Hello fellow djbdns happy users,
Dan Bernstein, the developer, acknowledged a security flaw in djbdns and posted a patch on the gmane.network.djbdns newsgroup.
Dan surely made good on his word and already mailed a $1,000 check to Matthew Dempsky, the lucky (and smart) happy user who pointed out this flaw here.
Edit: still no new version in ports so until further notice from the port maintainer, I recommend the following:
save the patch in a file named "patch-something",
drop this file in /usr/ports/dns/djbdns/files,
make,
make deinstall
make reinstall
and run /user/local/etc/rc.d/svscan.sh restart.
Edit 2: a new version is in ports.
Dan Bernstein, the developer, acknowledged a security flaw in djbdns and posted a patch on the gmane.network.djbdns newsgroup.
Dan surely made good on his word and already mailed a $1,000 check to Matthew Dempsky, the lucky (and smart) happy user who pointed out this flaw here.
Edit: still no new version in ports so until further notice from the port maintainer, I recommend the following:
save the patch in a file named "patch-something",
drop this file in /usr/ports/dns/djbdns/files,
make,
make deinstall
make reinstall
and run /user/local/etc/rc.d/svscan.sh restart.
Edit 2: a new version is in ports.