bind: Update to 9.11.5

This includes the fix for CVE-2018-5738: When recursion is enabled but the
allow-recursion and allow-query-cache ACLs are not specified, they should be
limited to local networks, but they were inadvertently set to match the default
allow-query, thus allowing remote queries.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

diff --git a/net/bind/Makefile b/net/bind/Makefile
index 3adf535d64ae199c9f40c4b0d005d98328d4cd39..7e5fb8b5820dfde4794e86a2732173e3794a5040 100644 (file)
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,8 +9,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.11.3
-PKG_RELEASE:=3
+PKG_VERSION:=9.11.5
+PKG_RELEASE:=1
 USERID:=bind=57:bind=57
 
 PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
@@ -20,7 +20,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
        http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
        http://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=0d9dde14b2ec7f9cdc3b69f19540c7a2e4eee7b6c727965dfae48810965876f5
+PKG_HASH:=a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4

diff --git a/net/bind/patches/001-no-tests.patch b/net/bind/patches/001-no-tests.patch
index 2d0c152f7d8dd540ae2e8df9b79a47938f38ba78..4a4fa44e81699ea0afdb2e2ecac6acf7bd385fe5 100644 (file)
--- a/net/bind/patches/001-no-tests.patch
+++ b/net/bind/patches/001-no-tests.patch
@@ -1,26 +1,13 @@
-Index: bind-9.10.4-P3/bin/Makefile.in
+Index: bind-9.11.5/bin/Makefile.in
 ===================================================================
---- bind-9.10.4-P3.orig/bin/Makefile.in
-+++ bind-9.10.4-P3/bin/Makefile.in
-@@ -10,7 +10,7 @@ srcdir =     @srcdir@
- VPATH =               @srcdir@
+--- bind-9.11.5.orig/bin/Makefile.in
++++ bind-9.11.5/bin/Makefile.in
+@@ -12,7 +12,7 @@ VPATH =              @srcdir@
  top_srcdir =  @top_srcdir@
  
--SUBDIRS =     named rndc dig delv dnssec tools tests nsupdate \
-+SUBDIRS =     named rndc dig delv dnssec tools nsupdate \
-               check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@
- TARGETS =
- 
-Index: bind-9.10.4-P3/lib/Makefile.in
-===================================================================
---- bind-9.10.4-P3.orig/lib/Makefile.in
-+++ bind-9.10.4-P3/lib/Makefile.in
-@@ -14,7 +14,7 @@ top_srcdir = @top_srcdir@
- # Attempt to disable parallel processing.
- .NOTPARALLEL:
- .NO_PARALLEL:
--SUBDIRS =     isc isccc dns isccfg bind9 lwres irs tests samples
-+SUBDIRS =     isc isccc dns isccfg bind9 lwres irs samples
+ SUBDIRS =     named rndc dig delv dnssec tools nsupdate check confgen \
+-              @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
++              @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@
  TARGETS =
  
  @BIND9_MAKE_RULES@

diff --git a/net/bind/patches/002-autoconf-ar-fix.patch b/net/bind/patches/002-autoconf-ar-fix.patch
index 878554fae1144104338ce63f5bb61c27ad123bab..9d47bf2052c546df4296756c82f696bf657f5fc2 100644 (file)
--- a/net/bind/patches/002-autoconf-ar-fix.patch
+++ b/net/bind/patches/002-autoconf-ar-fix.patch
@@ -1,8 +1,8 @@
-Index: bind-9.10.4-P3/configure.in
+Index: bind-9.11.5/configure.in
 ===================================================================
---- bind-9.10.4-P3.orig/configure.in
-+++ bind-9.10.4-P3/configure.in
-@@ -157,26 +157,11 @@ esac
+--- bind-9.11.5.orig/configure.in
++++ bind-9.11.5/configure.in
+@@ -181,26 +181,11 @@ esac
  #
  AC_CONFIG_FILES([make/rules make/includes])