Subject: Re: security/11459: possible fix for remote DoS attack in BIND-8.2.2-P5
To: None <itojun@iijlab.net>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 11/10/2000 03:18:32
[ On Friday, November 10, 2000 at 16:50:49 (+0900), itojun@iijlab.net wrote: ]
> Subject: Re: security/11459: possible fix for remote DoS attack in BIND-8.2.2-P5
>
> do you have any preference in importing 822P7? is it okay if I import
> it into src/dist/bind today, or should i wait a little bit?
Well it's passing all my tests without any local changes so I'd say it's
good to import. I'm going to build it and deploy it a little wider
tomorrow but there should be no harm in importing even if a new release
is made available in a day or two (other than the extra effort, of
course, though having the full history in the repo isn't a bad thing).
The pkgsrc/net/bind8 module should be updated ASAP too I think. It
shouldn't need any other changes (other updating than the version ID) as
far I can see. Perhaps something like this (I'm not 100% sure my
makefile is up to date, but the changes are of course rather obvious):
Index: Makefile
===================================================================
RCS file: /cvs/NetBSD/pkgsrc/net/bind8/Makefile,v
retrieving revision 1.1.1.2
diff -c -u -r1.1.1.2 Makefile
--- Makefile 2000/01/07 19:37:18 1.1.1.2
+++ Makefile 2000/11/10 08:11:48
@@ -5,10 +5,10 @@
#
DISTNAME= bind
-PKGNAME= bind-8.2.2p5
+PKGNAME= bind-8.2.2p7
WRKSRC= ${WRKDIR}/src
CATEGORIES= net
-MASTER_SITES= ftp://ftp.isc.org/isc/bind/src/8.2.2-P5/
+MASTER_SITES= ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/
DISTFILES= ${DISTNAME}-src.tar.gz ${DISTNAME}-doc.tar.gz
MAINTAINER= packages@NetBSD.org
@@ -16,7 +16,7 @@
Y2K= http://www.isc.org/ISC/y2k.html
-DIST_SUBDIR= bind/8.2.2-P5
+DIST_SUBDIR= bind/8.2.2-P7
EXTRACT_ONLY= ${DISTNAME}-src.tar.gz ${DISTNAME}-doc.tar.gz
post-build:
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>