[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
09/09: gnu: bind: Update to 9.12.4-P1 [fixes CVE-2018-5743, CVE-2019-646
From: |
guix-commits |
Subject: |
09/09: gnu: bind: Update to 9.12.4-P1 [fixes CVE-2018-5743, CVE-2019-6467]. |
Date: |
Wed, 24 Apr 2019 22:44:48 -0400 (EDT) |
nckx pushed a commit to branch master
in repository guix.
commit 0406434baaf180af51c02c2cee02d972356047b3
Author: Tobias Geerinckx-Rice <address@hidden>
Date: Thu Apr 25 04:35:50 2019 +0200
gnu: bind: Update to 9.12.4-P1 [fixes CVE-2018-5743, CVE-2019-6467].
* gnu/packages/dns.scm (isc-bind): Update to 9.12.4-P1.
[source]: Add patch.
[inputs]: Add python and python-ply.
* packages/patches/bind-fix-unused-pk11-ecc-constants.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 1 +
gnu/packages/dns.scm | 11 ++++--
.../bind-fix-unused-pk11-ecc-constants.patch | 43 ++++++++++++++++++++++
3 files changed, 52 insertions(+), 3 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 7073181..82a74c7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -682,6 +682,7 @@ dist_patch_DATA =
\
%D%/packages/patches/beets-python-3.7-fix.patch \
%D%/packages/patches/beignet-correct-file-names.patch \
%D%/packages/patches/biber-fix-encoding-write.patch \
+ %D%/packages/patches/bind-fix-unused-pk11-ecc-constants.patch \
%D%/packages/patches/binutils-loongson-workaround.patch \
%D%/packages/patches/blender-2.79-newer-ffmpeg.patch \
%D%/packages/patches/blender-2.79-python-3.7-fix.patch \
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 24b6384..6a8f49f 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -51,6 +51,7 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages protobuf)
#:use-module (gnu packages python)
+ #:use-module (gnu packages python-xyz)
#:use-module (gnu packages swig)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
@@ -106,7 +107,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
(define-public isc-bind
(package
(name "bind")
- (version "9.12.3-P4")
+ (version "9.12.4-P1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -114,7 +115,9 @@ and BOOTP/TFTP for network booting of diskless machines.")
"/bind-" version ".tar.gz"))
(sha256
(base32
- "01pj47z5582rd538dmbzf1msw4jc8j4zr0zx4ciy88r6qr9l80fi"))))
+ "1if7zc5gzrfd28csc63v9bjwrc0rgvm1x9yx058946hc5gp5lyp2"))
+ (patches
+ (search-patches "bind-fix-unused-pk11-ecc-constants.patch"))))
(build-system gnu-build-system)
(outputs `("out" "utils"))
(inputs
@@ -122,7 +125,9 @@ and BOOTP/TFTP for network booting of diskless machines.")
`(("libcap" ,libcap)
("libxml2" ,libxml2)
("openssl" ,openssl)
- ("p11-kit" ,p11-kit)))
+ ("p11-kit" ,p11-kit)
+ ("python" ,python)
+ ("python-ply" ,python-ply)))
(native-inputs `(("perl" ,perl)
("net-tools" ,net-tools)))
(arguments
diff --git a/gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch
b/gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch
new file mode 100644
index 0000000..ab7cc83
--- /dev/null
+++ b/gnu/packages/patches/bind-fix-unused-pk11-ecc-constants.patch
@@ -0,0 +1,43 @@
+From: Tobias Geerinckx-Rice <address@hidden>
+Date: Thu, 25 Apr 2019 04:36:52 +0200
+Subject: [PATCH] gnu: bind: Fix unused PKCS#11 ECC constants.
+
+Without this patch, the build fails:
+
+ pkcs11-keygen.c: In function ‘main’:
+ pkcs11-keygen.c:424:32: error: ‘pk11_ecc_prime256v1’ undeclared (first use
in this function)
+ public_template[4].pValue = pk11_ecc_prime256v1;
+ ^
+ pkcs11-keygen.c:424:32: note: each undeclared identifier is reported only
once for each function it appears in
+ pkcs11-keygen.c:428:32: error: ‘pk11_ecc_secp384r1’ undeclared (first use in
this function)
+ public_template[4].pValue = pk11_ecc_secp384r1;
+ ^
+ make[2]: *** [Makefile:217: pkcs11-keygen.o] Error 1
+
+Fix copied verbatim from upstream[0].
+
+[0]: https://gitlab.isc.org/isc-projects/bind9/issues/935
+
+---
+--- orig-bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-02-27
15:28:15.000000000 -0800
++++ bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-03-11 09:20:50.955257469
-0700
+@@ -403,6 +403,10 @@
+ public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
+ break;
+ case key_ecc:
++#if !defined(HAVE_PKCS11_ECDSA)
++ fprintf(stderr, "prime256v1 and secp3841r1 is not supported\n");
++ usage();
++#else
+ op_type = OP_EC;
+ if (bits == 0)
+ bits = 256;
+@@ -429,7 +433,7 @@
+ public_template[4].ulValueLen =
+ sizeof(pk11_ecc_secp384r1);
+ }
+-
++#endif
+ break;
+ case key_ecx:
+ #if !defined(CKM_EDDSA_KEY_PAIR_GEN)
- branch master updated (ecb33b8 -> 0406434), guix-commits, 2019/04/24
- 06/09: gnu, guix: Yearly ritual purging of the filesystems., guix-commits, 2019/04/24
- 09/09: gnu: bind: Update to 9.12.4-P1 [fixes CVE-2018-5743, CVE-2019-6467].,
guix-commits <=
- 08/09: gnu: r-yamss: Fix typo in description., guix-commits, 2019/04/24
- 07/09: gnu: python-dill: Fix typo in description., guix-commits, 2019/04/24
- 05/09: gnu: bubblewrap: Edit description., guix-commits, 2019/04/24
- 03/09: gnu: libimobiledevice: Edit description., guix-commits, 2019/04/24
- 04/09: gnu: perl-filesys-notify-simple: Edit description., guix-commits, 2019/04/24
- 02/09: gnu: libsvm: Update to 3.23., guix-commits, 2019/04/24
- 01/09: gnu: openfst: Update to 1.7.2., guix-commits, 2019/04/24