Update to version 9.7.2-P3, the latest from ISC, which addresses

the following security vulnerabilities.

For more information regarding these issues please see:
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

1. Cache incorrectly allows ncache and rrsig for the same type

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613

   Affects resolver operators whose servers are open to potential
   attackers. Triggering the bug will cause the server to crash.

   This bug applies even if you do not have DNSSEC enabled.

2. Using "allow-query" in the "options" or "view" statements to
   restrict access to authoritative zones has no effect.

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615

   Affects authoritative server operators who wish to generally
   restrict queries to their authoritative zones, and are running
   9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
   end users to receive answers to queries they should not.

3. Key algorithm rollover

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614

   Affects resolver operators who have 9.7.2-P2 installed,
   are validating with DNSSEC, and querying zones which are
   in a key rollover period. The bug will cause answers to
   incorrectly be marked as insecure.

For the port:
1. Add CONFLICT for the ../bind-tools port
2. Switch to pkg-install to create the symlinks to /etc/namedb/ as
   requested in [1]

PR:		ports/151635 [1]
Submitted by:	Benjamin Lee <ben@b1c1l1.com> [1]

3 files changed, 21 insertions, 12 deletions

diff --git a/dns/bind97/Makefile b/dns/bind97/Makefile
index d7f3c26a3679..1530ada48c0c 100644
--- a/dns/bind97/Makefile
+++ b/dns/bind97/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME?=	bind97
-PORTVERSION=	9.7.2.2
+PORTVERSION=	9.7.2.3
 PORTREVISION?=	0
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
@@ -20,7 +20,7 @@ MAINTAINER=	dougb@FreeBSD.org
 COMMENT?=	The BIND DNS suite with updated DNSSEC and threads
 
 # ISC releases things like 9.4.0b3, which our versioning doesn't like
-ISCVERSION=	9.7.2-P2
+ISCVERSION=	9.7.2-P3
 
 MAKE_JOBS_UNSAFE=	yes
 
@@ -47,6 +47,7 @@ OPTIONS+=	LINKS "Create conf file symlinks in ${PREFIX}" on \
 		DLZ_LDAP "DLZ LDAP driver" off \
 		DLZ_FILESYSTEM "DLZ filesystem driver" off \
 		DLZ_STUB "DLZ stub driver" off
+CONFLICTS+=	bind-tools-9.*
 .endif
 
 # Just in case
@@ -221,12 +222,7 @@ post-install:
 	    ${WRKSRC}/README* ${DOCSDIR}/
 .endif
 .if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE)
-	${MKDIR} /var/named${PREFIX}/etc
-.for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc
-.for FILE in named.conf rndc.key
-	${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE}
-.endfor
-.endfor
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 .endif
 
 	@${CAT} ${PKGMESSAGE}
diff --git a/dns/bind97/distinfo b/dns/bind97/distinfo
index 5e760dd2c006..83d0f1dfcb2b 100644
--- a/dns/bind97/distinfo
+++ b/dns/bind97/distinfo
@@ -1,4 +1,4 @@
-SHA256 (bind-9.7.2-P2.tar.gz) = e6d5938184066fc793c28ff975e09e9721116aede2a2d6d93b1be5e8654a5c8a
-SIZE (bind-9.7.2-P2.tar.gz) = 7573857
-SHA256 (bind-9.7.2-P2.tar.gz.asc) = a9aa8ee425dbc4530acde04db818a13c2e9fe919dd700d3f472a852a3c2bbeba
-SIZE (bind-9.7.2-P2.tar.gz.asc) = 481
+SHA256 (bind-9.7.2-P3.tar.gz) = cd945f4766be664f4528ec065df626ad3624481695316ec8e13ad272f4abfb7e
+SIZE (bind-9.7.2-P3.tar.gz) = 7643996
+SHA256 (bind-9.7.2-P3.tar.gz.asc) = 3f9047dbd123f211b8f9d6b7cbb53f9d6db3cd713a6fc144644b0d87a75afe93
+SIZE (bind-9.7.2-P3.tar.gz.asc) = 481
diff --git a/dns/bind97/pkg-install b/dns/bind97/pkg-install
new file mode 100644
index 000000000000..fef4dba0bd3c
--- /dev/null
+++ b/dns/bind97/pkg-install
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+[ "$2" = 'POST-INSTALL' ] || exit 0
+
+/bin/mkdir -p /var/named${PKG_PREFIX}/etc
+
+for DIR in ${PKG_PREFIX}/etc /var/named${PKG_PREFIX}/etc; do
+	for FILE in named.conf rndc.key; do
+		/bin/ln -sf /etc/namedb/${FILE} ${DIR}/${FILE}
+	done
+done
+
+exit 0