From patchwork Wed Sep 18 17:01:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1164106 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="OJYEuDge"; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46YR8L6LtWz9s4Y for ; Thu, 19 Sep 2019 03:01:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 33D9821F5A; Wed, 18 Sep 2019 17:01:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sGftfTP8iUoG; Wed, 18 Sep 2019 17:01:14 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id DB04E20131; Wed, 18 Sep 2019 17:01:14 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 46FD71BF3EF for ; Wed, 18 Sep 2019 17:01:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 413B386457 for ; Wed, 18 Sep 2019 17:01:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KjC5T5CYbCk for ; Wed, 18 Sep 2019 17:01:12 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by whitealder.osuosl.org (Postfix) with ESMTPS id B9A3C85693 for ; Wed, 18 Sep 2019 17:01:11 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id b24so858616wmj.5 for ; Wed, 18 Sep 2019 10:01:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=FigdCZnRn+KvlzvdDRxB/QJP6HUnHEsvCryXEX5Bn/w=; b=OJYEuDgeyIWKHf0n7o95qCteDGSF6Dpj/RQbNCAmDEvUFhKkuozAwQNcAjKAC1jeaE v4zX1XSyVRBR9oW5+8z4m/0gqCNh6UhJsz2rAUYz9t/xtA/ULA8q50fZ5J4M73PKh/Ip iZM6vR/a7zMDQOL0egh0o78+5yvHOtspjI3z3QRt+N4WnIwyR3+ciuu/9sXexon+Gb1R Q79qG7bIjX9zrbweRqPUZKAOg4EyAWcd27AJtdowJRhG41n6vDV5ne5vPj6+M6PjWLdi EdLJKAmkMhvmRl6AUllg/e8CajNYJziXMOL2G0PdxN72mnrF48whBN+h0/yyotuQr/uH PDyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=FigdCZnRn+KvlzvdDRxB/QJP6HUnHEsvCryXEX5Bn/w=; b=F/86BQXUeASON6CxlrAnwstQHkW6DvVQLQQUR/RWiDNKGc2n+qc1bsmQh+wJN27GS3 BGhWLcoTjKxHUXsLnM1jOZxCX8qN8paQv5le1cHREt7c4W0LBq+F8aznFUpl4xCaCrQ/ TtBaN4GaN8y+UgLlm1f2oSDYzrEnr1LjBCi3GDGV84UzVbRcUwUm6iTa7u50LhLgCtyb purdRthTcx2h3muug+sM0eCizka0WoW/bCzwt0VYeoSk0/tmUWgL4pIho8oiXZifJ/pm TqGM9OJ7lgSvj7lGPAcF88oTQwahFqDFgYruoV//foomn+MFDTcLaSYU6m4CVzu8UgOD PiRA== X-Gm-Message-State: APjAAAXlO/jBFmmonGR8ONKVmCuViIOcRo9TG/cENCdcY2hP9gBr2jvQ NjmXc+aygcZsRg4iU46nVouOdu0UNlc= X-Google-Smtp-Source: APXvYqz9NP4eVZxW7fUttQBhTNf48cq5QHhAQTvnioZDa9ZiN7PMwK0B6fxr9iny3j1pF4gxzkLCtA== X-Received: by 2002:a7b:cf12:: with SMTP id l18mr4040941wmg.25.1568826069740; Wed, 18 Sep 2019 10:01:09 -0700 (PDT) Received: from kali.home (lfbn-ren-1-605-248.w81-53.abo.wanadoo.fr. [81.53.181.248]) by smtp.gmail.com with ESMTPSA id b62sm4801951wmc.13.2019.09.18.10.01.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Sep 2019 10:01:08 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Wed, 18 Sep 2019 19:01:29 +0200 Message-Id: <20190918170129.30890-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/bind: security bump to version 9.11.10 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - Remove all patches except first one (already in version) - Update first patch - Fix CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure Signed-off-by: Fabrice Fontaine --- package/bind/0001-cross.patch | 13 +- ...perations-in-bin-named-client.c-with.patch | 133 ------------------ ...n_driver.c-fix-build-without-dlfcn.h.patch | 28 ---- package/bind/bind.hash | 4 +- package/bind/bind.mk | 2 +- 5 files changed, 12 insertions(+), 168 deletions(-) delete mode 100644 package/bind/0002-Replace-atomic-operations-in-bin-named-client.c-with.patch delete mode 100644 package/bind/0002-dlz_open_driver.c-fix-build-without-dlfcn.h.patch diff --git a/package/bind/0001-cross.patch b/package/bind/0001-cross.patch index 5b4b1cd836..d3e7cc68a6 100644 --- a/package/bind/0001-cross.patch +++ b/package/bind/0001-cross.patch @@ -1,18 +1,23 @@ Use host compiler to build 'gen' since it's run when building. Signed-off-by: Gustavo Zacarias +[Fabrice: updated for 9.11.10] +Signed-off-by: Fabrice Fontaine diff -Nura bind-9.5.1-P1/lib/dns/Makefile.in bind-9.5.1-P1.gencross/lib/dns/Makefile.in --- bind-9.5.1-P1/lib/dns/Makefile.in 2007-09-11 22:09:08.000000000 -0300 +++ bind-9.5.1-P1.gencross/lib/dns/Makefile.in 2009-03-04 16:35:23.000000000 -0200 -@@ -160,8 +160,8 @@ - ./gen -s ${srcdir} > code.h +@@ -160,10 +160,8 @@ + ./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; } gen: gen.c - ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ -- ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS} +- ${LFS_CFLAGS} ${LFS_LDFLAGS} \ +- ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \ +- ${BUILD_LIBS} ${LFS_LIBS} + ${HOSTCC} ${HOST_CFLAGS} -I${top_srcdir}/lib/isc/include \ + ${HOST_LDFLAGS} -o $@ ${srcdir}/gen.c - rbtdb64.@O@: rbtdb.c + timestamp: include libdns.@A@ + touch timestamp diff --git a/package/bind/0002-Replace-atomic-operations-in-bin-named-client.c-with.patch b/package/bind/0002-Replace-atomic-operations-in-bin-named-client.c-with.patch deleted file mode 100644 index 2701de766a..0000000000 --- a/package/bind/0002-Replace-atomic-operations-in-bin-named-client.c-with.patch +++ /dev/null @@ -1,133 +0,0 @@ -From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= -Date: Wed, 17 Apr 2019 15:22:27 +0200 -Subject: [PATCH] Replace atomic operations in bin/named/client.c with - isc_refcount reference counting - -Signed-off-by: Peter Korsgaard ---- - bin/named/client.c | 18 +++++++----------- - bin/named/include/named/interfacemgr.h | 5 +++-- - bin/named/interfacemgr.c | 7 +++++-- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 845326abc0..29fecadca8 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { - static void - mark_tcp_active(ns_client_t *client, bool active) { - if (active && !client->tcpactive) { -- isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ isc_refcount_increment0(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } else if (!active && client->tcpactive) { -- uint32_t old = -- isc_atomic_xadd(&client->interface->ntcpactive, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } - } -@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { - if (client->mortal && TCP_CLIENT(client) && - client->newstate != NS_CLIENTSTATE_FREED && - !ns_g_clienttest && -- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ isc_refcount_current(&client->interface->ntcpaccepting) == 0) - { - /* Nobody else is accepting */ - client->mortal = false; -@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); - - /* - * We must take ownership of the new socket before the exit -@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -- (client->tcpactive ? 1 : 0)); -+ exit = (isc_refcount_current(&client->interface->ntcpactive) > -+ (client->tcpactive ? 1U : 0U)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- isc_atomic_xadd(&client->interface->ntcpaccepting, 1); -+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); - } - - static void -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 3535ef22a8..6e10f210fd 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -45,6 +45,7 @@ - #include - #include - #include -+#include - - #include - -@@ -75,11 +76,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int32_t ntcpaccepting; /*%< Number of clients -+ isc_refcount_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int32_t ntcpactive; /*%< Number of clients -+ isc_refcount_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index d9f6df5802..135533be6b 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcpaccepting = 0; -- ifp->ntcpactive = 0; -+ isc_refcount_init(&ifp->ntcpaccepting, 0); -+ isc_refcount_init(&ifp->ntcpactive, 0); - - ifp->nudpdispatch = 0; - -@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { - - ns_interfacemgr_detach(&ifp->mgr); - -+ isc_refcount_destroy(&ifp->ntcpactive); -+ isc_refcount_destroy(&ifp->ntcpaccepting); -+ - ifp->magic = 0; - isc_mem_put(mctx, ifp, sizeof(*ifp)); - } --- -2.11.0 - diff --git a/package/bind/0002-dlz_open_driver.c-fix-build-without-dlfcn.h.patch b/package/bind/0002-dlz_open_driver.c-fix-build-without-dlfcn.h.patch deleted file mode 100644 index 8b73e746e4..0000000000 --- a/package/bind/0002-dlz_open_driver.c-fix-build-without-dlfcn.h.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 92b738a0fe8a7d65346de9e6dd7a8f135ee29765 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Tue, 23 Apr 2019 22:45:25 +0200 -Subject: [PATCH] dlz_open_driver.c: fix build without dlfcn.h - -Signed-off-by: Fabrice Fontaine -[Upstream status: https://gitlab.isc.org/isc-projects/bind9/issues/995] ---- - bin/named/unix/dlz_dlopen_driver.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c -index 74d29ffa09..ab8a5c9493 100644 ---- a/bin/named/unix/dlz_dlopen_driver.c -+++ b/bin/named/unix/dlz_dlopen_driver.c -@@ -14,7 +14,9 @@ - #include - #include - #include -+#if HAVE_DLFCN_H - #include -+#endif - - #include - #include --- -2.20.1 - diff --git a/package/bind/bind.hash b/package/bind/bind.hash index cdd4bdd312..999c6602a8 100644 --- a/package/bind/bind.hash +++ b/package/bind/bind.hash @@ -1,4 +1,4 @@ -# Verified from https://ftp.isc.org/isc/bind9/9.11.6-P1/bind-9.11.6-P1.tar.gz.asc +# Verified from https://ftp.isc.org/isc/bind9/9.11.10/bind-9.11.10.tar.gz.asc # with key 156890685EA0DF6A1371EF2017CC5DB1F0088407 -sha256 58ace2abb4d048b67abcdef0649ecd6cbd3b0652734a41a1d34f942d5500f8ef bind-9.11.6-P1.tar.gz +sha256 b2bb840cda20e6771ae8c054007b4ec12e1bb6aa6bfe79102890eb94956a70c3 bind-9.11.10.tar.gz sha256 cd02c93b8dcda794f55dfd1231828d69633072a98eee4874f9cf732d22d9dcde COPYRIGHT diff --git a/package/bind/bind.mk b/package/bind/bind.mk index abbd784e12..08cad22d42 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -4,7 +4,7 @@ # ################################################################################ -BIND_VERSION = 9.11.6-P1 +BIND_VERSION = 9.11.10 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION) # bind does not support parallel builds. BIND_MAKE = $(MAKE1)