freebsd-ports/dns/bind9
Doug Barton 49b20cc2f2 Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):

Description:
	Because of OpenSSL's recently announced vulnerabilities
	(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
	we are announcing this workaround and releasing patches.  A proof of
	concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

	OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
	Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
	RSAMD5 keys for all old keys using the old default exponent
	and perform a key rollover to these new keys.

	These versions also change the default RSA exponent to be
	65537 which is not vulnerable to the attacks described in
	CAN-2006-4339.
2006-11-03 07:47:21 +00:00
..
distinfo Update to version 9.3.2-P2, which addresses the vulnerability 2006-11-03 07:47:21 +00:00
Makefile Update to version 9.3.2-P2, which addresses the vulnerability 2006-11-03 07:47:21 +00:00
pkg-descr
pkg-message
pkg-plist Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry 2006-01-22 01:55:36 +00:00