diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2021-12-09 01:18:03 +0100 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2021-12-09 01:24:37 +0100 |
commit | 4ca0e9d5f77ec309a5a8a7eba3d97fd3bb4852d5 (patch) | |
tree | 9c451d9d3085f1e28ebe8ec87aa0cd82800d0111 | |
parent | e5e307b6768088e35be0c7526f25a3e16d93c242 (diff) |
gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219].
* gnu/packages/dns.scm (isc-bind): Update to 9.16.23.
[source]: Add patch.
* gnu/packages/patches/bind-re-add-attr-constructor-priority.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/dns.scm | 20 | ||||
-rw-r--r-- | gnu/packages/patches/bind-re-add-attr-constructor-priority.patch | 57 |
3 files changed, 69 insertions, 9 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index d8b9a78949..2afd025b52 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -879,6 +879,7 @@ dist_patch_DATA = \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/bc-fix-cross-compilation.patch \ %D%/packages/patches/bear-disable-preinstall-tests.patch \ + %D%/packages/patches/bind-re-add-attr-constructor-priority.patch \ %D%/packages/patches/brightnessctl-elogind-support.patch \ %D%/packages/patches/bsd-games-2.17-64bit.patch \ %D%/packages/patches/bsd-games-add-configure-config.patch \ diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index 0c2e037b4f..c4c4bd2b3a 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -373,15 +373,17 @@ and BOOTP/TFTP for network booting of diskless machines.") ;; When updating, check whether isc-dhcp's bundled copy should be as well. ;; The BIND release notes are available here: ;; https://www.isc.org/bind/ - (version "9.16.16") - (source (origin - (method url-fetch) - (uri (string-append - "https://ftp.isc.org/isc/bind9/" version - "/bind-" version ".tar.xz")) - (sha256 - (base32 - "0yqxfq7qc26x7qhk0nkp8h7x9jggzaafm712bvfffy7qml13k4bc")))) + (version "9.16.23") + (source + (origin + (method url-fetch) + (uri (string-append + "https://ftp.isc.org/isc/bind9/" version + "/bind-" version ".tar.xz")) + (sha256 + (base32 "0g0pxzhzcz6nzkiab4cs9sgbjdzqgy44aa477v7akdlwm8kmxnyy")) + (patches + (search-patches "bind-re-add-attr-constructor-priority.patch")))) (build-system gnu-build-system) (outputs `("out" "utils")) (inputs diff --git a/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch new file mode 100644 index 0000000000..5d6765dd92 --- /dev/null +++ b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch @@ -0,0 +1,57 @@ +From 6361de07a35f2e9dc1d7201d6b26ca31da93ee69 Mon Sep 17 00:00:00 2001 +From: Tobias Geerinckx-Rice <me@tobias.gr> +Date: Thu, 9 Dec 2021 01:07:32 +0100 +Subject: [PATCH] Revert "Remove priority from attribute + constructor/destructor" + +This reverts commit 0340df46ec5897636dd071bc8b5c4272cfa7d7be. It works +around an irrelevant operating system and breaks compilation on Guix: + +mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed +/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 1: 13768 Aborted ./${fuzzer} + +Let's simply revert it for now---there are securities at stake! +--- + lib/isc/include/isc/util.h | 8 ++++---- + lib/isc/lib.c | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h +index f0f7f85fa4..64c26587ac 100644 +--- a/lib/isc/include/isc/util.h ++++ b/lib/isc/include/isc/util.h +@@ -49,11 +49,11 @@ + #endif /* __GNUC__ */ + + #if HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR && HAVE_FUNC_ATTRIBUTE_DESTRUCTOR +-#define ISC_CONSTRUCTOR __attribute__((constructor)) +-#define ISC_DESTRUCTOR __attribute__((destructor)) ++#define ISC_CONSTRUCTOR(priority) __attribute__((constructor(priority))) ++#define ISC_DESTRUCTOR(priority) __attribute__((destructor(priority))) + #elif WIN32 +-#define ISC_CONSTRUCTOR +-#define ISC_DESTRUCTOR ++#define ISC_CONSTRUCTOR(priority) ++#define ISC_DESTRUCTOR(priority) + #endif + + /*% +diff --git a/lib/isc/lib.c b/lib/isc/lib.c +index f3576b2659..2a167fec21 100644 +--- a/lib/isc/lib.c ++++ b/lib/isc/lib.c +@@ -35,9 +35,9 @@ isc_lib_register(void) { + } + + void +-isc__initialize(void) ISC_CONSTRUCTOR; ++isc__initialize(void) ISC_CONSTRUCTOR(101); + void +-isc__shutdown(void) ISC_DESTRUCTOR; ++isc__shutdown(void) ISC_DESTRUCTOR(101); + + void + isc__initialize(void) { +-- +2.34.0 + |