From fcbd7a33209fec710018a4fb25a72bf507d4f95e Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Tue, 16 Feb 2010 05:14:51 +0000 Subject: Upgrade to BIND 9.4-ESV. This version incorporates all bug and security fixes since the release of 9.4.3, including the most recent -P5 security fix detailed below. From the README: BIND 9.4-ESV will be supported until December 31, 2010, at which time you will need to upgrade to the current release of BIND. This versions address the following vulnerabilities: BIND 9 Cache Update from Additional Section https://www.isc.org/advisories/CVE-2009-4022v6 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses https://www.isc.org/advisories/CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly These issues only affect systems with DNSSEC validation enabled. Approved by: re (kensmith) --- contrib/bind9/lib/isc/unix/resource.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'contrib/bind9/lib/isc/unix/resource.c') diff --git a/contrib/bind9/lib/isc/unix/resource.c b/contrib/bind9/lib/isc/unix/resource.c index e9bc5fd6bd17..0a51e4fcaf6c 100644 --- a/contrib/bind9/lib/isc/unix/resource.c +++ b/contrib/bind9/lib/isc/unix/resource.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resource.c,v 1.12.18.6 2008/08/05 07:17:05 marka Exp $ */ +/* $Id: resource.c,v 1.12.18.8 2009/02/13 23:46:06 tbox Exp $ */ #include @@ -159,7 +159,11 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) { if (unixresult == 0) return (ISC_R_SUCCESS); } -#elif defined(NR_OPEN) && defined(__linux__) +#elif defined(__linux__) +#ifndef NR_OPEN +#define NR_OPEN (1024*1024) +#endif + /* * Some Linux kernels don't accept RLIM_INFINIT; the maximum * possible value is the NR_OPEN defined in linux/fs.h. -- cgit v1.2.3