From 23eeeeadc8cd3e03e17989e539756b2d4bde550e Mon Sep 17 00:00:00 2001 From: DENG Qingfang Date: Sun, 21 Jul 2019 01:21:24 +0800 Subject: [PATCH] bind: update to 9.11.9 Fixes CVEs: CVE-2018-5738 CVE-2018-5740 CVE-2018-5743 CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 CVE-2019-6471 Signed-off-by: DENG Qingfang Signed-off-by: Josef Schlehofer [mention fixed CVEs;patches: refreshed and removed those which are in upstream now] --- net/bind/Makefile | 13 +++++---- net/bind/patches/001-no-tests.patch | 27 +++++-------------- net/bind/patches/002-autoconf-ar-fix.patch | 31 ---------------------- 3 files changed, 14 insertions(+), 57 deletions(-) delete mode 100644 net/bind/patches/002-autoconf-ar-fix.patch diff --git a/net/bind/Makefile b/net/bind/Makefile index 1005eae3ac..a9bb2426b1 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,18 +9,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.11.2-P1 +PKG_VERSION:=9.11.9 PKG_RELEASE:=1 USERID:=bind=57:bind=57 PKG_MAINTAINER:=Noah Meyerhans -PKG_LICENSE := BSD-3-Clause +PKG_LICENSE:=BSD-3-Clause PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ - http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ - http://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 + https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ + https://ftp.isc.org/isc/bind9/$(PKG_VERSION) +PKG_HASH:=963bf048354795b85b8f3dbe3ff5ba524d3f5b14b86a4cc733fcf971b43ac50e PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 @@ -116,6 +116,7 @@ CONFIGURE_ARGS += \ --enable-shared \ --enable-static \ --with-randomdev="/dev/urandom" \ + --disable-atomic \ --disable-threads \ --disable-linux-caps \ --with-openssl="$(STAGING_DIR)/usr" \ @@ -125,6 +126,8 @@ CONFIGURE_ARGS += \ --with-gost=no \ --with-gssapi=no \ --with-ecdsa=$(if $(CONFIG_OPENSSL_WITH_EC),yes,no) \ + --without-eddsa \ + --without-python \ --with-readline=no \ --sysconfdir=/etc/bind diff --git a/net/bind/patches/001-no-tests.patch b/net/bind/patches/001-no-tests.patch index 2d0c152f7d..02049fd32e 100644 --- a/net/bind/patches/001-no-tests.patch +++ b/net/bind/patches/001-no-tests.patch @@ -1,26 +1,11 @@ -Index: bind-9.10.4-P3/bin/Makefile.in -=================================================================== ---- bind-9.10.4-P3.orig/bin/Makefile.in -+++ bind-9.10.4-P3/bin/Makefile.in -@@ -10,7 +10,7 @@ srcdir = @srcdir@ - VPATH = @srcdir@ +--- a/bin/Makefile.in ++++ b/bin/Makefile.in +@@ -12,7 +12,7 @@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ --SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ -+SUBDIRS = named rndc dig delv dnssec tools nsupdate \ - check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - -Index: bind-9.10.4-P3/lib/Makefile.in -=================================================================== ---- bind-9.10.4-P3.orig/lib/Makefile.in -+++ bind-9.10.4-P3/lib/Makefile.in -@@ -14,7 +14,7 @@ top_srcdir = @top_srcdir@ - # Attempt to disable parallel processing. - .NOTPARALLEL: - .NO_PARALLEL: --SUBDIRS = isc isccc dns isccfg bind9 lwres irs tests samples -+SUBDIRS = isc isccc dns isccfg bind9 lwres irs samples + SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ +- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests ++ @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ TARGETS = @BIND9_MAKE_RULES@ diff --git a/net/bind/patches/002-autoconf-ar-fix.patch b/net/bind/patches/002-autoconf-ar-fix.patch deleted file mode 100644 index 878554fae1..0000000000 --- a/net/bind/patches/002-autoconf-ar-fix.patch +++ /dev/null @@ -1,31 +0,0 @@ -Index: bind-9.10.4-P3/configure.in -=================================================================== ---- bind-9.10.4-P3.orig/configure.in -+++ bind-9.10.4-P3/configure.in -@@ -157,26 +157,11 @@ esac - # - AC_CONFIG_FILES([make/rules make/includes]) - --AC_PATH_PROG(AR, ar) --ARFLAGS="cruv" --AC_SUBST(AR) --AC_SUBST(ARFLAGS) -- - # The POSIX ln(1) program. Non-POSIX systems may substitute - # "copy" or something. - LN=ln - AC_SUBST(LN) - --case "$AR" in -- "") -- AC_MSG_ERROR([ --ar program not found. Please fix your PATH to include the directory in --which ar resides, or set AR in the environment with the full path to ar. --]) -- -- ;; --esac -- - # - # Etags. - # -- 2.30.2