From 0406434baaf180af51c02c2cee02d972356047b3 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 25 Apr 2019 04:35:50 +0200 Subject: gnu: bind: Update to 9.12.4-P1 [fixes CVE-2018-5743, CVE-2019-6467]. * gnu/packages/dns.scm (isc-bind): Update to 9.12.4-P1. [source]: Add patch. [inputs]: Add python and python-ply. * packages/patches/bind-fix-unused-pk11-ecc-constants.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- .../bind-fix-unused-pk11-ecc-constants.patch | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch b/gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch new file mode 100644 index 0000000000..ab7cc83684 --- /dev/null +++ b/gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch @@ -0,0 +1,43 @@ +From: Tobias Geerinckx-Rice +Date: Thu, 25 Apr 2019 04:36:52 +0200 +Subject: [PATCH] gnu: bind: Fix unused PKCS#11 ECC constants. + +Without this patch, the build fails: + + pkcs11-keygen.c: In function ‘main’: + pkcs11-keygen.c:424:32: error: ‘pk11_ecc_prime256v1’ undeclared (first use in this function) + public_template[4].pValue = pk11_ecc_prime256v1; + ^ + pkcs11-keygen.c:424:32: note: each undeclared identifier is reported only once for each function it appears in + pkcs11-keygen.c:428:32: error: ‘pk11_ecc_secp384r1’ undeclared (first use in this function) + public_template[4].pValue = pk11_ecc_secp384r1; + ^ + make[2]: *** [Makefile:217: pkcs11-keygen.o] Error 1 + +Fix copied verbatim from upstream[0]. + +[0]: https://gitlab.isc.org/isc-projects/bind9/issues/935 + +--- +--- orig-bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-02-27 15:28:15.000000000 -0800 ++++ bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-03-11 09:20:50.955257469 -0700 +@@ -403,6 +403,10 @@ + public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize; + break; + case key_ecc: ++#if !defined(HAVE_PKCS11_ECDSA) ++ fprintf(stderr, "prime256v1 and secp3841r1 is not supported\n"); ++ usage(); ++#else + op_type = OP_EC; + if (bits == 0) + bits = 256; +@@ -429,7 +433,7 @@ + public_template[4].ulValueLen = + sizeof(pk11_ecc_secp384r1); + } +- ++#endif + break; + case key_ecx: + #if !defined(CKM_EDDSA_KEY_PAIR_GEN) -- cgit v1.2.3