From nobody@FreeBSD.org  Wed Jan 20 06:37:33 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 492FB106568F
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Jan 2010 06:37:33 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1E3F98FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Jan 2010 06:37:33 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o0K6bW2j008183
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Jan 2010 06:37:32 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o0K6bWGH008182;
	Wed, 20 Jan 2010 06:37:32 GMT
	(envelope-from nobody)
Message-Id: <201001200637.o0K6bWGH008182@www.freebsd.org>
Date: Wed, 20 Jan 2010 06:37:32 GMT
From: Andrei Lavreniyuk <andy.lavr@reactor-xg.kiev.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [UPDATE] ports/dns/bind95
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         143001
>Category:       ports
>Synopsis:       [UPDATE] ports/dns/bind95
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 20 06:40:07 UTC 2010
>Closed-Date:    Mon Jan 25 00:30:04 UTC 2010
>Last-Modified:  Mon Jan 25 00:30:04 UTC 2010
>Originator:     Andrei Lavreniyuk
>Release:        FreeBSD 8.0-STABLE
>Organization:
Technica-03, Inc.
>Environment:
FreeBSD datacenter.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Jan  9 10:23:32 EET 2010     root@datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64  amd64
>Description:
 BIND 9.5.2-P2 is now available.

BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

        Bugs should be reported to bind9-bugs@isc.org.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341.

Information about these vulnerabilities can be found at:

        https://www.isc.org/advisories/CVE-2009-4022v6
        https://www.isc.org/advisories/CVE-2010-0097

BIND 9.5.2-P2 can be downloaded from:

	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz

PGP signatures of the distribution are at:

	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.sha512.asc

The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip

PGP signatures of the binary kit are at:
	
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.sha512.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.sha512.asc

Changes since 9.5.2-P1:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dougb 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Wed Jan 20 06:40:22 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=143001 

From: Takefu <takefu@airport.fm>
To: bug-followup@FreeBSD.org, andy.lavr@reactor-xg.kiev.ua
Cc:  
Subject: Re: ports/143001: [UPDATE] ports/dns/bind95
Date: Wed, 20 Jan 2010 16:43:34 +0900

 diff -rubN /usr/ports/dns/bind95/Makefile bind95/Makefile
 --- /usr/ports/dns/bind95/Makefile	2010-01-06 16:20:34.000000000 +0900
 +++ bind95/Makefile	2010-01-20 16:23:48.000000000 +0900
 @@ -12,7 +12,7 @@
  # release you can generally build it cleanly from the source - Doug
 
  PORTNAME=	bind95
 -PORTVERSION=	9.5.2.1
 +PORTVERSION=	9.5.2.2
  CATEGORIES=	dns net ipv6
  MASTER_SITES=	${MASTER_SITE_ISC} \
  		http://dougbarton.us/Downloads/%SUBDIR%/
 @@ -25,7 +25,7 @@
  COMMENT=	The BIND DNS suite with updated DNSSEC and threads
 
  # ISC releases things like 9.4.0b3, which our versioning doesn't like
 -ISCVERSION=	9.5.2-P1
 +ISCVERSION=	9.5.2-P2
 
  MAKE_JOBS_UNSAFE=	yes
 
 diff -rubN /usr/ports/dns/bind95/distinfo bind95/distinfo
 --- /usr/ports/dns/bind95/distinfo	2009-12-01 08:16:14.000000000 +0900
 +++ bind95/distinfo	2010-01-20 16:24:40.000000000 +0900
 @@ -1,6 +1,6 @@
 -MD5 (bind-9.5.2-P1.tar.gz) = e3c691aa8d6b1a7ad4691fbb49f3cc58
 -SHA256 (bind-9.5.2-P1.tar.gz) = ad892a8914fe6765621e0fa01b4acec5cf5487157ce93734f3f7d47ecccae5a0
 -SIZE (bind-9.5.2-P1.tar.gz) = 6799718
 -MD5 (bind-9.5.2-P1.tar.gz.asc) = 21382fa45433a2272171e8e718824335
 -SHA256 (bind-9.5.2-P1.tar.gz.asc) = 3600ed113c6ebd95e0d72fcd5bce9c238e29a9be8579e9110079db5dc440f491
 -SIZE (bind-9.5.2-P1.tar.gz.asc) = 481
 +MD5 (bind-9.5.2-P2.tar.gz) = 67f228a9083de7509dacd87256060afb
 +SHA256 (bind-9.5.2-P2.tar.gz) = 8d980a864c83212e4ab68675dd2bda5c6828b3785e7111142a0a83a0a4b63100
 +SIZE (bind-9.5.2-P2.tar.gz) = 6674868
 +MD5 (bind-9.5.2-P2.tar.gz.asc) = 4335c30ed5514381db789612523b4adf
 +SHA256 (bind-9.5.2-P2.tar.gz.asc) = 860e68fd3d7089521c8c280cf4ad8461c24c2704d4f7a85314e18c5914f44e0a
 +SIZE (bind-9.5.2-P2.tar.gz.asc) = 481
 
 
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Mon Jan 25 00:29:41 UTC 2010 
State-Changed-Why:  

I've committed the update, however FYI it's not necessary to send these. 
We get advanced notification of pending updates already.  

In any case, thanks for your interest in making FreeBSD better. 


Regards, 

Doug 


http://www.freebsd.org/cgi/query-pr.cgi?pr=143001 
>Unformatted:
