From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Fri, 19 Jul 2013 19:41:20 +0000 (-0300)
Subject: bind: security bump to version 9.6-ESV-R9-P1
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=98463e6f87ee6a8369accd0ab4c34d70afe422c4;p=buildroot.git

bind: security bump to version 9.6-ESV-R9-P1

Fixes CVE-2013-3919

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
---

diff --git a/package/bind/S81named b/package/bind/S81named
new file mode 100644
index 0000000000..0160c11440
--- /dev/null
+++ b/package/bind/S81named
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# System-V init to control the bind DNS Daemon
+#
+
+NAME=named
+DAEMON=/usr/sbin/$NAME
+
+# this file contains a few tunable parameters
+test -r /etc/default/named && . /etc/default/named
+
+test -f $DAEMON || exit 0
+
+set -e
+
+case "$1" in
+	start)
+		test -z "$CHROOT" || ARGS="$ARGS -t $CHROOT"
+		test -z "$SETUID" || ARGS="$ARGS -u $SETUID"
+		if [ ! -f $CHROOT/etc/rndc.key ]; then
+		    echo "Initializing $NAME control key: rndc-confgen"
+		    set +e
+
+                    # if rndc.key is a symlink, the target must exist
+		    touch $CHROOT/etc/rndc.key
+		    touch etc/rndc.key
+
+		    rndc-confgen -a -r /dev/urandom $ARGS || true
+		    set -e
+		fi
+		test -z "$CONF" || ARGS="$ARGS -c $CONF"
+		echo -n "Starting domain name daemon: $NAME"
+		trap 'echo failed' 0
+		start-stop-daemon -S -x $DAEMON -- $ARGS
+		trap - 0
+		echo "."
+		;;
+	stop)
+		echo -n "Stopping domain name daemon: $NAME"
+		rndc stop || start-stop-daemon -K -x $DAEMON
+		echo "."
+		;;
+	restart)
+		$0 stop || true
+		sleep 2
+		$0 start
+		;;
+	reload|force-reload)
+		rndc reload || $0 restart
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|reload|force-reload}"
+		exit 1
+esac
+
+exit 0
diff --git a/package/bind/bind-01-disable-tests.patch b/package/bind/bind-01-disable-tests.patch
new file mode 100644
index 0000000000..9c3d52ed7d
--- /dev/null
+++ b/package/bind/bind-01-disable-tests.patch
@@ -0,0 +1,16 @@
+Disable tests to avoid cross-compilation issues (tries to run genrandom).
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura bind-9.6-ESV-R9-P1.orig/bin/Makefile.in bind-9.6-ESV-R9-P1/bin/Makefile.in
+--- bind-9.6-ESV-R9-P1.orig/bin/Makefile.in	2013-06-04 15:30:48.000000000 -0300
++++ bind-9.6-ESV-R9-P1/bin/Makefile.in	2013-07-19 15:32:19.018287733 -0300
+@@ -19,7 +19,7 @@
+ VPATH =		@srcdir@
+ top_srcdir =	@top_srcdir@
+
+-SUBDIRS =	named rndc dig dnssec tests nsupdate check
++SUBDIRS =	named rndc dig dnssec nsupdate check
+ TARGETS =
+
+ @BIND9_MAKE_RULES@
diff --git a/package/bind/bind-02-cross.patch b/package/bind/bind-02-cross.patch
new file mode 100644
index 0000000000..5b4b1cd836
--- /dev/null
+++ b/package/bind/bind-02-cross.patch
@@ -0,0 +1,18 @@
+Use host compiler to build 'gen' since it's run when building.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura bind-9.5.1-P1/lib/dns/Makefile.in bind-9.5.1-P1.gencross/lib/dns/Makefile.in
+--- bind-9.5.1-P1/lib/dns/Makefile.in	2007-09-11 22:09:08.000000000 -0300
++++ bind-9.5.1-P1.gencross/lib/dns/Makefile.in	2009-03-04 16:35:23.000000000 -0200
+@@ -160,8 +160,8 @@
+ 	./gen -s ${srcdir} > code.h
+
+ gen: gen.c
+-	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+-	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
++	${HOSTCC} ${HOST_CFLAGS} -I${top_srcdir}/lib/isc/include \
++	${HOST_LDFLAGS} -o $@ ${srcdir}/gen.c
+
+ rbtdb64.@O@: rbtdb.c
+
diff --git a/package/bind/bind-cross.patch b/package/bind/bind-cross.patch
deleted file mode 100644
index cdbf4cb899..0000000000
--- a/package/bind/bind-cross.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -Nura bind-9.5.1-P1/lib/dns/Makefile.in bind-9.5.1-P1.gencross/lib/dns/Makefile.in
---- bind-9.5.1-P1/lib/dns/Makefile.in	2007-09-11 22:09:08.000000000 -0300
-+++ bind-9.5.1-P1.gencross/lib/dns/Makefile.in	2009-03-04 16:35:23.000000000 -0200
-@@ -160,8 +160,8 @@
- 	./gen -s ${srcdir} > code.h
- 
- gen: gen.c
--	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
--	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
-+	${HOSTCC} ${HOST_CFLAGS} -I${top_srcdir}/lib/isc/include \
-+	${HOST_LDFLAGS} -o $@ ${srcdir}/gen.c
- 
- rbtdb64.@O@: rbtdb.c
- 
diff --git a/package/bind/bind-susv3-legacy.patch b/package/bind/bind-susv3-legacy.patch
deleted file mode 100644
index 99be15c6f6..0000000000
--- a/package/bind/bind-susv3-legacy.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Nura bind-9.5.2-P1/lib/isc/unix/ifiter_ioctl.c bind-9.5.2-P1.nosusv3/lib/isc/unix/ifiter_ioctl.c
---- bind-9.5.2-P1/lib/isc/unix/ifiter_ioctl.c	2009-02-15 22:53:58.000000000 -0200
-+++ bind-9.5.2-P1.nosusv3/lib/isc/unix/ifiter_ioctl.c	2009-12-03 13:12:56.000000000 -0300
-@@ -17,6 +17,8 @@
- 
- /* $Id: ifiter_ioctl.c,v 1.58.90.3 2009/02/16 00:53:58 marka Exp $ */
- 
-+#include <string.h>
-+
- /*! \file
-  * \brief
-  * Obtain the list of network interfaces using the SIOCGLIFCONF ioctl.
diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index 973981a9b1..4137093c62 100644
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -1,10 +1,10 @@
-################################################################################
+###############################################################################
 #
 # bind
 #
 ################################################################################
 
-BIND_VERSION = 9.6-ESV-R8
+BIND_VERSION = 9.6-ESV-R9-P1
 BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 BIND_MAKE = $(MAKE1)
 BIND_LICENSE = ISC
@@ -35,9 +35,13 @@ else
 	BIND_CONF_OPT += --with-openssl=no
 endif
 
+define BIND_INSTALL_INIT_SYSV
+	$(INSTALL) -m 0755 -D package/bind/S81named \
+		$(TARGET_DIR)/etc/init.d/S81named
+endef
+
 define BIND_TARGET_INSTALL_FIXES
 	rm -f $(TARGET_DIR)/usr/bin/isc-config.sh
-	$(INSTALL) -m 0755 -D package/bind/bind.sysvinit $(TARGET_DIR)/etc/init.d/S81named
 endef
 
 BIND_POST_INSTALL_TARGET_HOOKS += BIND_TARGET_INSTALL_FIXES
@@ -61,8 +65,8 @@ endif
 define BIND_UNINSTALL_TARGET_CMDS
 	$(BIND_TARGET_REMOVE_SERVER)
 	$(BIND_TARGET_REMOVE_TOOLS)
-	rm -rf $(addprefix $(TARGET_DIR)/usr/lib/, $(BIND_TARGET_LIBS))
 	rm -f $(TARGET_DIR)/etc/init.d/S81named
+	rm -rf $(addprefix $(TARGET_DIR)/usr/lib/, $(BIND_TARGET_LIBS))
 endef
 
 $(eval $(autotools-package))
diff --git a/package/bind/bind.sysvinit b/package/bind/bind.sysvinit
deleted file mode 100644
index 171d3208aa..0000000000
--- a/package/bind/bind.sysvinit
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/sh
-#
-# System-V init to control the bind DNS Daemon
-#
-
-NAME=named
-DAEMON=/usr/sbin/$NAME
-
-# this file contains a few tunable parameters
-test -r /etc/default/named && . /etc/default/named
-
-test -f $DAEMON || exit 0
-
-set -e
-
-case "$1" in
-	start)
-		test -z "$CHROOT" || ARGS="$ARGS -t $CHROOT"
-		test -z "$SETUID" || ARGS="$ARGS -u $SETUID"
-		if [ ! -f $CHROOT/etc/rndc.key ]; then
-		    echo "Initializing $NAME control key: rndc-confgen"
-		    set +e
-
-                    # if rndc.key is a symlink, the target must exist
-		    touch $CHROOT/etc/rndc.key
-		    touch etc/rndc.key
-
-		    rndc-confgen -a -r /dev/urandom $ARGS || true
-		    set -e
-		fi
-		test -z "$CONF" || ARGS="$ARGS -c $CONF"
-		echo -n "Starting domain name daemon: $NAME"
-		trap 'echo failed' 0
-		start-stop-daemon -S -x $DAEMON -- $ARGS
-		trap - 0
-		echo "."
-		;;
-	stop)
-		echo -n "Stopping domain name daemon: $NAME"
-		rndc stop || start-stop-daemon -K -x $DAEMON
-		echo "."
-		;;
-	restart)
-		$0 stop || true
-		sleep 2
-		$0 start
-		;;
-	reload|force-reload)
-		rndc reload || $0 restart
-		;;
-	*)
-		echo "Usage: $0 {start|stop|restart|reload|force-reload}"
-		exit 1 
-esac
-
-exit 0