
Severity:               LOW
Exploitable:            Remotely
Type:                   Denial of Service
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.

Turn off dnssec validation (off by default) at the options/view level.

        dnssec-enable no;

Active Exploits:        None known

Bump PORTREVISION accordingly.

It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
Fri, 24 Sep 2004
[ 04:03 dougb ] Original commit 
1.59 dns/bind9/Makefile
1.33 dns/bind9/distinfo
1.1 dns/bind9/files/
1.9 dns/bind9/pkg-descr
1.2 dns/bind9/pkg-message
1.20 dns/bind9/pkg-plist
Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).

Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current

There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.

Approved by:    portmgr (marcus)
Sun, 14 Mar 2004
[ 00:17 dougb ] Original commit 
1.24 dns/bind8/distinfo
1.32 dns/bind9/distinfo
1.9 editors/pico/distinfo
1.2 irc/sirc/distinfo
1.4 mail/pine-pgp-filters/distinfo
1.27 mail/pine4/distinfo
1.2 net/hawk/distinfo
1.9 print/hpijs/distinfo
1.4 sysutils/shlock/distinfo
Now that the SIZE thing has stabilized, add it to the ports I maintain.
Fri, 24 Oct 2003
[ 23:10 dougb ] Original commit 
1.54 dns/bind9/Makefile
1.31 dns/bind9/distinfo
Upgrade to the 9.2.3 release version
Thu, 25 Sep 2003
[ 05:08 dougb ] Original commit 
1.52 dns/bind9/Makefile
1.30 dns/bind9/distinfo
Upgrade to version 9.2.3rc4.

The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.

The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.

Number of commits found XX: 20

User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
dovecotAug 13
ilmbaseAug 13
openexrAug 13
jenkinsAug 12
jenkins-ltsAug 12
chromiumAug 11
puppetdb5Aug 11
bftpdAug 10
apache24*Aug 08
gitlab-ceAug 06
goAug 06
sqlite3*Aug 06
typo3-10Aug 04
typo3-9Aug 04
libX11Aug 01

14 vulnerabilities affecting 123 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2020-08-14 01:16:47

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 40315
Broken 86
Deprecated 587
Ignore 321
Forbidden 5
Restricted 147
Vulnerable 21
Expired 3
Set to expire 558
Interactive 0
new 24 hours 5
new 48 hours6
new 7 days29
new fortnight45
new month142

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2020 Dan Langille. All rights reserved.