From b0de707ddc7203a412fcd460b697ab21f7f43431 Mon Sep 17 00:00:00 2001 From: Kevin Daudt Date: Sat, 21 Aug 2021 16:37:33 +0000 Subject: main/bind: patch map format The latest version of BIND forgot to increment the API version, resulting into assertion errors when reading older zones. See: https://www.openwall.com/lists/oss-security/2021/08/20/2 --- main/bind/APKBUILD | 4 +++- main/bind/bind-9.16.20-map-format-fix.patch | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 main/bind/bind-9.16.20-map-format-fix.patch diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD index 2ccee0ca681..b1550e5cd8f 100644 --- a/main/bind/APKBUILD +++ b/main/bind/APKBUILD @@ -10,7 +10,7 @@ _ver=${pkgver%_p*} _p=${pkgver#*_p} _major=${pkgver%%.*} [ "$_p" != "$pkgver" ] && _ver="$_ver-P$_p" -pkgrel=0 +pkgrel=1 pkgdesc="The ISC DNS server" url="https://www.isc.org/" arch="all" @@ -57,6 +57,7 @@ source=" named.conf.recursive 127.zone localhost.zone + bind-9.16.20-map-format-fix.patch " # secfixes: @@ -281,4 +282,5 @@ d2f61d02d7829af51faf14fbe2bafe8bc90087e6b6697c6275a269ebbddcaa14a234fff5c41da793 3aba9763cfaf0880a89fd01202f41406b465547296ce91373eb999ea7719040bc1ac4e47b0de025a8060f693d3d88774a20d09a43fa7ac6aa43989b58b5ee8fe named.conf.recursive eed9886717539399518e011ae5eae6335aed4fae019e1def088c5be26bdc896c99c07adf84ee61babafa31d31ff3b028263d1c88d2eee17ecf4c95a9d77d524c 127.zone 340e86472a2c2746fe585c0aa5f079d3a9b46e828c1f53d48026533a169b7f77ded7d0a13d291d6962607bb9481456e6fa69df1834603e7555332615fb998f0b localhost.zone +d9224712ee2c6f6d0ff483ed253497548935fe35f45e5bdf26c9bd25c6234adde00727df7eb49fbfbfb34aad9d9fa0f112e900804794ad90a5cd8a64e9db61c6 bind-9.16.20-map-format-fix.patch " diff --git a/main/bind/bind-9.16.20-map-format-fix.patch b/main/bind/bind-9.16.20-map-format-fix.patch new file mode 100644 index 00000000000..f6e3c9b3782 --- /dev/null +++ b/main/bind/bind-9.16.20-map-format-fix.patch @@ -0,0 +1,8 @@ +--- a/lib/dns/mapapi ++++ b/lib/dns/mapapi +@@ -13,4 +13,4 @@ + # Whenever releasing a new major release of BIND9, set this value + # back to 1.0 when releasing the first alpha. Map files are *never* + # compatible across major releases. +-MAPAPI=2.0 ++MAPAPI=3.0 -- cgit v1.2.3