bind: security bump to 9.11.4

Fixes CVE-2018-5738: When recursion is enabled but the allow-recursion
and allow-query-cache ACLs are not specified, they should be limited to
local networks, but they were inadvertently set to match the default
allow-query, thus allowing remote queries.

Update license file hash; copyright year update.

Add reference to tarball signature key.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/bind/bind.hash b/package/bind/bind.hash
index 199db704fe86b2b7f234ba1b5d4eb4fb3f00dc8f..78f80155215535f8379f1f7e80b326090418fbcb 100644 (file)
--- a/package/bind/bind.hash
+++ b/package/bind/bind.hash
@@ -1,3 +1,4 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.2-P1/bind-9.11.2-P1.tar.gz.sha256.asc
-sha256 cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 bind-9.11.2-P1.tar.gz
-sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
+# Verified from https://ftp.isc.org/isc/bind9/9.11.4/bind-9.11.4.tar.gz.asc
+# with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
+sha256 595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617 bind-9.11.4.tar.gz
+sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT

diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index 392ef321c23fec1df1e8748f6c9b13ddcc6fba97..c4429ef6cc7f27cefd94a58de2bb9508a5ba6c11 100644 (file)
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.2-P1
+BIND_VERSION = 9.11.4
 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)