aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Lepiller <julien@lepiller.eu>2018-07-13 14:59:54 +0200
committerJulien Lepiller <julien@lepiller.eu>2018-07-13 15:01:08 +0200
commite3ebfe6ca0dbf7b82169c9333dc31935e8c36226 (patch)
tree00e5ed26fc01c518f9ef555e8b56564ae58eec8f
parentd4b8fa5d3a81238f7d484a3685258d6b234d169a (diff)
downloadpatches-e3ebfe6ca0dbf7b82169c9333dc31935e8c36226.tar
patches-e3ebfe6ca0dbf7b82169c9333dc31935e8c36226.tar.gz
gnu: bind: Update to 9.12.2.
* gnu/packages/dns.scm (bind): Update to 9.12.2. * gnu/packages/patches/bind-CVE-2018-5738.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/dns.scm5
-rw-r--r--gnu/packages/patches/bind-CVE-2018-5738.patch100
3 files changed, 2 insertions, 104 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 979c3b4b93..9e875263ac 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -584,7 +584,6 @@ dist_patch_DATA = \
%D%/packages/patches/bash-completion-directories.patch \
%D%/packages/patches/bazaar-CVE-2017-14176.patch \
%D%/packages/patches/beignet-correct-file-names.patch \
- %D%/packages/patches/bind-CVE-2018-5738.patch \
%D%/packages/patches/binutils-aarch64-symbol-relocation.patch \
%D%/packages/patches/binutils-loongson-workaround.patch \
%D%/packages/patches/blast+-fix-makefile.patch \
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 9d728c3464..086012e88e 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -99,16 +99,15 @@ and BOOTP/TFTP for network booting of diskless machines.")
(define-public isc-bind
(package
(name "bind")
- (version "9.12.1-P2")
+ (version "9.12.2")
(source (origin
(method url-fetch)
(uri (string-append
"ftp://ftp.isc.org/isc/bind9/" version "/" name "-"
version ".tar.gz"))
- (patches (search-patches "bind-CVE-2018-5738.patch"))
(sha256
(base32
- "0a9dvyg1dk7vpqn9gz7p5jas3bz7z22bjd66b98g1qk16i2w7rqd"))))
+ "0ll46igs9xfq2qclc5wzqsnj3zv7ssga0544gm24s1m7765lqslz"))))
(build-system gnu-build-system)
(outputs `("out" "utils"))
(inputs
diff --git a/gnu/packages/patches/bind-CVE-2018-5738.patch b/gnu/packages/patches/bind-CVE-2018-5738.patch
deleted file mode 100644
index ddef014651..0000000000
--- a/gnu/packages/patches/bind-CVE-2018-5738.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-Fix CVE-2018-5738:
-
-https://kb.isc.org/article/AA-01616/0/CVE-2018-5738
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738
-
-diff --git a/bin/named/server.c b/bin/named/server.c
-index f63554e..847c4ff 100644
---- a/bin/named/server.c
-+++ b/bin/named/server.c
-@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- CHECKM(named_config_getport(config, &port), "port");
- dns_view_setdstport(view, port);
-
-- CHECK(configure_view_acl(vconfig, config, named_g_config,
-- "allow-query", NULL, actx,
-- named_g_mctx, &view->queryacl));
--
- /*
- * Make the list of response policy zone names for a view that
- * is used for real lookups and so cares about hints.
-@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- "allow-query-cache-on", NULL, actx,
- named_g_mctx, &view->cacheonacl));
- /*
-- * Set "allow-query-cache", "allow-recursion", and
-- * "allow-recursion-on" acls if configured in named.conf.
-- * (Ignore the global defaults for now, because these ACLs
-- * can inherit from each other when only some of them set at
-- * the options/view level.)
-+ * Set the "allow-query", "allow-query-cache", "allow-recursion",
-+ * and "allow-recursion-on" ACLs if configured in named.conf, but
-+ * NOT from the global defaults. This is done by leaving the third
-+ * argument to configure_view_acl() NULL.
-+ *
-+ * We ignore the global defaults here because these ACLs
-+ * can inherit from each other. If any are still unset after
-+ * applying the inheritance rules, we'll look up the defaults at
-+ * that time.
- */
-- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache",
-- NULL, actx, named_g_mctx, &view->cacheacl));
-+
-+ /* named.conf only */
-+ CHECK(configure_view_acl(vconfig, config, NULL,
-+ "allow-query", NULL, actx,
-+ named_g_mctx, &view->queryacl));
-+
-+ /* named.conf only */
-+ CHECK(configure_view_acl(vconfig, config, NULL,
-+ "allow-query-cache", NULL, actx,
-+ named_g_mctx, &view->cacheacl));
-
- if (strcmp(view->name, "_bind") != 0 &&
- view->rdclass != dns_rdataclass_chaos)
- {
-+ /* named.conf only */
- CHECK(configure_view_acl(vconfig, config, NULL,
- "allow-recursion", NULL, actx,
- named_g_mctx, &view->recursionacl));
-+ /* named.conf only */
- CHECK(configure_view_acl(vconfig, config, NULL,
- "allow-recursion-on", NULL, actx,
- named_g_mctx, &view->recursiononacl));
-@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- * the global config.
- */
- if (view->recursionacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, named_g_config,
- "allow-recursion", NULL,
- actx, named_g_mctx,
- &view->recursionacl));
- }
- if (view->recursiononacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, named_g_config,
- "allow-recursion-on", NULL,
- actx, named_g_mctx,
- &view->recursiononacl));
- }
- if (view->cacheacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, named_g_config,
- "allow-query-cache", NULL,
- actx, named_g_mctx,
-@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- CHECK(dns_acl_none(mctx, &view->cacheacl));
- }
-
-+ if (view->queryacl == NULL) {
-+ /* global default only */
-+ CHECK(configure_view_acl(NULL, NULL, named_g_config,
-+ "allow-query", NULL,
-+ actx, named_g_mctx,
-+ &view->queryacl));
-+ }
-+
- /*
- * Ignore case when compressing responses to the specified
- * clients. This causes case not always to be preserved,