diff options
author | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-06-23 20:24:58 +0000 |
---|---|---|
committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-06-23 20:44:15 +0000 |
commit | 0114ee65efba18fb076f02326482b48b4b8f9e1a (patch) | |
tree | ef8028c6014c73354cbb472a50d6fc59c3219cb2 | |
parent | aaf594bc234db11d5ef457511b7b3cebb3bcba46 (diff) |
main/bind: upgrade to 9.11.8 (CVE-2019-6471)
Replace-atomic-operations.patch was an upstream patch that is now
included in the release.
-rw-r--r-- | main/bind/APKBUILD | 10 | ||||
-rw-r--r-- | main/bind/Replace-atomic-operations.patch | 132 |
2 files changed, 5 insertions, 137 deletions
diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD index 6205a769fcb..6406784634a 100644 --- a/main/bind/APKBUILD +++ b/main/bind/APKBUILD @@ -3,11 +3,11 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=bind -pkgver=9.11.6_p1 +pkgver=9.11.8 _ver=${pkgver%_p*} _p=${pkgver#*_p} [ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p" -pkgrel=1 +pkgrel=0 pkgdesc="The ISC DNS server" url="http://www.isc.org" arch="all" @@ -22,7 +22,6 @@ install="$pkgname.pre-install" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-tools py3-$pkgname:_py3 $pkgname-dnssec-tools:_dnssec_tools" source="http://ftp.isc.org/isc/bind9/${_ver}/bind-${_ver}.tar.gz - Replace-atomic-operations.patch bind.so_bsdcompat.patch named.initd named.confd @@ -34,6 +33,8 @@ source="http://ftp.isc.org/isc/bind9/${_ver}/bind-${_ver}.tar.gz " # secfixes: +# 9.11.8-r0: +# - CVE-2019-6471 # 9.11.6_p1-r0: # - CVE-2018-5743 # - CVE-2019-6467 @@ -186,8 +187,7 @@ tools() { done } -sha512sums="419aeeddeab7aef818b9043db7b21a847993444f663dca04e58ee97a0ebee0610cbc5a9422d17a6f0ee5d44598a2cbb5651e3b4e8c56708eaf923dca0a5c4c03 bind-9.11.6-P1.tar.gz -1022c0dff2d62ed7dc7a772c7fd50e908befc4cf93d42bdb8ecf1fdc29e9b8bb4042bd67dbf16ff5e54a380cadb5bba11aac60227bba582c7486cffb6ba29181 Replace-atomic-operations.patch +sha512sums="0192d6e087cdbdebec171869d908c4326c2575d65ee5367a78ed9da26de357e017b0306349d66a6016a7ec80ad27f5f7f9f2db25002c6d0c78589dc473a015fc bind-9.11.8.tar.gz 38c06e1f4834f9648cd5ee37175aeb52d31101123b5359f9df8553283f5dde98a827ba1d8786c0fc4c86012b5125c253b735e227df0cb2241213f05f88ae2b9e bind.so_bsdcompat.patch 196c0a3b43cf89e8e3547d7fb63a93ff9a3306505658dfd9aa78e6861be6b226580b424dd3dd44b955b2d9f682b1dc62c457f3ac29ce86200ef070140608c015 named.initd 127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf named.confd diff --git a/main/bind/Replace-atomic-operations.patch b/main/bind/Replace-atomic-operations.patch deleted file mode 100644 index cfbded6f809..00000000000 --- a/main/bind/Replace-atomic-operations.patch +++ /dev/null @@ -1,132 +0,0 @@ -From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Wed, 17 Apr 2019 15:22:27 +0200 -Subject: [PATCH] Replace atomic operations in bin/named/client.c with - isc_refcount reference counting - ---- - bin/named/client.c | 18 +++++++----------- - bin/named/include/named/interfacemgr.h | 5 +++-- - bin/named/interfacemgr.c | 7 +++++-- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 845326abc0..29fecadca8 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { - static void - mark_tcp_active(ns_client_t *client, bool active) { - if (active && !client->tcpactive) { -- isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ isc_refcount_increment0(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } else if (!active && client->tcpactive) { -- uint32_t old = -- isc_atomic_xadd(&client->interface->ntcpactive, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } - } -@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { - if (client->mortal && TCP_CLIENT(client) && - client->newstate != NS_CLIENTSTATE_FREED && - !ns_g_clienttest && -- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ isc_refcount_current(&client->interface->ntcpaccepting) == 0) - { - /* Nobody else is accepting */ - client->mortal = false; -@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); - - /* - * We must take ownership of the new socket before the exit -@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -- (client->tcpactive ? 1 : 0)); -+ exit = (isc_refcount_current(&client->interface->ntcpactive) > -+ (client->tcpactive ? 1U : 0U)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- isc_atomic_xadd(&client->interface->ntcpaccepting, 1); -+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); - } - - static void -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 3535ef22a8..6e10f210fd 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -45,6 +45,7 @@ - #include <isc/magic.h> - #include <isc/mem.h> - #include <isc/socket.h> -+#include <isc/refcount.h> - - #include <dns/result.h> - -@@ -75,11 +76,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int32_t ntcpaccepting; /*%< Number of clients -+ isc_refcount_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int32_t ntcpactive; /*%< Number of clients -+ isc_refcount_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index d9f6df5802..135533be6b 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcpaccepting = 0; -- ifp->ntcpactive = 0; -+ isc_refcount_init(&ifp->ntcpaccepting, 0); -+ isc_refcount_init(&ifp->ntcpactive, 0); - - ifp->nudpdispatch = 0; - -@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { - - ns_interfacemgr_detach(&ifp->mgr); - -+ isc_refcount_destroy(&ifp->ntcpactive); -+ isc_refcount_destroy(&ifp->ntcpaccepting); -+ - ifp->magic = 0; - isc_mem_put(mctx, ifp, sizeof(*ifp)); - } --- -2.18.1 - |