From 6d38be8e0c96582d516accca89e6405bf1b9df34 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 23 Apr 2013 11:40:28 +0000 Subject: [PATCH] bind: update to 9.9.2-P2 (CVE-2013-2266) SVN-Revision: 36404 --- net/bind/Makefile | 4 +- net/bind/patches/001-no-tests.patch | 2 +- net/bind/patches/002-no-ecdsa-testing.patch | 43 +++++++++++++++++++++ 3 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 net/bind/patches/002-no-ecdsa-testing.patch diff --git a/net/bind/Makefile b/net/bind/Makefile index 06929f5ef..433b54e55 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.9.1-P3 +PKG_VERSION:=9.9.2-P2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ ftp://ftp.isc.org/isc/bind9/$(PKG_VERSION) \ http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_MD5SUM:=8f407c9a988d7b447a54b4cb54230dcb +PKG_MD5SUM:=2be7763c99b7e7b42ac3a18a267ce1aa PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 diff --git a/net/bind/patches/001-no-tests.patch b/net/bind/patches/001-no-tests.patch index c4dc5338d..5fc17875c 100644 --- a/net/bind/patches/001-no-tests.patch +++ b/net/bind/patches/001-no-tests.patch @@ -6,7 +6,7 @@ -SUBDIRS = named rndc dig dnssec tests tools nsupdate \ +SUBDIRS = named rndc dig dnssec tools nsupdate \ - check confgen @PKCS11_TOOLS@ + check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ TARGETS = --- a/lib/Makefile.in diff --git a/net/bind/patches/002-no-ecdsa-testing.patch b/net/bind/patches/002-no-ecdsa-testing.patch new file mode 100644 index 000000000..901e24657 --- /dev/null +++ b/net/bind/patches/002-no-ecdsa-testing.patch @@ -0,0 +1,43 @@ +--- a/configure.in ++++ b/configure.in +@@ -763,40 +763,6 @@ esac + AC_MSG_RESULT(no) + fi + +- AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) +- +- AC_MSG_CHECKING(for OpenSSL ECDSA support) +- have_ecdsa="" +- AC_TRY_RUN([ +-#include +-#include +-#include +-int main() { +- EC_KEY *ec256, *ec384; +- +-#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384) +- return (1); +-#endif +- ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); +- if (ec256 == NULL || ec384 == NULL) +- return (2); +- return (0); +-} +-], +- [AC_MSG_RESULT(yes) +- have_ecdsa="yes"], +- [AC_MSG_RESULT(no) +- have_ecdsa="no"]) +- case $have_ecdsa in +- yes) +- OPENSSL_ECDSA="yes" +- AC_DEFINE(HAVE_OPENSSL_ECDSA) +- ;; +- *) +- ;; +- esac +- + AC_MSG_CHECKING(for OpenSSL GOST support) + have_gost="" + AC_TRY_RUN([ -- 2.30.2