diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-07-12 01:50:07 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-07-12 21:00:37 +0200 |
commit | ed7e9fe9c2c97215596d12888a7adc4a572a243b (patch) | |
tree | 9d18d75875177afa66edf95f7b2f3e49ac1c72f6 /source/n/bind | |
parent | cc2d429ab3734ba7a54b9e2bbbf8d0657e5b9c2d (diff) | |
download | current-ed7e9fe9c2c97215596d12888a7adc4a572a243b.tar.gz |
Thu Jul 12 01:50:07 UTC 201820180712015007
a/kernel-generic-4.14.55-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.55-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.55-x86_64-1.txz: Upgraded.
d/kernel-headers-4.14.55-x86-1.txz: Upgraded.
d/rust-1.27.1-x86_64-1.txz: Upgraded.
k/kernel-source-4.14.55-noarch-1.txz: Upgraded.
n/bind-9.13.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fixed a bug where extraordinarily large zone transfers caused several
problems, with possible outcomes including corrupted journal files or
server exit due to assertion failure.
Don't permit recursive query service to unauthorized clients.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738
(* Security fix *)
n/curl-7.61.0-x86_64-1.txz: Upgraded.
This update fixes a buffer overflow in SMTP send.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/n/bind')
-rwxr-xr-x | source/n/bind/bind.SlackBuild | 8 | ||||
-rw-r--r-- | source/n/bind/bind.libidn.patch | 297 |
2 files changed, 3 insertions, 302 deletions
diff --git a/source/n/bind/bind.SlackBuild b/source/n/bind/bind.SlackBuild index a5e16245..8839e31a 100755 --- a/source/n/bind/bind.SlackBuild +++ b/source/n/bind/bind.SlackBuild @@ -23,8 +23,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=bind -VERSION=${VERSION:-9.11.3} -BUILD=${BUILD:-4} +VERSION=${VERSION:-9.13.2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -72,9 +72,6 @@ cd ${PKGNAM}-$VERSION || exit 1 # upstream already, but an explicit #undef SO_BSDCOMPAT does not hurt: zcat $CWD/bind.so_bsdcompat.diff.gz | patch -p1 --verbose || exit -# Thanks to Fedora for libidn support patch: -zcat $CWD/bind.libidn.patch.gz | patch -p1 --verbose || exit 1 - # Make sure ownerships and permissions are sane: chown -R root:root . find . \ @@ -91,6 +88,7 @@ CFLAGS="$SLKCFLAGS" \ --sysconfdir=/etc \ --localstatedir=/var \ --with-libtool \ + --with-libidn2 \ --mandir=/usr/man \ --enable-shared \ --disable-static \ diff --git a/source/n/bind/bind.libidn.patch b/source/n/bind/bind.libidn.patch deleted file mode 100644 index 6e042be7..00000000 --- a/source/n/bind/bind.libidn.patch +++ /dev/null @@ -1,297 +0,0 @@ -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in -index bd219c5..f71685b 100644 ---- a/bin/dig/Makefile.in -+++ b/bin/dig/Makefile.in -@@ -38,10 +38,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} \ - ${ISCCFGDEPLIBS} ${LWRESDEPLIBS} - - LIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn - - NOSYMLIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn - - SUBDIRS = - -@@ -59,6 +59,8 @@ HTMLPAGES = dig.html host.html nslookup.html - - MANOBJS = ${MANPAGES} ${HTMLPAGES} - -+EXT_CFLAGS = -DWITH_LIBIDN -+ - @BIND9_MAKE_RULES@ - - dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook -index 7a7e8e4..b36047f 100644 ---- a/bin/dig/dig.docbook -+++ b/bin/dig/dig.docbook -@@ -1251,8 +1251,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr - <command>dig</command> appropriately converts character encoding of - domain name before sending a request to DNS server or displaying a - reply from the server. -- If you'd like to turn off the IDN support for some reason, defines -- the <envar>IDN_DISABLE</envar> environment variable. -+ If you'd like to turn off the IDN support for some reason, define -+ the <envar>CHARSET=ASCII</envar> environment variable. - The IDN support is disabled if the variable is set when - <command>dig</command> runs. - </para> -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 1f8bcf2..f657c30 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -33,6 +33,11 @@ - #include <idn/api.h> - #endif - -+#ifdef WITH_LIBIDN -+#include <stringprep.h> -+#include <idna.h> -+#endif -+ - #include <dns/byaddr.h> - #ifdef DIG_SIGCHASE - #include <dns/callbacks.h> -@@ -158,6 +163,14 @@ static void idn_check_result(idn_result_t r, const char *msg); - int idnoptions = 0; - #endif - -+#ifdef WITH_LIBIDN -+static isc_result_t libidn_locale_to_utf8 (const char* from, char *to); -+static isc_result_t libidn_utf8_to_ascii (const char* from, char *to); -+static isc_result_t output_filter (isc_buffer_t *buffer, -+ unsigned int used_org, -+ isc_boolean_t absolute); -+#endif -+ - isc_socket_t *keep = NULL; - isc_sockaddr_t keepaddr; - -@@ -1448,8 +1461,15 @@ setup_system(isc_boolean_t ipv4only, isc_boolean_t ipv6only) { - - #ifdef WITH_IDN - initialize_idn(); -+ -+#endif -+#ifdef WITH_LIBIDN -+ result = dns_name_settotextfilter(output_filter); -+ check_result(result, "dns_name_settotextfilter"); -+#ifdef HAVE_SETLOCALE -+ setlocale (LC_ALL, ""); -+#endif - #endif -- - if (keyfile[0] != 0) - setup_file_key(); - else if (keysecret[0] != 0) -@@ -2231,8 +2251,11 @@ setup_lookup(dig_lookup_t *lookup) { - idn_result_t mr; - char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; - #endif -+#ifdef WITH_LIBIDN -+ char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME]; -+#endif - --#ifdef WITH_IDN -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) - result = dns_name_settotextfilter(lookup->idnout ? - output_filter : NULL); - check_result(result, "dns_name_settotextfilter"); -@@ -2274,6 +2297,14 @@ setup_lookup(dig_lookup_t *lookup) { - mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, - utf8_textname, sizeof(utf8_textname)); - idn_check_result(mr, "convert textname to UTF-8"); -+#elif defined (WITH_LIBIDN) -+ result = libidn_locale_to_utf8 (lookup->textname, utf8_str); -+ check_result (result, "convert textname to UTF-8"); -+ len = strlen (utf8_str); -+ if (len < MXNAME) -+ (void) strcpy (utf8_name, utf8_str); -+ else -+ fatal ("Too long name"); - #endif - - /* -@@ -2286,15 +2317,11 @@ setup_lookup(dig_lookup_t *lookup) { - if (lookup->new_search) { - #ifdef WITH_IDN - if ((count_dots(utf8_textname) >= ndots) || !usesearch) { -- lookup->origin = NULL; /* Force abs lookup */ -- lookup->done_as_is = ISC_TRUE; -- lookup->need_search = usesearch; -- } else if (lookup->origin == NULL && usesearch) { -- lookup->origin = ISC_LIST_HEAD(search_list); -- lookup->need_search = ISC_FALSE; -- } -+#elif defined (WITH_LIBIDN) -+ if ((count_dots(utf8_name) >= ndots) || !usesearch) { - #else - if ((count_dots(lookup->textname) >= ndots) || !usesearch) { -+#endif - lookup->origin = NULL; /* Force abs lookup */ - lookup->done_as_is = ISC_TRUE; - lookup->need_search = usesearch; -@@ -2302,7 +2329,6 @@ setup_lookup(dig_lookup_t *lookup) { - lookup->origin = ISC_LIST_HEAD(search_list); - lookup->need_search = ISC_FALSE; - } --#endif - } - - #ifdef WITH_IDN -@@ -2319,6 +2345,20 @@ setup_lookup(dig_lookup_t *lookup) { - IDN_IDNCONV | IDN_LENCHECK, utf8_textname, - idn_textname, sizeof(idn_textname)); - idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); -+#elif defined (WITH_LIBIDN) -+ if (lookup->origin != NULL) { -+ result = libidn_locale_to_utf8 (lookup->origin->origin, utf8_str); -+ check_result (result, "convert origin to UTF-8"); -+ if (len > 0 && utf8_name[len - 1] != '.') { -+ utf8_name[len++] = '.'; -+ if (len + strlen (utf8_str) < MXNAME) -+ (void) strcpy (utf8_name + len, utf8_str); -+ else -+ fatal ("Too long name + origin"); -+ } -+ } -+ -+ result = libidn_utf8_to_ascii (utf8_name, ascii_name); - #else - if (lookup->origin != NULL) { - debug("trying origin %s", lookup->origin->origin); -@@ -2389,6 +2429,13 @@ setup_lookup(dig_lookup_t *lookup) { - result = dns_name_fromtext(lookup->name, &b, - dns_rootname, 0, - &lookup->namebuf); -+#elif defined (WITH_LIBIDN) -+ len = strlen (ascii_name); -+ isc_buffer_init(&b, ascii_name, len); -+ isc_buffer_add(&b, len); -+ result = dns_name_fromtext(lookup->name, &b, -+ dns_rootname, 0, -+ &lookup->namebuf); - #else - len = (unsigned int) strlen(lookup->textname); - isc_buffer_init(&b, lookup->textname, len); -@@ -4377,7 +4424,7 @@ destroy_libs(void) { - void * ptr; - dig_message_t *chase_msg; - #endif --#ifdef WITH_IDN -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) - isc_result_t result; - #endif - -@@ -4418,6 +4465,10 @@ destroy_libs(void) { - result = dns_name_settotextfilter(NULL); - check_result(result, "dns_name_settotextfilter"); - #endif -+#ifdef WITH_LIBIDN -+ result = dns_name_settotextfilter (NULL); -+ check_result(result, "clearing dns_name_settotextfilter"); -+#endif - dns_name_destroy(); - - if (commctx != NULL) { -@@ -4603,6 +4654,97 @@ idn_check_result(idn_result_t r, const char *msg) { - } - } - #endif /* WITH_IDN */ -+#ifdef WITH_LIBIDN -+static isc_result_t -+libidn_locale_to_utf8 (const char *from, char *to) { -+ char *utf8_str; -+ -+ debug ("libidn_locale_to_utf8"); -+ utf8_str = stringprep_locale_to_utf8 (from); -+ if (utf8_str != NULL) { -+ (void) strcpy (to, utf8_str); -+ free (utf8_str); -+ return ISC_R_SUCCESS; -+ } -+ -+ debug ("libidn_locale_to_utf8: failure"); -+ return ISC_R_FAILURE; -+} -+static isc_result_t -+libidn_utf8_to_ascii (const char *from, char *to) { -+ char *ascii; -+ int iresult; -+ -+ debug ("libidn_utf8_to_ascii"); -+ iresult = idna_to_ascii_8z (from, &ascii, 0); -+ if (iresult != IDNA_SUCCESS) { -+ debug ("idna_to_ascii_8z: %s", idna_strerror (iresult)); -+ return ISC_R_FAILURE; -+ } -+ -+ (void) strcpy (to, ascii); -+ free (ascii); -+ return ISC_R_SUCCESS; -+} -+ -+static isc_result_t -+output_filter (isc_buffer_t *buffer, unsigned int used_org, -+ isc_boolean_t absolute) { -+ -+ char tmp1[MXNAME], *tmp2; -+ size_t fromlen, tolen; -+ isc_boolean_t end_with_dot; -+ int iresult; -+ -+ debug ("output_filter"); -+ -+ fromlen = isc_buffer_usedlength (buffer) - used_org; -+ if (fromlen >= MXNAME) -+ return ISC_R_SUCCESS; -+ memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org, fromlen); -+ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; -+ if (absolute && !end_with_dot) { -+ fromlen++; -+ if (fromlen >= MXNAME) -+ return ISC_R_SUCCESS; -+ tmp1[fromlen - 1] = '.'; -+ } -+ tmp1[fromlen] = '\0'; -+ -+ iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0); -+ if (iresult != IDNA_SUCCESS) { -+ debug ("output_filter: %s", idna_strerror (iresult)); -+ return ISC_R_SUCCESS; -+ } -+ -+ (void) strcpy (tmp1, tmp2); -+ free (tmp2); -+ -+ tmp2 = stringprep_utf8_to_locale (tmp1); -+ if (tmp2 == NULL) { -+ debug ("output_filter: stringprep_utf8_to_locale failed"); -+ return ISC_R_SUCCESS; -+ } -+ -+ (void) strcpy (tmp1, tmp2); -+ free (tmp2); -+ -+ tolen = strlen (tmp1); -+ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') -+ tolen--; -+ -+ if (isc_buffer_length (buffer) < used_org + tolen) -+ return ISC_R_NOSPACE; -+ -+ debug ("%s", tmp1); -+ -+ isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) - used_org); -+ memcpy (isc_buffer_used (buffer), tmp1, tolen); -+ isc_buffer_add (buffer, tolen); -+ -+ return ISC_R_SUCCESS; -+} -+#endif /* WITH_LIBIDN*/ - - #ifdef DIG_SIGCHASE - void |