projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d5a7aa1)
bind: update to version 9.16.20
authorJosef Schlehofer <pepe.schlehofer@gmail.com>
Wed, 8 Sep 2021 09:34:17 +0000 (11:34 +0200)
committerNoah Meyerhans <frodo@morgul.net>
Wed, 8 Sep 2021 20:19:09 +0000 (13:19 -0700)
1. Fixes: CVE-2021-25218

2. Add patch to bump API version, which was forgotten by BIND devs
Related to https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17
Pointed out in https://www.openwall.com/lists/oss-security/2021/08/20/2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
net/bind/Makefile patch | blob | history
net/bind/patches/002-map-format-fix.patch [new file with mode: 0644] patch | blob

diff --git a/net/bind/Makefile b/net/bind/Makefile
index d003cf35cc66bab0a5a42e7cfe61649ed4d4be91..e1125e83348ddd9e5471de1c09f42193cbe3b1f8 100644 (file)
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.16.18
+PKG_VERSION:=9.16.20
 PKG_RELEASE:=1
 USERID:=bind=57:bind=57
 
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
        https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
        https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=3c6263a4364eb5dce233f9f22b90acfa1ec2488d534f91d21663d0ac25ce5e65
+PKG_HASH:=4d0d93c0d0b63080609e84625f24ff8777f8d164e78a75b1c19c334ce42d5b58
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
diff --git a/net/bind/patches/002-map-format-fix.patch b/net/bind/patches/002-map-format-fix.patch
new file mode 100644 (file)
index 0000000..ce45fbe
--- /dev/null
+++ b/net/bind/patches/002-map-format-fix.patch
@@ -0,0 +1,23 @@
+From b70a2c2d074a57aac4b1ec996b881a5b93a2cf39 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= <pspacek@isc.org>
+Date: Thu, 19 Aug 2021 19:54:44 +0200
+Subject: [PATCH] increase MAPAPI
+
+bump the map zonefile version number to avoid an assertion
+failure when loading map files from versions of BIND prior to
+the most recent change to the in-memory structure of zone
+databases.
+
+(cherry picked from commit 4a68c7be225ddc3443d647bb8257278c1fdb4da8)
+---
+ lib/dns/mapapi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/dns/mapapi
++++ b/lib/dns/mapapi
+@@ -13,4 +13,4 @@
+ # Whenever releasing a new major release of BIND9, set this value
+ # back to 1.0 when releasing the first alpha.  Map files are *never*
+ # compatible across major releases.
+-MAPAPI=2.0
++MAPAPI=3.0
Mirror of packages feed