From patchwork Sun Nov 24 20:59:17 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Korsgaard <peter@korsgaard.com>
X-Patchwork-Id: 1200005
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.137;
	helo=fraxinus.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=korsgaard.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="SIYsbgt8"; dkim-atps=neutral
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 47LjG95cMVz9sPc
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Mon, 25 Nov 2019 07:59:29 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 791CE85B09;
	Sun, 24 Nov 2019 20:59:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id owVnUJHlsETW; Sun, 24 Nov 2019 20:59:25 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id A8728859D9;
	Sun, 24 Nov 2019 20:59:25 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id 7FD131BF20B
	for <buildroot@lists.busybox.net>;
	Sun, 24 Nov 2019 20:59:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 787372034A
	for <buildroot@lists.busybox.net>;
	Sun, 24 Nov 2019 20:59:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id hbA3CMXTZOFH for <buildroot@lists.busybox.net>;
	Sun, 24 Nov 2019 20:59:23 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com
	[209.85.221.67])
	by silver.osuosl.org (Postfix) with ESMTPS id DB2522000D
	for <buildroot@buildroot.org>; Sun, 24 Nov 2019 20:59:22 +0000 (UTC)
Received: by mail-wr1-f67.google.com with SMTP id w9so15151485wrr.0
	for <buildroot@buildroot.org>; Sun, 24 Nov 2019 12:59:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=ogpeepkTdxh606Q3DKQrY2Cn7QJZ6wjLAhTNTMQF5e0=;
	b=SIYsbgt8aKuA/U0XYvomuwoJm8S+o7bik7TCzr4edX3P0u6+tJK3QFS35ngSYVLE46
	dBMgAZB5J6oIZUZ3CWLJPCxihY475qXo1A2Qivn8XIhs0RraSVmwu3XQiyE4rSOwyR79
	sAjPJ3xsrGY+Zg9uCtIQ6IwJGubxBoWYAyTK6hK1iSBsC3styV/pogPoUWd9Roma2Rto
	cwKlA8YfFNtbfyYxT6K2Ns9tVWX4qRvAnxHFAJ4D6DU58hECll9Su0mwqD5n1Sc1AgKb
	MrjsJUEaK82BRW//hXXWZd9tSqU0jAuH5JTWgMBGgA7MWLZFm2gSg7il8lKVqZvTrrKH
	nrsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:mime-version:content-transfer-encoding;
	bh=ogpeepkTdxh606Q3DKQrY2Cn7QJZ6wjLAhTNTMQF5e0=;
	b=evT07MJ2ZauToRAv5dIdnN0Rg8vRnKaxsCBkOd5SRjWUyuCrarN1TQUP/byNjjFrwX
	Xr5cY1U66jTWw0RAcUhJPyGbT/RVLC7EWX6sSh2HtLtPpt9Cm9oJyh6tbsjLujbfKImS
	e8CaRoytzdOW7fNypp1zk7CwUojgQ2Nek4dDJvrrcwWJKxpgYGUGFjWGb9h10+RCc9fR
	62w/Ic2ciGPqisEn+BrenYR7bCbqqZQrGaL4Cv0viK13SxtXPNadhlvWtXBY5jX03wzj
	EiTXWRMwhud6gyDn33nfdNDmJiLdVwWq5RGKyBh2Em2K7dyJeHaYqBncA+u/uawASlSh
	/t7g==
X-Gm-Message-State: APjAAAXzGKxUtm3tvNRl8/Zj4XIENCJOdyXolxO+O37cnW4MHwc1TT+d
	3OhQOFqklJn3lViRUx9o2mOEeTlo
X-Google-Smtp-Source: 
 APXvYqxGBxhmrB1G+i4wlu4vZofbZHuM6/eM+SYMr/QyKlrVPISw3xyV9igtNbGrLF2M89NVNUEbPQ==
X-Received: by 2002:adf:f9c4:: with SMTP id w4mr27519847wrr.88.1574629160892;
	Sun, 24 Nov 2019 12:59:20 -0800 (PST)
Received: from dell.be.48ers.dk (d51a5bc31.access.telenet.be.
	[81.165.188.49]) by smtp.gmail.com with ESMTPSA id
	y6sm7706134wrr.19.2019.11.24.12.59.19
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Sun, 24 Nov 2019 12:59:20 -0800 (PST)
Received: from peko by dell.be.48ers.dk with local (Exim 4.92)
	(envelope-from <peko@dell.be.48ers.dk>)
	id 1iYyyV-0005PA-7b; Sun, 24 Nov 2019 21:59:19 +0100
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Date: Sun, 24 Nov 2019 21:59:17 +0100
Message-Id: <20191124205917.20731-1-peter@korsgaard.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Subject: [Buildroot] [PATCH] package/bind: security bump to version 9.11.13
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Peter Korsgaard <peter@korsgaard.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fixes the following security vulnerabilities:

- CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit

For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

(9.11.11..12 were not released)

Upstream moved to a 2019-2020 signing key, so update comment in hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/bind/bind.hash | 6 +++---
 package/bind/bind.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/bind/bind.hash b/package/bind/bind.hash
index 999c6602a8..53b5ce3a47 100644
--- a/package/bind/bind.hash
+++ b/package/bind/bind.hash
@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.10/bind-9.11.10.tar.gz.asc
-# with key 156890685EA0DF6A1371EF2017CC5DB1F0088407
-sha256 b2bb840cda20e6771ae8c054007b4ec12e1bb6aa6bfe79102890eb94956a70c3 bind-9.11.10.tar.gz
+# Verified from https://ftp.isc.org/isc/bind9/9.11.13/bind-9.11.13.tar.gz.asc
+# with key AE3FAC796711EC59FC007AA474BB6B9A4CBB3D38
+sha256 fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d bind-9.11.13.tar.gz
 sha256 cd02c93b8dcda794f55dfd1231828d69633072a98eee4874f9cf732d22d9dcde COPYRIGHT
diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index 08cad22d42..2d75f58b3f 100644
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.10
+BIND_VERSION = 9.11.13
 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)