mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-19 19:59:43 +00:00
Update to 9.14.3.
MFH: 2019Q2 (security blanket) Security: CVE-2019-6471
This commit is contained in:
parent
7340eb9e3c
commit
77b718fdac
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=504596
@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
|
||||
PORTREVISION= 0
|
||||
.else
|
||||
# dns/bind914 here
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 0
|
||||
.endif
|
||||
CATEGORIES= dns net ipv6
|
||||
MASTER_SITES= ISC/bind9/${ISCVERSION}
|
||||
@ -36,7 +36,7 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools
|
||||
|
||||
USES= compiler:c11 cpe libedit pkgconfig ssl
|
||||
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
|
||||
ISCVERSION= 9.14.2
|
||||
ISCVERSION= 9.14.3
|
||||
|
||||
CPE_VENDOR= isc
|
||||
CPE_VERSION= ${ISCVERSION:C/-.*//}
|
||||
|
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1557990570
|
||||
SHA256 (bind-9.14.2.tar.gz) = 0e4027573726502ec038db3973a086c02508671723a4845e21da1769a5c27f0c
|
||||
SIZE (bind-9.14.2.tar.gz) = 6263879
|
||||
TIMESTAMP = 1560947468
|
||||
SHA256 (bind-9.14.3.tar.gz) = ce878aabcf01b61ed114522c32fff9e268b02da55b3c248349860bc3d0c8bdfa
|
||||
SIZE (bind-9.14.3.tar.gz) = 6258311
|
||||
|
@ -1,6 +1,6 @@
|
||||
--- configure.orig 2019-05-10 04:51:34 UTC
|
||||
--- configure.orig 2019-06-04 15:20:04 UTC
|
||||
+++ configure
|
||||
@@ -16320,27 +16320,9 @@ done
|
||||
@@ -16347,27 +16347,9 @@ done
|
||||
# problems start to show up.
|
||||
saved_libs="$LIBS"
|
||||
for TRY_LIBS in \
|
||||
@ -30,7 +30,7 @@
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
|
||||
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
@@ -16383,47 +16365,7 @@ $as_echo "no" >&6; } ;;
|
||||
@@ -16410,47 +16392,7 @@ $as_echo "no" >&6; } ;;
|
||||
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
|
||||
esac
|
||||
|
||||
@ -79,7 +79,7 @@
|
||||
DNS_GSSAPI_LIBS="$LIBS"
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
|
||||
@@ -20927,7 +20869,7 @@ $as_echo "" >&6; }
|
||||
@@ -20960,7 +20902,7 @@ $as_echo "" >&6; }
|
||||
# Check other locations for includes.
|
||||
# Order is important (sigh).
|
||||
|
||||
|
@ -1,35 +0,0 @@
|
||||
From e517c18d98c248e891558ce5194e3663d244f956 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
|
||||
Date: Fri, 31 May 2019 10:40:52 +0200
|
||||
Subject: [PATCH 1/2] Fix a possible race between udp dispatch and socket code
|
||||
|
||||
There's a small possibility of race between udp dispatcher and
|
||||
socket code - socket code can still hold internal reference to a
|
||||
socket while dispatcher calls isc_socket_open, which can cause
|
||||
an assertion failure. Fix it by relaxing the assertion test, and
|
||||
instead simply locking the socket in isc_socket_open.
|
||||
|
||||
--- lib/isc/unix/socket.c.orig 2019-05-10 04:51:34 UTC
|
||||
+++ lib/isc/unix/socket.c
|
||||
@@ -2598,15 +2598,16 @@ isc_socket_open(isc_socket_t *sock0) {
|
||||
|
||||
REQUIRE(VALID_SOCKET(sock));
|
||||
|
||||
- REQUIRE(isc_refcount_current(&sock->references) == 1);
|
||||
- /*
|
||||
- * We don't need to retain the lock hereafter, since no one else has
|
||||
- * this socket.
|
||||
- */
|
||||
+ LOCK(&sock->lock);
|
||||
+
|
||||
+ REQUIRE(isc_refcount_current(&sock->references) >= 1);
|
||||
REQUIRE(sock->fd == -1);
|
||||
REQUIRE(sock->threadid == -1);
|
||||
|
||||
result = opensocket(sock->manager, sock, NULL);
|
||||
+
|
||||
+ UNLOCK(&sock->lock);
|
||||
+
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
sock->fd = -1;
|
||||
} else {
|
Loading…
Reference in New Issue
Block a user