From 955df7463b0747620b744e19a78cfc84e1c99965 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Wed, 7 Nov 2018 15:38:12 +0100 Subject: [PATCH] bind: security bump to version 9.11.5 Fixes the following security issues: - CVE-2018-5738: Some versions of BIND can improperly permit recursive query service to unauthorized clients - CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named For more details, see the release notes: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html Drop patch 0003-Rename-ptrsize-to-ptr_size.patch as the uClibc-ng issue was fixed upstream in commit 931fd627f6195 (mips: fix clashing symbols), which is included in uclibc-1.0.12 (January 2016). Signed-off-by: Peter Korsgaard --- .../{0002-cross.patch => 0001-cross.patch} | 0 .../0003-Rename-ptrsize-to-ptr_size.patch | 74 ------------------- package/bind/bind.hash | 4 +- package/bind/bind.mk | 2 +- 4 files changed, 3 insertions(+), 77 deletions(-) rename package/bind/{0002-cross.patch => 0001-cross.patch} (100%) delete mode 100644 package/bind/0003-Rename-ptrsize-to-ptr_size.patch diff --git a/package/bind/0002-cross.patch b/package/bind/0001-cross.patch similarity index 100% rename from package/bind/0002-cross.patch rename to package/bind/0001-cross.patch diff --git a/package/bind/0003-Rename-ptrsize-to-ptr_size.patch b/package/bind/0003-Rename-ptrsize-to-ptr_size.patch deleted file mode 100644 index e3b58e202d..0000000000 --- a/package/bind/0003-Rename-ptrsize-to-ptr_size.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 254dc19788ba2a03504fc6d1036fef477a60035f Mon Sep 17 00:00:00 2001 -From: Gustavo Zacarias -Date: Fri, 22 Jan 2016 08:31:02 -0300 -Subject: [PATCH] Rename ptrsize to ptr_size - -This is to compensate for a uClibc mess caused by commit -70a04a287a2875c82e6822c36e071afba5b63a62 where ptrsize is defined for -mips, hence causing build breakage under certain conditions for programs -that use this variable name. - -Status: definitely not upstreamable. - -Signed-off-by: Gustavo Zacarias ---- - lib/dns/rbt.c | 6 +++--- - lib/dns/rbtdb.c | 4 ++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c -index 86b5183..5fd55de 100644 ---- a/lib/dns/rbt.c -+++ b/lib/dns/rbt.c -@@ -113,7 +113,7 @@ struct file_header { - * information about the system on which the map file was generated - * will be used to tell if we can load the map file or not - */ -- isc_uint32_t ptrsize; -+ isc_uint32_t ptr_size; - unsigned int bigendian:1; /* big or little endian system */ - unsigned int rdataset_fixed:1; /* compiled with --enable-rrset-fixed */ - unsigned int nodecount; /* shadow from rbt structure */ -@@ -517,7 +517,7 @@ write_header(FILE *file, dns_rbt_t *rbt, isc_uint64_t first_node_offset, - memmove(header.version1, FILE_VERSION, sizeof(header.version1)); - memmove(header.version2, FILE_VERSION, sizeof(header.version2)); - header.first_node_offset = first_node_offset; -- header.ptrsize = (isc_uint32_t) sizeof(void *); -+ header.ptr_size = (isc_uint32_t) sizeof(void *); - header.bigendian = (1 == htonl(1)) ? 1 : 0; - - #ifdef DNS_RDATASET_FIXED -@@ -902,7 +902,7 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize, - } - #endif - -- if (header->ptrsize != (isc_uint32_t) sizeof(void *)) { -+ if (header->ptr_size != (isc_uint32_t) sizeof(void *)) { - result = ISC_R_INVALIDFILE; - goto cleanup; - } -diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index c7168cb..dbcf944 100644 ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -114,7 +114,7 @@ typedef struct rbtdb_file_header rbtdb_file_header_t; - - struct rbtdb_file_header { - char version1[32]; -- isc_uint32_t ptrsize; -+ isc_uint32_t ptr_size; - unsigned int bigendian:1; - isc_uint64_t tree; - isc_uint64_t nsec; -@@ -7593,7 +7593,7 @@ rbtdb_write_header(FILE *rbtfile, off_t tree_location, off_t nsec_location, - memset(&header, 0, sizeof(rbtdb_file_header_t)); - memmove(header.version1, FILE_VERSION, sizeof(header.version1)); - memmove(header.version2, FILE_VERSION, sizeof(header.version2)); -- header.ptrsize = (isc_uint32_t) sizeof(void *); -+ header.ptr_size = (isc_uint32_t) sizeof(void *); - header.bigendian = (1 == htonl(1)) ? 1 : 0; - header.tree = (isc_uint64_t) tree_location; - header.nsec = (isc_uint64_t) nsec_location; --- -2.4.10 - diff --git a/package/bind/bind.hash b/package/bind/bind.hash index 19d5f61f6d..ea76108cc0 100644 --- a/package/bind/bind.hash +++ b/package/bind/bind.hash @@ -1,4 +1,4 @@ -# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc +# Verified from https://ftp.isc.org/isc/bind9/9.11.5/bind-9.11.5.tar.gz.asc # with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57 -sha256 a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811 bind-9.11.4-P2.tar.gz +sha256 a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 bind-9.11.5.tar.gz sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT diff --git a/package/bind/bind.mk b/package/bind/bind.mk index 95f615bf81..19d9d1cf5c 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -4,7 +4,7 @@ # ################################################################################ -BIND_VERSION = 9.11.4-P2 +BIND_VERSION = 9.11.5 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION) # bind does not support parallel builds. BIND_MAKE = $(MAKE1)