projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3da9d6f)
bind: security bump to version 9.11.5
authorPeter Korsgaard <peter@korsgaard.com>
Wed, 7 Nov 2018 14:38:12 +0000 (15:38 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 7 Nov 2018 22:04:06 +0000 (23:04 +0100)
Fixes the following security issues:

- CVE-2018-5738: Some versions of BIND can improperly permit recursive query
  service to unauthorized clients

- CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an
  INSIST assertion failure in named

For more details, see the release notes:

https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html

Drop patch 0003-Rename-ptrsize-to-ptr_size.patch as the uClibc-ng issue was
fixed upstream in commit 931fd627f6195 (mips: fix clashing symbols), which
is included in uclibc-1.0.12 (January 2016).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/bind/0001-cross.patch [new file with mode: 0644] patch | blob
package/bind/0002-cross.patch [deleted file] patch | blob | history
package/bind/0003-Rename-ptrsize-to-ptr_size.patch [deleted file] patch | blob | history
package/bind/bind.hash patch | blob | history
package/bind/bind.mk patch | blob | history

diff --git a/package/bind/0001-cross.patch b/package/bind/0001-cross.patch
new file mode 100644 (file)
index 0000000..5b4b1cd
--- /dev/null
+++ b/package/bind/0001-cross.patch
@@ -0,0 +1,18 @@
+Use host compiler to build 'gen' since it's run when building.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura bind-9.5.1-P1/lib/dns/Makefile.in bind-9.5.1-P1.gencross/lib/dns/Makefile.in
+--- bind-9.5.1-P1/lib/dns/Makefile.in  2007-09-11 22:09:08.000000000 -0300
++++ bind-9.5.1-P1.gencross/lib/dns/Makefile.in 2009-03-04 16:35:23.000000000 -0200
+@@ -160,8 +160,8 @@
+       ./gen -s ${srcdir} > code.h
+
+ gen: gen.c
+-      ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+-      ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
++      ${HOSTCC} ${HOST_CFLAGS} -I${top_srcdir}/lib/isc/include \
++      ${HOST_LDFLAGS} -o $@ ${srcdir}/gen.c
+
+ rbtdb64.@O@: rbtdb.c
+
diff --git a/package/bind/0002-cross.patch b/package/bind/0002-cross.patch
deleted file mode 100644 (file)
index 5b4b1cd..0000000
--- a/package/bind/0002-cross.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Use host compiler to build 'gen' since it's run when building.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -Nura bind-9.5.1-P1/lib/dns/Makefile.in bind-9.5.1-P1.gencross/lib/dns/Makefile.in
---- bind-9.5.1-P1/lib/dns/Makefile.in  2007-09-11 22:09:08.000000000 -0300
-+++ bind-9.5.1-P1.gencross/lib/dns/Makefile.in 2009-03-04 16:35:23.000000000 -0200
-@@ -160,8 +160,8 @@
-       ./gen -s ${srcdir} > code.h
-
- gen: gen.c
--      ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
--      ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
-+      ${HOSTCC} ${HOST_CFLAGS} -I${top_srcdir}/lib/isc/include \
-+      ${HOST_LDFLAGS} -o $@ ${srcdir}/gen.c
-
- rbtdb64.@O@: rbtdb.c
-
diff --git a/package/bind/0003-Rename-ptrsize-to-ptr_size.patch b/package/bind/0003-Rename-ptrsize-to-ptr_size.patch
deleted file mode 100644 (file)
index e3b58e2..0000000
--- a/package/bind/0003-Rename-ptrsize-to-ptr_size.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 254dc19788ba2a03504fc6d1036fef477a60035f Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Fri, 22 Jan 2016 08:31:02 -0300
-Subject: [PATCH] Rename ptrsize to ptr_size
-
-This is to compensate for a uClibc mess caused by commit
-70a04a287a2875c82e6822c36e071afba5b63a62 where ptrsize is defined for
-mips, hence causing build breakage under certain conditions for programs
-that use this variable name.
-
-Status: definitely not upstreamable.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
- lib/dns/rbt.c   | 6 +++---
- lib/dns/rbtdb.c | 4 ++--
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
-index 86b5183..5fd55de 100644
---- a/lib/dns/rbt.c
-+++ b/lib/dns/rbt.c
-@@ -113,7 +113,7 @@ struct file_header {
-        * information about the system on which the map file was generated
-        * will be used to tell if we can load the map file or not
-        */
--      isc_uint32_t ptrsize;
-+      isc_uint32_t ptr_size;
-       unsigned int bigendian:1;       /* big or little endian system */
-       unsigned int rdataset_fixed:1;  /* compiled with --enable-rrset-fixed */
-       unsigned int nodecount;         /* shadow from rbt structure */
-@@ -517,7 +517,7 @@ write_header(FILE *file, dns_rbt_t *rbt, isc_uint64_t first_node_offset,
-       memmove(header.version1, FILE_VERSION, sizeof(header.version1));
-       memmove(header.version2, FILE_VERSION, sizeof(header.version2));
-       header.first_node_offset = first_node_offset;
--      header.ptrsize = (isc_uint32_t) sizeof(void *);
-+      header.ptr_size = (isc_uint32_t) sizeof(void *);
-       header.bigendian = (1 == htonl(1)) ? 1 : 0;
- #ifdef DNS_RDATASET_FIXED
-@@ -902,7 +902,7 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
-       }
- #endif
--      if (header->ptrsize != (isc_uint32_t) sizeof(void *)) {
-+      if (header->ptr_size != (isc_uint32_t) sizeof(void *)) {
-               result = ISC_R_INVALIDFILE;
-               goto cleanup;
-       }
-diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
-index c7168cb..dbcf944 100644
---- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -114,7 +114,7 @@ typedef struct rbtdb_file_header rbtdb_file_header_t;
- struct rbtdb_file_header {
-       char version1[32];
--      isc_uint32_t ptrsize;
-+      isc_uint32_t ptr_size;
-       unsigned int bigendian:1;
-       isc_uint64_t tree;
-       isc_uint64_t nsec;
-@@ -7593,7 +7593,7 @@ rbtdb_write_header(FILE *rbtfile, off_t tree_location, off_t nsec_location,
-       memset(&header, 0, sizeof(rbtdb_file_header_t));
-       memmove(header.version1, FILE_VERSION, sizeof(header.version1));
-       memmove(header.version2, FILE_VERSION, sizeof(header.version2));
--      header.ptrsize = (isc_uint32_t) sizeof(void *);
-+      header.ptr_size = (isc_uint32_t) sizeof(void *);
-       header.bigendian = (1 == htonl(1)) ? 1 : 0;
-       header.tree = (isc_uint64_t) tree_location;
-       header.nsec = (isc_uint64_t) nsec_location;
--- 
-2.4.10
-
diff --git a/package/bind/bind.hash b/package/bind/bind.hash
index 19d5f61f6d5da3306d707cf9b970a416aa5a1ead..ea76108cc00de403ba2550c53068522c40236f2e 100644 (file)
--- a/package/bind/bind.hash
+++ b/package/bind/bind.hash
@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc
+# Verified from https://ftp.isc.org/isc/bind9/9.11.5/bind-9.11.5.tar.gz.asc
 # with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
-sha256 a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811 bind-9.11.4-P2.tar.gz
+sha256 a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 bind-9.11.5.tar.gz
 sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT
diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index 95f615bf818a17185b0679a0fd695b0f22783a44..19d9d1cf5c1914e2b4292f686cbad0bb91d3760f 100644 (file)
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.4-P2
+BIND_VERSION = 9.11.5
 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)