NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bind: security bump to version 9.11.5

Browse Source 
Fixes the following security issues:

- CVE-2018-5738: Some versions of BIND can improperly permit recursive query
  service to unauthorized clients

- CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an
  INSIST assertion failure in named

For more details, see the release notes:

https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html

Drop patch 0003-Rename-ptrsize-to-ptr_size.patch as the uClibc-ng issue was
fixed upstream in commit 931fd627f6195 (mips: fix clashing symbols), which
is included in uclibc-1.0.12 (January 2016).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2018-11-07 15:38:12 +01:00
parent 3da9d6f988
commit 955df7463b
4 changed files with 3 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
package/bind/0002-cross.patch → package/bind/0001-cross.patch
View File

74
package/bind/0003-Rename-ptrsize-to-ptr_size.patch
View File

@ -1,74 +0,0 @@
From 254dc19788ba2a03504fc6d1036fef477a60035f Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Fri, 22 Jan 2016 08:31:02 -0300
Subject: [PATCH] Rename ptrsize to ptr_size
This is to compensate for a uClibc mess caused by commit
70a04a287a2875c82e6822c36e071afba5b63a62 where ptrsize is defined for
mips, hence causing build breakage under certain conditions for programs
that use this variable name.
Status: definitely not upstreamable.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
lib/dns/rbt.c | 6 +++---
lib/dns/rbtdb.c | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index 86b5183..5fd55de 100644
--- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c
@@ -113,7 +113,7 @@ struct file_header {
* information about the system on which the map file was generated
* will be used to tell if we can load the map file or not
*/
- isc_uint32_t ptrsize;
+ isc_uint32_t ptr_size;
unsigned int bigendian:1; /* big or little endian system */
unsigned int rdataset_fixed:1; /* compiled with --enable-rrset-fixed */
unsigned int nodecount; /* shadow from rbt structure */
@@ -517,7 +517,7 @@ write_header(FILE *file, dns_rbt_t *rbt, isc_uint64_t first_node_offset,
memmove(header.version1, FILE_VERSION, sizeof(header.version1));
memmove(header.version2, FILE_VERSION, sizeof(header.version2));
header.first_node_offset = first_node_offset;
- header.ptrsize = (isc_uint32_t) sizeof(void *);
+ header.ptr_size = (isc_uint32_t) sizeof(void *);
header.bigendian = (1 == htonl(1)) ? 1 : 0;
#ifdef DNS_RDATASET_FIXED
@@ -902,7 +902,7 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
}
#endif
- if (header->ptrsize != (isc_uint32_t) sizeof(void *)) {
+ if (header->ptr_size != (isc_uint32_t) sizeof(void *)) {
result = ISC_R_INVALIDFILE;
goto cleanup;
}
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index c7168cb..dbcf944 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -114,7 +114,7 @@ typedef struct rbtdb_file_header rbtdb_file_header_t;
struct rbtdb_file_header {
char version1[32];
- isc_uint32_t ptrsize;
+ isc_uint32_t ptr_size;
unsigned int bigendian:1;
isc_uint64_t tree;
isc_uint64_t nsec;
@@ -7593,7 +7593,7 @@ rbtdb_write_header(FILE *rbtfile, off_t tree_location, off_t nsec_location,
memset(&header, 0, sizeof(rbtdb_file_header_t));
memmove(header.version1, FILE_VERSION, sizeof(header.version1));
memmove(header.version2, FILE_VERSION, sizeof(header.version2));
- header.ptrsize = (isc_uint32_t) sizeof(void *);
+ header.ptr_size = (isc_uint32_t) sizeof(void *);
header.bigendian = (1 == htonl(1)) ? 1 : 0;
header.tree = (isc_uint64_t) tree_location;
header.nsec = (isc_uint64_t) nsec_location;
--
2.4.10

4
package/bind/bind.hash
View File

@ -1,4 +1,4 @@
# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc
# Verified from https://ftp.isc.org/isc/bind9/9.11.5/bind-9.11.5.tar.gz.asc
# with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
sha256 a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811 bind-9.11.4-P2.tar.gz
sha256 a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 bind-9.11.5.tar.gz
sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT

2
package/bind/bind.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
BIND_VERSION = 9.11.4-P2
BIND_VERSION = 9.11.5
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)