aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Daudt <kdaudt@alpinelinux.org>2019-06-23 20:24:58 +0000
committerKevin Daudt <kdaudt@alpinelinux.org>2019-06-23 20:44:15 +0000
commit0114ee65efba18fb076f02326482b48b4b8f9e1a (patch)
treeef8028c6014c73354cbb472a50d6fc59c3219cb2
parentaaf594bc234db11d5ef457511b7b3cebb3bcba46 (diff)
main/bind: upgrade to 9.11.8 (CVE-2019-6471)
Replace-atomic-operations.patch was an upstream patch that is now included in the release.
-rw-r--r--main/bind/APKBUILD10
-rw-r--r--main/bind/Replace-atomic-operations.patch132
2 files changed, 5 insertions, 137 deletions
diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD
index 6205a769fcb..6406784634a 100644
--- a/main/bind/APKBUILD
+++ b/main/bind/APKBUILD
@@ -3,11 +3,11 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=bind
-pkgver=9.11.6_p1
+pkgver=9.11.8
_ver=${pkgver%_p*}
_p=${pkgver#*_p}
[ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p"
-pkgrel=1
+pkgrel=0
pkgdesc="The ISC DNS server"
url="http://www.isc.org"
arch="all"
@@ -22,7 +22,6 @@ install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-tools
py3-$pkgname:_py3 $pkgname-dnssec-tools:_dnssec_tools"
source="http://ftp.isc.org/isc/bind9/${_ver}/bind-${_ver}.tar.gz
- Replace-atomic-operations.patch
bind.so_bsdcompat.patch
named.initd
named.confd
@@ -34,6 +33,8 @@ source="http://ftp.isc.org/isc/bind9/${_ver}/bind-${_ver}.tar.gz
"
# secfixes:
+# 9.11.8-r0:
+# - CVE-2019-6471
# 9.11.6_p1-r0:
# - CVE-2018-5743
# - CVE-2019-6467
@@ -186,8 +187,7 @@ tools() {
done
}
-sha512sums="419aeeddeab7aef818b9043db7b21a847993444f663dca04e58ee97a0ebee0610cbc5a9422d17a6f0ee5d44598a2cbb5651e3b4e8c56708eaf923dca0a5c4c03 bind-9.11.6-P1.tar.gz
-1022c0dff2d62ed7dc7a772c7fd50e908befc4cf93d42bdb8ecf1fdc29e9b8bb4042bd67dbf16ff5e54a380cadb5bba11aac60227bba582c7486cffb6ba29181 Replace-atomic-operations.patch
+sha512sums="0192d6e087cdbdebec171869d908c4326c2575d65ee5367a78ed9da26de357e017b0306349d66a6016a7ec80ad27f5f7f9f2db25002c6d0c78589dc473a015fc bind-9.11.8.tar.gz
38c06e1f4834f9648cd5ee37175aeb52d31101123b5359f9df8553283f5dde98a827ba1d8786c0fc4c86012b5125c253b735e227df0cb2241213f05f88ae2b9e bind.so_bsdcompat.patch
196c0a3b43cf89e8e3547d7fb63a93ff9a3306505658dfd9aa78e6861be6b226580b424dd3dd44b955b2d9f682b1dc62c457f3ac29ce86200ef070140608c015 named.initd
127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf named.confd
diff --git a/main/bind/Replace-atomic-operations.patch b/main/bind/Replace-atomic-operations.patch
deleted file mode 100644
index cfbded6f809..00000000000
--- a/main/bind/Replace-atomic-operations.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
-Date: Wed, 17 Apr 2019 15:22:27 +0200
-Subject: [PATCH] Replace atomic operations in bin/named/client.c with
- isc_refcount reference counting
-
----
- bin/named/client.c | 18 +++++++-----------
- bin/named/include/named/interfacemgr.h | 5 +++--
- bin/named/interfacemgr.c | 7 +++++--
- 3 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/bin/named/client.c b/bin/named/client.c
-index 845326abc0..29fecadca8 100644
---- a/bin/named/client.c
-+++ b/bin/named/client.c
-@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
- static void
- mark_tcp_active(ns_client_t *client, bool active) {
- if (active && !client->tcpactive) {
-- isc_atomic_xadd(&client->interface->ntcpactive, 1);
-+ isc_refcount_increment0(&client->interface->ntcpactive, NULL);
- client->tcpactive = active;
- } else if (!active && client->tcpactive) {
-- uint32_t old =
-- isc_atomic_xadd(&client->interface->ntcpactive, -1);
-- INSIST(old > 0);
-+ isc_refcount_decrement(&client->interface->ntcpactive, NULL);
- client->tcpactive = active;
- }
- }
-@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
- if (client->mortal && TCP_CLIENT(client) &&
- client->newstate != NS_CLIENTSTATE_FREED &&
- !ns_g_clienttest &&
-- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
-+ isc_refcount_current(&client->interface->ntcpaccepting) == 0)
- {
- /* Nobody else is accepting */
- client->mortal = false;
-@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
- isc_result_t result;
- ns_client_t *client = event->ev_arg;
- isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
-- uint32_t old;
-
- REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
- REQUIRE(NS_CLIENT_VALID(client));
-@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
- INSIST(client->naccepts == 1);
- client->naccepts--;
-
-- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
-- INSIST(old > 0);
-+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
-
- /*
- * We must take ownership of the new socket before the exit
-@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
- * quota is tcp-clients plus the number of listening
- * interfaces plus 1.)
- */
-- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
-- (client->tcpactive ? 1 : 0));
-+ exit = (isc_refcount_current(&client->interface->ntcpactive) >
-+ (client->tcpactive ? 1U : 0U));
- if (exit) {
- client->newstate = NS_CLIENTSTATE_INACTIVE;
- (void)exit_check(client);
-@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
- * listening for connections itself to prevent the interface
- * going dead.
- */
-- isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
-+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
- }
-
- static void
-diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
-index 3535ef22a8..6e10f210fd 100644
---- a/bin/named/include/named/interfacemgr.h
-+++ b/bin/named/include/named/interfacemgr.h
-@@ -45,6 +45,7 @@
- #include <isc/magic.h>
- #include <isc/mem.h>
- #include <isc/socket.h>
-+#include <isc/refcount.h>
-
- #include <dns/result.h>
-
-@@ -75,11 +76,11 @@ struct ns_interface {
- /*%< UDP dispatchers. */
- isc_socket_t * tcpsocket; /*%< TCP socket. */
- isc_dscp_t dscp; /*%< "listen-on" DSCP value */
-- int32_t ntcpaccepting; /*%< Number of clients
-+ isc_refcount_t ntcpaccepting; /*%< Number of clients
- ready to accept new
- TCP connections on this
- interface */
-- int32_t ntcpactive; /*%< Number of clients
-+ isc_refcount_t ntcpactive; /*%< Number of clients
- servicing TCP queries
- (whether accepting or
- connected) */
-diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
-index d9f6df5802..135533be6b 100644
---- a/bin/named/interfacemgr.c
-+++ b/bin/named/interfacemgr.c
-@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
- * connections will be handled in parallel even though there is
- * only one client initially.
- */
-- ifp->ntcpaccepting = 0;
-- ifp->ntcpactive = 0;
-+ isc_refcount_init(&ifp->ntcpaccepting, 0);
-+ isc_refcount_init(&ifp->ntcpactive, 0);
-
- ifp->nudpdispatch = 0;
-
-@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
-
- ns_interfacemgr_detach(&ifp->mgr);
-
-+ isc_refcount_destroy(&ifp->ntcpactive);
-+ isc_refcount_destroy(&ifp->ntcpaccepting);
-+
- ifp->magic = 0;
- isc_mem_put(mctx, ifp, sizeof(*ifp));
- }
---
-2.18.1
-