From 180e2fcdc7fba9b47d94a88df00f5e61c7e07e44 Mon Sep 17 00:00:00 2001
From: erwin <erwin@FreeBSD.org>
Date: Wed, 27 Mar 2013 10:11:43 +0000
Subject: [PATCH] Update to 9.8.4-P2

Removed the check for regex.h in configure in order
to disable regex syntax checking, as it exposes
BIND to a critical flaw in libregex on some
platforms. [RT #32688]

Security:	CVE-2013-2266
Approved by:	delphij (mentor)
Sponsored by:	DK Hostmaster A/S
---
 contrib/bind9/CHANGES          | 7 +++++++
 contrib/bind9/config.h.in      | 3 ---
 contrib/bind9/configure.in     | 2 +-
 contrib/bind9/version          | 2 +-
 lib/bind/config.h              | 3 ---
 lib/bind/dns/code.h            | 2 +-
 lib/bind/dns/dns/enumclass.h   | 2 +-
 lib/bind/dns/dns/enumtype.h    | 2 +-
 lib/bind/dns/dns/rdatastruct.h | 2 +-
 9 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES
index 6d1ee3109994..bd064e5ff980 100644
--- a/contrib/bind9/CHANGES
+++ b/contrib/bind9/CHANGES
@@ -1,3 +1,10 @@
+	--- 9.8.4-P2 released ---
+
+3516.	[security]	Removed the check for regex.h in configure in order
+			to disable regex syntax checking, as it exposes
+			BIND to a critical flaw in libregex on some
+			platforms. [RT #32688]
+
 	--- 9.8.4-P1 released ---
 
 3407.	[security]	Named could die on specific queries with dns64 enabled.
diff --git a/contrib/bind9/config.h.in b/contrib/bind9/config.h.in
index e2f5999dabce..42d7a21fa5f4 100644
--- a/contrib/bind9/config.h.in
+++ b/contrib/bind9/config.h.in
@@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define if your OpenSSL version supports GOST. */
 #undef HAVE_OPENSSL_GOST
 
-/* Define to 1 if you have the <regex.h> header file. */
-#undef HAVE_REGEX_H
-
 /* Define to 1 if you have the `setegid' function. */
 #undef HAVE_SETEGID
 
diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in
index a0ec70020cc3..0567addc186e 100644
--- a/contrib/bind9/configure.in
+++ b/contrib/bind9/configure.in
@@ -298,7 +298,7 @@ esac
 
 AC_HEADER_STDC
 
-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
 [$ac_includes_default
 #ifdef HAVE_SYS_PARAM_H
 # include <sys/param.h>
diff --git a/contrib/bind9/version b/contrib/bind9/version
index 1090bee28cee..da686fa0a2d0 100644
--- a/contrib/bind9/version
+++ b/contrib/bind9/version
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=8
 PATCHVER=4
 RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2
diff --git a/lib/bind/config.h b/lib/bind/config.h
index 5e9d74b66010..bf6f8ce3fbb0 100644
--- a/lib/bind/config.h
+++ b/lib/bind/config.h
@@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define if your OpenSSL version supports GOST. */
 /* #undef HAVE_OPENSSL_GOST */
 
-/* Define to 1 if you have the <regex.h> header file. */
-#define HAVE_REGEX_H 1
-
 /* Define to 1 if you have the `setegid' function. */
 #define HAVE_SETEGID 1
 
diff --git a/lib/bind/dns/code.h b/lib/bind/dns/code.h
index a451eeb03031..99944ad52d6f 100644
--- a/lib/bind/dns/code.h
+++ b/lib/bind/dns/code.h
@@ -1,7 +1,7 @@
 /* $FreeBSD$ */
 
 /*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2003 Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
diff --git a/lib/bind/dns/dns/enumclass.h b/lib/bind/dns/dns/enumclass.h
index 7ee27fedd8bf..f9249ec495fa 100644
--- a/lib/bind/dns/dns/enumclass.h
+++ b/lib/bind/dns/dns/enumclass.h
@@ -1,7 +1,7 @@
 /* $FreeBSD$ */
 
 /*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2003 Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
diff --git a/lib/bind/dns/dns/enumtype.h b/lib/bind/dns/dns/enumtype.h
index 4c9a2f9b57fd..5ab36d18f859 100644
--- a/lib/bind/dns/dns/enumtype.h
+++ b/lib/bind/dns/dns/enumtype.h
@@ -1,7 +1,7 @@
 /* $FreeBSD$ */
 
 /*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2003 Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
diff --git a/lib/bind/dns/dns/rdatastruct.h b/lib/bind/dns/dns/rdatastruct.h
index 9504fa8c79c0..10cba31aff72 100644
--- a/lib/bind/dns/dns/rdatastruct.h
+++ b/lib/bind/dns/dns/rdatastruct.h
@@ -1,7 +1,7 @@
 /* $FreeBSD$ */
 
 /*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2003 Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any