From e8dc42753c64942d5817d8ca2a3553f55e202a8e Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Fri, 18 Mar 2022 10:11:08 -0700 Subject: [PATCH] bind: bump to 9.16.27 Fixes security issues: * CVE-2022-0396 -- A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer() to be called recursively, which in turn left TCP connections hanging in the CLOSE_WAIT state blocking indefinitely when out-of-order processing was disabled. * CVE-2021-25220 -- The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. Signed-off-by: Noah Meyerhans --- net/bind/Makefile | 4 ++-- net/bind/patches/001-no-tests.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bind/Makefile b/net/bind/Makefile index 9932e54a5..9b2657c8f 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.16.25 +PKG_VERSION:=9.16.27 PKG_RELEASE:=1 USERID:=bind=57:bind=57 @@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:= \ https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ https://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=9fa328850f82843ef8b7bf1ff5322cb68b110273a33f375ba41f35270f5e1ff3 +PKG_HASH:=90902aaf104c81019d75d6f8b2f7ec40fcd249406f894b44e4a9c6b5e08bf566 PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 diff --git a/net/bind/patches/001-no-tests.patch b/net/bind/patches/001-no-tests.patch index b21b563b7..9c603b2c4 100644 --- a/net/bind/patches/001-no-tests.patch +++ b/net/bind/patches/001-no-tests.patch @@ -1,6 +1,6 @@ --- a/bin/Makefile.in +++ b/bin/Makefile.in -@@ -12,7 +12,7 @@ VPATH = @srcdir@ +@@ -14,7 +14,7 @@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \