From f9fbc75557131a50d9558e7b9e89f35b48bbccca Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Sun, 28 Oct 2018 15:39:38 -0700 Subject: [PATCH] bind: Update to 9.11.5 This includes the fix for CVE-2018-5738: When recursion is enabled but the allow-recursion and allow-query-cache ACLs are not specified, they should be limited to local networks, but they were inadvertently set to match the default allow-query, thus allowing remote queries. Signed-off-by: Noah Meyerhans --- net/bind/Makefile | 6 ++--- net/bind/patches/001-no-tests.patch | 27 ++++++---------------- net/bind/patches/002-autoconf-ar-fix.patch | 8 +++---- 3 files changed, 14 insertions(+), 27 deletions(-) diff --git a/net/bind/Makefile b/net/bind/Makefile index 3adf535d64..7e5fb8b582 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.11.3 -PKG_RELEASE:=3 +PKG_VERSION:=9.11.5 +PKG_RELEASE:=1 USERID:=bind=57:bind=57 PKG_MAINTAINER:=Noah Meyerhans @@ -20,7 +20,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ http://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=0d9dde14b2ec7f9cdc3b69f19540c7a2e4eee7b6c727965dfae48810965876f5 +PKG_HASH:=a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 diff --git a/net/bind/patches/001-no-tests.patch b/net/bind/patches/001-no-tests.patch index 2d0c152f7d..4a4fa44e81 100644 --- a/net/bind/patches/001-no-tests.patch +++ b/net/bind/patches/001-no-tests.patch @@ -1,26 +1,13 @@ -Index: bind-9.10.4-P3/bin/Makefile.in +Index: bind-9.11.5/bin/Makefile.in =================================================================== ---- bind-9.10.4-P3.orig/bin/Makefile.in -+++ bind-9.10.4-P3/bin/Makefile.in -@@ -10,7 +10,7 @@ srcdir = @srcdir@ - VPATH = @srcdir@ +--- bind-9.11.5.orig/bin/Makefile.in ++++ bind-9.11.5/bin/Makefile.in +@@ -12,7 +12,7 @@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ --SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ -+SUBDIRS = named rndc dig delv dnssec tools nsupdate \ - check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - -Index: bind-9.10.4-P3/lib/Makefile.in -=================================================================== ---- bind-9.10.4-P3.orig/lib/Makefile.in -+++ bind-9.10.4-P3/lib/Makefile.in -@@ -14,7 +14,7 @@ top_srcdir = @top_srcdir@ - # Attempt to disable parallel processing. - .NOTPARALLEL: - .NO_PARALLEL: --SUBDIRS = isc isccc dns isccfg bind9 lwres irs tests samples -+SUBDIRS = isc isccc dns isccfg bind9 lwres irs samples + SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ +- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests ++ @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ TARGETS = @BIND9_MAKE_RULES@ diff --git a/net/bind/patches/002-autoconf-ar-fix.patch b/net/bind/patches/002-autoconf-ar-fix.patch index 878554fae1..9d47bf2052 100644 --- a/net/bind/patches/002-autoconf-ar-fix.patch +++ b/net/bind/patches/002-autoconf-ar-fix.patch @@ -1,8 +1,8 @@ -Index: bind-9.10.4-P3/configure.in +Index: bind-9.11.5/configure.in =================================================================== ---- bind-9.10.4-P3.orig/configure.in -+++ bind-9.10.4-P3/configure.in -@@ -157,26 +157,11 @@ esac +--- bind-9.11.5.orig/configure.in ++++ bind-9.11.5/configure.in +@@ -181,26 +181,11 @@ esac # AC_CONFIG_FILES([make/rules make/includes]) -- 2.30.2