bind: bump to 9.16.12
Includes fix for security issues: * CVE-2020-8625: BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. Disable backtrace functionality, as it is unreliable across architectures and generally only supported by upstream on amd64 Remove a patch that has been incorporated upstream Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This commit is contained in:
Noah Meyerhans
parent
9395507160
commit
fcf72948ae
2 changed files with 3 additions and 86 deletions
|
|
@ -9,7 +9,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=bind
|
PKG_NAME:=bind
|
||||||
PKG_VERSION:=9.16.8
|
PKG_VERSION:=9.16.12
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
USERID:=bind=57:bind=57
|
USERID:=bind=57:bind=57
|
||||||
|
|
||||||
|
|
@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||||
PKG_SOURCE_URL:= \
|
PKG_SOURCE_URL:= \
|
||||||
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
|
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
|
||||||
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
|
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
|
||||||
PKG_HASH:=9e9b9c563692be86ec41f670f6b70e26c14e72445c742d7b5eb4db7d2b5e8d31
|
PKG_HASH:=9914af9311fd349cab441097898d94fb28d0bfd9bf6ed04fe1f97f042644da7f
|
||||||
|
|
||||||
PKG_FIXUP:=autoreconf
|
PKG_FIXUP:=autoreconf
|
||||||
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
|
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
|
||||||
|
|
@ -126,6 +126,7 @@ export BUILD_CC="$(TARGET_CC)"
|
||||||
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
|
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
|
||||||
|
|
||||||
CONFIGURE_ARGS += \
|
CONFIGURE_ARGS += \
|
||||||
|
--disable-backtrace \
|
||||||
--disable-linux-caps \
|
--disable-linux-caps \
|
||||||
--with-openssl="$(STAGING_DIR)/usr" \
|
--with-openssl="$(STAGING_DIR)/usr" \
|
||||||
--with-libtool \
|
--with-libtool \
|
||||||
|
|
|
||||||
|
|
@ -1,84 +0,0 @@
|
||||||
From 12a10bcfb1999d07961206587d79ce27c432c6ce Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
|
|
||||||
Date: Tue, 27 Oct 2020 12:40:45 +0100
|
|
||||||
Subject: [PATCH] Fix cross-compilation
|
|
||||||
|
|
||||||
Using AC_RUN_IFELSE() in configure.ac breaks cross-compilation:
|
|
||||||
|
|
||||||
configure: error: cannot run test program while cross compiling
|
|
||||||
|
|
||||||
Commit 978c7b2e89aa37a7ddfe2f6b6ba12ce73dd04528 caused AC_RUN_IFELSE()
|
|
||||||
to be used instead of AC_LINK_IFELSE() because the latter had seemingly
|
|
||||||
been causing the check for --wrap support in the linker to not work as
|
|
||||||
expected. However, it later turned out that the problem lied elsewhere:
|
|
||||||
a minus sign ('-') was missing from the LDFLAGS variable used in the
|
|
||||||
relevant check [1].
|
|
||||||
|
|
||||||
Revert to using AC_LINK_IFELSE() for checking whether the linker
|
|
||||||
supports the --wrap option in order to make cross-compilation possible
|
|
||||||
again.
|
|
||||||
|
|
||||||
Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/2237
|
|
||||||
|
|
||||||
[1] see commit cfa4ea64bc06685f210a4187dcc05cc0aac84851
|
|
||||||
---
|
|
||||||
configure | 16 ++++------------
|
|
||||||
configure.ac | 2 +-
|
|
||||||
2 files changed, 5 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
|
||||||
index a408f0dcf6..7694a18c0b 100755
|
|
||||||
--- a/configure
|
|
||||||
+++ b/configure
|
|
||||||
@@ -22047,13 +22047,7 @@ $as_echo_n "checking for linker support for --wrap option... " >&6; }
|
|
||||||
|
|
||||||
|
|
||||||
LDFLAGS="-Wl,--wrap,exit"
|
|
||||||
-if test "$cross_compiling" = yes; then :
|
|
||||||
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
||||||
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|
||||||
-as_fn_error $? "cannot run test program while cross compiling
|
|
||||||
-See \`config.log' for more details" "$LINENO" 5; }
|
|
||||||
-else
|
|
||||||
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
||||||
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
||||||
/* end confdefs.h. */
|
|
||||||
#include <stdlib.h>
|
|
||||||
void __real_exit (int status);
|
|
||||||
@@ -22067,7 +22061,7 @@ exit (1);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
_ACEOF
|
|
||||||
-if ac_fn_c_try_run "$LINENO"; then :
|
|
||||||
+if ac_fn_c_try_link "$LINENO"; then :
|
|
||||||
LD_WRAP_TESTS=true
|
|
||||||
|
|
||||||
$as_echo "#define LD_WRAP 1" >>confdefs.h
|
|
||||||
@@ -22078,10 +22072,8 @@ else
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
|
||||||
$as_echo "no" >&6; }
|
|
||||||
fi
|
|
||||||
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
|
|
||||||
- conftest.$ac_objext conftest.beam conftest.$ac_ext
|
|
||||||
-fi
|
|
||||||
-
|
|
||||||
+rm -f core conftest.err conftest.$ac_objext \
|
|
||||||
+ conftest$ac_exeext conftest.$ac_ext
|
|
||||||
|
|
||||||
CCASFLAGS=$CCASFLAGS_wrap_ax_save_flags
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 1201b5e2a7..9648d9727a 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -2247,7 +2247,7 @@ LD_WRAP_TESTS=false
|
|
||||||
AC_MSG_CHECKING([for linker support for --wrap option])
|
|
||||||
AX_SAVE_FLAGS([wrap])
|
|
||||||
LDFLAGS="-Wl,--wrap,exit"
|
|
||||||
-AC_RUN_IFELSE(
|
|
||||||
+AC_LINK_IFELSE(
|
|
||||||
[AC_LANG_PROGRAM([[#include <stdlib.h>
|
|
||||||
void __real_exit (int status);
|
|
||||||
void __wrap_exit (int status) { __real_exit (0); }
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
Loading…
Reference in a new issue