From 0605142aa5251025fa1f848d9e310f46056b42e0 Mon Sep 17 00:00:00 2001 From: Mathieu Arnold Date: Wed, 25 Jan 2023 17:30:38 +0100 Subject: [PATCH] dns/bind918: upgrade to 9.18.11 Security: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Changes: https://downloads.isc.org/isc/bind9/9.18.11/doc/arm/html/notes.html#notes-for-bind-9-18-11 (cherry picked from commit 060654348bd92d7147bcbd6dd524812603b086bb) --- dns/bind-tools/pkg-plist | 14 ++++++------ dns/bind918/Makefile | 2 +- dns/bind918/distinfo | 6 ++--- .../files/extrapatch-bind-min-override-ttl | 22 +++++++++---------- .../patch-bin_named_include_named_globals.h | 4 ++-- dns/bind918/pkg-plist | 14 ++++++------ 6 files changed, 31 insertions(+), 31 deletions(-) diff --git a/dns/bind-tools/pkg-plist b/dns/bind-tools/pkg-plist index 00a26d4c1253..aa19fe967e91 100644 --- a/dns/bind-tools/pkg-plist +++ b/dns/bind-tools/pkg-plist @@ -17,19 +17,19 @@ bin/nsec3hash bin/nslookup bin/nsupdate lib/bind-tools/libbind9.so -lib/bind-tools/libbind9-9.18.10.so +lib/bind-tools/libbind9-9.18.11.so lib/bind-tools/libdns.so -lib/bind-tools/libdns-9.18.10.so +lib/bind-tools/libdns-9.18.11.so lib/bind-tools/libirs.so -lib/bind-tools/libirs-9.18.10.so +lib/bind-tools/libirs-9.18.11.so lib/bind-tools/libisc.so -lib/bind-tools/libisc-9.18.10.so +lib/bind-tools/libisc-9.18.11.so lib/bind-tools/libisccc.so -lib/bind-tools/libisccc-9.18.10.so +lib/bind-tools/libisccc-9.18.11.so lib/bind-tools/libisccfg.so -lib/bind-tools/libisccfg-9.18.10.so +lib/bind-tools/libisccfg-9.18.11.so lib/bind-tools/libns.so -lib/bind-tools/libns-9.18.10.so +lib/bind-tools/libns-9.18.11.so %%MANPAGES%%man/man1/arpaname.1.gz %%MANPAGES%%man/man1/delv.1.gz %%MANPAGES%%man/man1/dig.1.gz diff --git a/dns/bind918/Makefile b/dns/bind918/Makefile index 3f4bc443785f..123abfcb3a7c 100644 --- a/dns/bind918/Makefile +++ b/dns/bind918/Makefile @@ -44,7 +44,7 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools USES= autoreconf compiler:c11 cpe libedit libtool pkgconfig ssl tar:xz # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.18.10 +ISCVERSION= 9.18.11 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} diff --git a/dns/bind918/distinfo b/dns/bind918/distinfo index 6c43e59d0d45..c7db19ce39eb 100644 --- a/dns/bind918/distinfo +++ b/dns/bind918/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1671811414 -SHA256 (bind-9.18.10.tar.xz) = f415a92feb62568b50854a063cb231e257351f8672186d0ab031a49b3de2cac6 -SIZE (bind-9.18.10.tar.xz) = 5261572 +TIMESTAMP = 1674661848 +SHA256 (bind-9.18.11.tar.xz) = 8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158 +SIZE (bind-9.18.11.tar.xz) = 5284184 diff --git a/dns/bind918/files/extrapatch-bind-min-override-ttl b/dns/bind918/files/extrapatch-bind-min-override-ttl index 38709a475508..fb51bea24e30 100644 --- a/dns/bind918/files/extrapatch-bind-min-override-ttl +++ b/dns/bind918/files/extrapatch-bind-min-override-ttl @@ -1,8 +1,8 @@ Add the override-cache-ttl feature. ---- bin/named/config.c.orig 2022-12-12 14:17:37 UTC +--- bin/named/config.c.orig 2023-01-12 22:21:15 UTC +++ bin/named/config.c -@@ -183,6 +183,7 @@ options {\n\ +@@ -184,6 +184,7 @@ options {\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ @@ -10,9 +10,9 @@ Add the override-cache-ttl feature. parental-source *;\n\ parental-source-v6 *;\n\ provide-ixfr true;\n\ ---- bin/named/server.c.orig 2022-12-12 14:17:37 UTC +--- bin/named/server.c.orig 2023-01-12 22:21:15 UTC +++ bin/named/server.c -@@ -4560,6 +4560,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl +@@ -4547,6 +4547,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; @@ -24,9 +24,9 @@ Add the override-cache-ttl feature. result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asduration(obj); ---- doc/arm/reference.rst.orig 2022-12-12 14:17:37 UTC +--- doc/arm/reference.rst.orig 2023-01-12 22:21:15 UTC +++ doc/arm/reference.rst -@@ -4272,6 +4272,10 @@ Tuning +@@ -4277,6 +4277,10 @@ Tuning cannot exceed 7 days and is silently truncated to 7 days if set to a greater value. @@ -37,7 +37,7 @@ Add the override-cache-ttl feature. .. namedconf:statement:: max-cache-ttl :tags: server :short: Specifies the maximum time (in seconds) that the server caches ordinary (positive) answers. ---- lib/dns/include/dns/view.h.orig 2022-12-12 14:17:37 UTC +--- lib/dns/include/dns/view.h.orig 2023-01-12 22:21:15 UTC +++ lib/dns/include/dns/view.h @@ -157,6 +157,7 @@ struct dns_view { bool requestnsid; @@ -47,9 +47,9 @@ Add the override-cache-ttl feature. dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2022-12-12 14:17:37 UTC +--- lib/dns/resolver.c.orig 2023-01-12 22:21:15 UTC +++ lib/dns/resolver.c -@@ -6276,6 +6276,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes +@@ -6253,6 +6253,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes } /* @@ -62,9 +62,9 @@ Add the override-cache-ttl feature. * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2022-12-12 14:17:37 UTC +--- lib/isccfg/namedconf.c.orig 2023-01-12 22:21:15 UTC +++ lib/isccfg/namedconf.c -@@ -2094,6 +2094,7 @@ static cfg_clausedef_t view_clauses[] = { +@@ -2096,6 +2096,7 @@ static cfg_clausedef_t view_clauses[] = { #endif /* ifdef HAVE_LMDB */ { "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind918/files/patch-bin_named_include_named_globals.h b/dns/bind918/files/patch-bin_named_include_named_globals.h index 6b9d61afe30c..fdf67eea6f38 100644 --- a/dns/bind918/files/patch-bin_named_include_named_globals.h +++ b/dns/bind918/files/patch-bin_named_include_named_globals.h @@ -1,8 +1,8 @@ We reference the pid file as being run/named/pid everywere else. ---- bin/named/include/named/globals.h.orig 2021-09-17 07:10:48 UTC +--- bin/named/include/named/globals.h.orig 2023-01-12 22:21:15 UTC +++ bin/named/include/named/globals.h -@@ -133,7 +133,7 @@ EXTERN bool named_g_forcelock INIT(false); +@@ -132,7 +132,7 @@ EXTERN bool named_g_forcelock INIT(false); #if NAMED_RUN_PID_DIR EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" diff --git a/dns/bind918/pkg-plist b/dns/bind918/pkg-plist index 11d3a4d7f837..6d2976e9de80 100644 --- a/dns/bind918/pkg-plist +++ b/dns/bind918/pkg-plist @@ -243,19 +243,19 @@ include/ns/xfrout.h lib/bind/filter-a.so lib/bind/filter-aaaa.so lib/libbind9.so -lib/libbind9-9.18.10.so +lib/libbind9-9.18.11.so lib/libdns.so -lib/libdns-9.18.10.so +lib/libdns-9.18.11.so lib/libirs.so -lib/libirs-9.18.10.so +lib/libirs-9.18.11.so lib/libisc.so -lib/libisc-9.18.10.so +lib/libisc-9.18.11.so lib/libisccc.so -lib/libisccc-9.18.10.so +lib/libisccc-9.18.11.so lib/libisccfg.so -lib/libisccfg-9.18.10.so +lib/libisccfg-9.18.11.so lib/libns.so -lib/libns-9.18.10.so +lib/libns-9.18.11.so @comment man/man1/arpaname.1.gz @comment man/man1/delv.1.gz @comment man/man1/dig.1.gz