Re: FreeBSD Security Advisory FreeBSD-SA-06:20.bind



Peter Thoenen wrote:
Just to verify as not mentioned in the security advisory, if you are
using both the BIND and OPENSSL ports with the REPLACE_BASE directive,
these don't apply correct?

Assuming you've updated to the 9.3.2-P1 version (ports version 9.3.2.1) of
BIND 9, then yes for the BIND part of the advisory. The BIND ports with
REPLACE_BASE will overwrite all the system binaries, and actually install a
couple things that the base doesn't (not that I'd expect anyone would need
or want them, I just don't like to muck with the ports more than absolutely
necessary).

For completeness sake, I should note that what I said up there is not 100%
accurate in the case where you have BIND 8 in the base (such as in
RELENG_4), and try to replace it with BIND 9, or vice versa. In that case,
you're better off first doing a build/installworld with the NO_BIND option
set in make.conf, removing all the old binaries, libs, and includes; and
then installing the port.

hth,

Doug

--

This .signature sanitized for your protection

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: stuck /etc/rc autoboot processes
    ... I've been busy either patching boxes for the BIND ... Why cvsup and not csup? ... You may want to do this for ports as well, ... Welcome to why I never bother to install src or ports from CD/DVD, ...
    (freebsd-stable)
  • Re: Results of BIND RFC
    ... Doug pulling BIND out of the base system / going ports-only = excellent. ... I like being able to install FreeBSD and have a well ... On the other hand, for complex, heavy duty ports, keeping up to date ...
    (freebsd-arch)
  • Re: Results of BIND RFC
    ... Doug pulling BIND out of the base system / going ports-only = excellent. ... I like being able to install FreeBSD and have a well ... On the other hand, for complex, heavy duty ports, keeping up to date ...
    (freebsd-current)
  • Re: Results of BIND RFC
    ... Doug pulling BIND out of the base system / going ports-only = excellent. ... I like being able to install FreeBSD and have a well ... On the other hand, for complex, heavy duty ports, keeping up to date ...
    (freebsd-stable)
  • Re: BIND chroot environment in 10-RELEASE...gone?
    ... to take away the supported chroot capabilities. ... I have no issues with removing BIND from base, ... ports, so that people who need to run a full-blown BIND installation can ... I think we have all the tools available, so it is probably just a matter ...
    (freebsd-stable)