[Midnightbsd-cvs] src: /src: MidnightBSD 0.2.1-p6: Bind security update
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Jan 15 11:16:49 EST 2009
Log Message:
-----------
MidnightBSD 0.2.1-p6: Bind security update
Tags:
----
RELENG_0_2
Modified Files:
--------------
src:
UPDATING (r1.38.2.14 -> r1.38.2.15)
src/sys/conf:
newvers.sh (r1.3.2.8 -> r1.3.2.9)
src/contrib/bind9/lib/dns:
openssldsa_link.c (r1.1.1.4 -> r1.1.1.4.2.1)
opensslrsa_link.c (r1.1.1.4 -> r1.1.1.4.2.1)
-------------- next part --------------
Index: newvers.sh
===================================================================
RCS file: /home/cvs/src/sys/conf/newvers.sh,v
retrieving revision 1.3.2.8
retrieving revision 1.3.2.9
diff -L sys/conf/newvers.sh -L sys/conf/newvers.sh -u -r1.3.2.8 -r1.3.2.9
--- sys/conf/newvers.sh
+++ sys/conf/newvers.sh
@@ -33,7 +33,7 @@
TYPE="MidnightBSD"
REVISION="0.2.1"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Index: UPDATING
===================================================================
RCS file: /home/cvs/src/UPDATING,v
retrieving revision 1.38.2.14
retrieving revision 1.38.2.15
diff -L UPDATING -L UPDATING -u -r1.38.2.14 -r1.38.2.15
--- UPDATING
+++ UPDATING
@@ -3,6 +3,12 @@
Items affecting the mports and packages system can be found in
/usr/mports/UPDATING.
+20090115:
+ MidnightBSD 0.2.1-RELEASE-p6
+
+ Correct an issue with BIND that allows for DNSSEC spoofing
+ attacks.
+
20090110:
MidnightBSD 0.2.1-RELEASE-p5
Index: opensslrsa_link.c
===================================================================
RCS file: /home/cvs/src/contrib/bind9/lib/dns/opensslrsa_link.c,v
retrieving revision 1.1.1.4
retrieving revision 1.1.1.4.2.1
diff -L contrib/bind9/lib/dns/opensslrsa_link.c -L contrib/bind9/lib/dns/opensslrsa_link.c -u -r1.1.1.4 -r1.1.1.4.2.1
--- contrib/bind9/lib/dns/opensslrsa_link.c
+++ contrib/bind9/lib/dns/opensslrsa_link.c
@@ -246,7 +246,7 @@
status = RSA_verify(type, digest, digestlen, sig->base,
RSA_size(rsa), rsa);
- if (status == 0)
+ if (status != 1)
return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
return (ISC_R_SUCCESS);
Index: openssldsa_link.c
===================================================================
RCS file: /home/cvs/src/contrib/bind9/lib/dns/openssldsa_link.c,v
retrieving revision 1.1.1.4
retrieving revision 1.1.1.4.2.1
diff -L contrib/bind9/lib/dns/openssldsa_link.c -L contrib/bind9/lib/dns/openssldsa_link.c -u -r1.1.1.4 -r1.1.1.4.2.1
--- contrib/bind9/lib/dns/openssldsa_link.c
+++ contrib/bind9/lib/dns/openssldsa_link.c
@@ -133,7 +133,7 @@
status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
DSA_SIG_free(dsasig);
- if (status == 0)
+ if (status != 1)
return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
return (ISC_R_SUCCESS);
More information about the Midnightbsd-cvs
mailing list