01/02: gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-2521

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-2521

From:	guix-commits
Subject:	01/02: gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219].
Date:	Wed, 8 Dec 2021 19:28:05 -0500 (EST)

nckx pushed a commit to branch master
in repository guix.

commit 4ca0e9d5f77ec309a5a8a7eba3d97fd3bb4852d5
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Thu Dec 9 01:18:03 2021 +0100

    gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219].
    
    * gnu/packages/dns.scm (isc-bind): Update to 9.16.23.
    [source]: Add patch.
    * gnu/packages/patches/bind-re-add-attr-constructor-priority.patch:
    New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/dns.scm                               | 20 ++++----
 .../bind-re-add-attr-constructor-priority.patch    | 57 ++++++++++++++++++++++
 3 files changed, 69 insertions(+), 9 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index d8b9a78..2afd025 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -879,6 +879,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/bazaar-CVE-2017-14176.patch             \
   %D%/packages/patches/bc-fix-cross-compilation.patch          \
   %D%/packages/patches/bear-disable-preinstall-tests.patch     \
+  %D%/packages/patches/bind-re-add-attr-constructor-priority.patch     \
   %D%/packages/patches/brightnessctl-elogind-support.patch     \
   %D%/packages/patches/bsd-games-2.17-64bit.patch              \
   %D%/packages/patches/bsd-games-add-configure-config.patch    \
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 0c2e037..c4c4bd2 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -373,15 +373,17 @@ and BOOTP/TFTP for network booting of diskless machines.")
     ;; When updating, check whether isc-dhcp's bundled copy should be as well.
     ;; The BIND release notes are available here:
     ;; https://www.isc.org/bind/
-    (version "9.16.16")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://ftp.isc.org/isc/bind9/"; version
-                    "/bind-" version ".tar.xz"))
-              (sha256
-               (base32
-                "0yqxfq7qc26x7qhk0nkp8h7x9jggzaafm712bvfffy7qml13k4bc"))))
+    (version "9.16.23")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://ftp.isc.org/isc/bind9/"; version
+             "/bind-" version ".tar.xz"))
+       (sha256
+        (base32 "0g0pxzhzcz6nzkiab4cs9sgbjdzqgy44aa477v7akdlwm8kmxnyy"))
+       (patches
+        (search-patches "bind-re-add-attr-constructor-priority.patch"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
diff --git a/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch 
b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch
new file mode 100644
index 0000000..5d6765d
--- /dev/null
+++ b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch
@@ -0,0 +1,57 @@
+From 6361de07a35f2e9dc1d7201d6b26ca31da93ee69 Mon Sep 17 00:00:00 2001
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Thu, 9 Dec 2021 01:07:32 +0100
+Subject: [PATCH] Revert "Remove priority from attribute
+ constructor/destructor"
+
+This reverts commit 0340df46ec5897636dd071bc8b5c4272cfa7d7be.  It works
+around an irrelevant operating system and breaks compilation on Guix:
+
+mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) 
== 0) ? 0 : 34) == 0) failed
+/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 
1: 13768 Aborted                 ./${fuzzer}
+
+Let's simply revert it for now---there are securities at stake!
+---
+ lib/isc/include/isc/util.h | 8 ++++----
+ lib/isc/lib.c              | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h
+index f0f7f85fa4..64c26587ac 100644
+--- a/lib/isc/include/isc/util.h
++++ b/lib/isc/include/isc/util.h
+@@ -49,11 +49,11 @@
+ #endif /* __GNUC__ */
+ 
+ #if HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR && HAVE_FUNC_ATTRIBUTE_DESTRUCTOR
+-#define ISC_CONSTRUCTOR __attribute__((constructor))
+-#define ISC_DESTRUCTOR        __attribute__((destructor))
++#define ISC_CONSTRUCTOR(priority) __attribute__((constructor(priority)))
++#define ISC_DESTRUCTOR(priority)  __attribute__((destructor(priority)))
+ #elif WIN32
+-#define ISC_CONSTRUCTOR
+-#define ISC_DESTRUCTOR
++#define ISC_CONSTRUCTOR(priority)
++#define ISC_DESTRUCTOR(priority)
+ #endif
+ 
+ /*%
+diff --git a/lib/isc/lib.c b/lib/isc/lib.c
+index f3576b2659..2a167fec21 100644
+--- a/lib/isc/lib.c
++++ b/lib/isc/lib.c
+@@ -35,9 +35,9 @@ isc_lib_register(void) {
+ }
+ 
+ void
+-isc__initialize(void) ISC_CONSTRUCTOR;
++isc__initialize(void) ISC_CONSTRUCTOR(101);
+ void
+-isc__shutdown(void) ISC_DESTRUCTOR;
++isc__shutdown(void) ISC_DESTRUCTOR(101);
+ 
+ void
+ isc__initialize(void) {
+-- 
+2.34.0
+

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (e5e307b -> 37186ec), guix-commits, 2021/12/08
- 02/02: gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219]., guix-commits, 2021/12/08
- 01/02: gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219]., guix-commits <=

Prev by Date: 02/02: gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219].
Next by Date: branch master updated (e5e307b -> 37186ec)
Previous by thread: 02/02: gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219].
Next by thread: branch master updated: gnu: tiramisu: Update to 2.0.20211107.
Index(es):
- Date
- Thread