FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=5-eol 2008-05-31T23:01:15Z 2008-05-31T23:01:15Z cvs2svn cvs2svn@FreeBSD.org 2008-05-31T23:01:15Z urn:sha1:a54fe1ca9c33931d7c4381a84ee11454f9831c08 2007-12-05T00:44:01Z Doug Barton dougb@FreeBSD.org 2007-12-05T00:44:01Z urn:sha1:538afbc5cebfd90b5e7ee928e54172adb7258f70 Pointy hat number N:M (where M = many) goes to: dougb Approved by: portmgr (erwin) 2007-12-03T09:43:44Z Doug Barton dougb@FreeBSD.org 2007-12-03T09:43:44Z urn:sha1:53fb30ab2d7132d74e8a009d8d346d3102786e7d http://www.isc.org/index.pl?/sw/bind/bind8-eol.php Therefore, per the previous announcement, remove the ports for BIND 8. This includes the chinese/bind8 slave port, and mail/smc-milter which has a dependency on libbind_r.a from BIND 8.x. The latter has been unmaintained since 2005, and is 3 versions behind. Approved by: portmgr (linimon) 2007-12-01T21:53:34Z Doug Barton dougb@FreeBSD.org 2007-12-01T21:53:34Z urn:sha1:5920e1781c023b5f76c921fc5898a0d8224a8139 file for more details. Approved by: portmgr (erwin) 2007-07-24T22:02:16Z Doug Barton dougb@FreeBSD.org 2007-07-24T22:02:16Z urn:sha1:83aa56c48faf0e726f652730c742a8d0e5034f1d 1. The default access control lists (acls) are not being correctly set. If not set anyone can make recursive queries and/or query the cache contents. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 2. The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 2007-07-23T09:36:51Z Rong-En Fan rafan@FreeBSD.org 2007-07-23T09:36:51Z urn:sha1:f935a609c53c5c6031e6848db95c7debed127e27 supports them. This is determined by running ``configure --help'' in do-configure target and set the shell variable _LATE_CONFIGURE_ARGS which is then passed to CONFIGURE_ARGS. - Remove --mandir and --infodir in ports' Makefile where applicable Few ports use REINPLACE_CMD to achieve the same effect, remove them too. - Correct some manual pages location from PREFIX/man to MANPREFIX/man - Define INFO_PATH where necessary - Document that .info files are installed in a subdirectory relative to PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and subdirectory detection. PR: ports/111470 Approved by: portmgr Discussed with: stas (Mk/*), gerald (info related stuffs) Tested by: pointyhat exp run 2007-05-01T01:00:01Z Doug Barton dougb@FreeBSD.org 2007-05-01T01:00:01Z urn:sha1:086ad81b2c0d9759c8686fe6e1b8dff74440db10 2172. [bug] query_addsoa() was being called with a non zone db. [RT #16834] If you are running BIND 9.4.0 (either pre-release or final), you are advised to upgrade as soon as possible to BIND 9.4.1. 2007-02-26T07:57:58Z Doug Barton dougb@FreeBSD.org 2007-02-26T07:57:58Z urn:sha1:d192a302c635dc39b5554aa351dfb8c7872ba000 2007-01-28T22:45:54Z Doug Barton dougb@FreeBSD.org 2007-01-28T22:45:54Z urn:sha1:79a046498ac54e1bd1fc55fbd3743aac4d768405 2007-01-25T01:57:42Z Doug Barton dougb@FreeBSD.org 2007-01-25T01:57:42Z urn:sha1:b7bd2982800fb8c226457a7c7af10a774aaf50ff following security issues. All users of BIND are encouraged to upgrade to this version. 2126. [security] Serialise validation of type ANY responses. [RT #16555] 2124. [security] It was possible to dereference a freed fetch context. [RT #16584] 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. [RT #16391] 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] 2066. [security] Handle SIG queries gracefully. [RT #16300] 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642]