From b10e78bdbfe8e3aea51df01a9dd75a62ba942dda Mon Sep 17 00:00:00 2001 From: Erwin Lansing Date: Fri, 20 Sep 2013 08:20:36 +0000 Subject: Update to 9.6-ESV-R10 Security Fixes Prevents exploitation of a runtime_check which can crash named when satisfying a recursive query for particular malformed zones. (CVE-2013-3919) [RT #33690] Feature Changes rndc status now also shows the build-id. [RT #20422] Improved OPT pseudo-record processing to make it easier to support new EDNS options. [RT #34414] "configure" now finishes by printing a summary of optional BIND features and whether they are active or inactive. ("configure --enable-full-report" increases the verbosity of the summary.) [RT #31777] Addressed compatibility issues with newer versions of Microsoft Visual Studio. [RT #33916] Improved the 'rndc' man page. [RT #33506] 'named -g' now no longer works with an invalid logging configuration. [RT #33473] The default (and minimum) value for tcp-listen-queue is now 10 instead of 3. This is a subtle control setting (not applicable to all OS environments). When there is a high rate of inbound TCP connections, it controls how many connections can be queued before they are accepted by named. Once this limit is exceeded, new TCP connections will be rejected. Note however that a value of 10 does not imply a strict limit of 10 queued TCP connections - the impact of changing this configuration setting will be OS-dependent. Larger values for tcp-listen queue will permit more pending tcp connections, which may be needed where there is a high rate of TCP-based traffic (for example in a dynamic environment where there are frequent zone updates and transfers). For most production servers the new default value of 10 should be adequate. [RT #33029] --- dns/bind96/Makefile | 4 ++-- dns/bind96/distinfo | 4 ++-- dns/bind96/pkg-plist | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'dns') diff --git a/dns/bind96/Makefile b/dns/bind96/Makefile index ebea70cc582c..63cefad73ba6 100644 --- a/dns/bind96/Makefile +++ b/dns/bind96/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bind96 -PORTVERSION= 9.6.3.2.ESV.R9 +PORTVERSION= 9.6.3.2.ESV.R10 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -13,7 +13,7 @@ COMMENT= BIND DNS suite with updated DNSSEC and threads LICENSE= ISCL # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.6-ESV-R9-P1 +ISCVERSION= 9.6-ESV-R10 MAKE_JOBS_UNSAFE= yes diff --git a/dns/bind96/distinfo b/dns/bind96/distinfo index e42cab46e3e9..9f5f0a6161af 100644 --- a/dns/bind96/distinfo +++ b/dns/bind96/distinfo @@ -1,2 +1,2 @@ -SHA256 (bind-9.6-ESV-R9-P1.tar.gz) = f7957ada381d09ec8f38155f8d630935072746a75fc51008a175443c13825f78 -SIZE (bind-9.6-ESV-R9-P1.tar.gz) = 6410296 +SHA256 (bind-9.6-ESV-R10.tar.gz) = f34e24a7d4bd41eedd7b781fbca3f8dc29e6f677be3b9f418f8581debbc4a66c +SIZE (bind-9.6-ESV-R10.tar.gz) = 6420776 diff --git a/dns/bind96/pkg-plist b/dns/bind96/pkg-plist index 7d47ffc1d772..4c423f876ba6 100644 --- a/dns/bind96/pkg-plist +++ b/dns/bind96/pkg-plist @@ -139,11 +139,13 @@ include/isc/resource.h include/isc/result.h include/isc/resultclass.h include/isc/rwlock.h +include/isc/safe.h include/isc/serial.h include/isc/sha1.h include/isc/sha2.h include/isc/sockaddr.h include/isc/socket.h +include/isc/stat.h include/isc/stdio.h include/isc/stdlib.h include/isc/stdtime.h -- cgit v1.2.3