gnu: bind: Update to 9.12.4-P1 [fixes CVE-2018-5743, CVE-2019-6467].
* gnu/packages/dns.scm (isc-bind): Update to 9.12.4-P1. [source]: Add patch. [inputs]: Add python and python-ply. * packages/patches/bind-fix-unused-pk11-ecc-constants.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
This commit is contained in:
parent
9b19734c50
commit
0406434baa
|
@ -682,6 +682,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/beets-python-3.7-fix.patch \
|
%D%/packages/patches/beets-python-3.7-fix.patch \
|
||||||
%D%/packages/patches/beignet-correct-file-names.patch \
|
%D%/packages/patches/beignet-correct-file-names.patch \
|
||||||
%D%/packages/patches/biber-fix-encoding-write.patch \
|
%D%/packages/patches/biber-fix-encoding-write.patch \
|
||||||
|
%D%/packages/patches/bind-fix-unused-pk11-ecc-constants.patch \
|
||||||
%D%/packages/patches/binutils-loongson-workaround.patch \
|
%D%/packages/patches/binutils-loongson-workaround.patch \
|
||||||
%D%/packages/patches/blender-2.79-newer-ffmpeg.patch \
|
%D%/packages/patches/blender-2.79-newer-ffmpeg.patch \
|
||||||
%D%/packages/patches/blender-2.79-python-3.7-fix.patch \
|
%D%/packages/patches/blender-2.79-python-3.7-fix.patch \
|
||||||
|
|
|
@ -51,6 +51,7 @@
|
||||||
#:use-module (gnu packages pkg-config)
|
#:use-module (gnu packages pkg-config)
|
||||||
#:use-module (gnu packages protobuf)
|
#:use-module (gnu packages protobuf)
|
||||||
#:use-module (gnu packages python)
|
#:use-module (gnu packages python)
|
||||||
|
#:use-module (gnu packages python-xyz)
|
||||||
#:use-module (gnu packages swig)
|
#:use-module (gnu packages swig)
|
||||||
#:use-module (gnu packages tls)
|
#:use-module (gnu packages tls)
|
||||||
#:use-module (gnu packages web)
|
#:use-module (gnu packages web)
|
||||||
|
@ -106,7 +107,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
|
||||||
(define-public isc-bind
|
(define-public isc-bind
|
||||||
(package
|
(package
|
||||||
(name "bind")
|
(name "bind")
|
||||||
(version "9.12.3-P4")
|
(version "9.12.4-P1")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append
|
(uri (string-append
|
||||||
|
@ -114,7 +115,9 @@ and BOOTP/TFTP for network booting of diskless machines.")
|
||||||
"/bind-" version ".tar.gz"))
|
"/bind-" version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"01pj47z5582rd538dmbzf1msw4jc8j4zr0zx4ciy88r6qr9l80fi"))))
|
"1if7zc5gzrfd28csc63v9bjwrc0rgvm1x9yx058946hc5gp5lyp2"))
|
||||||
|
(patches
|
||||||
|
(search-patches "bind-fix-unused-pk11-ecc-constants.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(outputs `("out" "utils"))
|
(outputs `("out" "utils"))
|
||||||
(inputs
|
(inputs
|
||||||
|
@ -122,7 +125,9 @@ and BOOTP/TFTP for network booting of diskless machines.")
|
||||||
`(("libcap" ,libcap)
|
`(("libcap" ,libcap)
|
||||||
("libxml2" ,libxml2)
|
("libxml2" ,libxml2)
|
||||||
("openssl" ,openssl)
|
("openssl" ,openssl)
|
||||||
("p11-kit" ,p11-kit)))
|
("p11-kit" ,p11-kit)
|
||||||
|
("python" ,python)
|
||||||
|
("python-ply" ,python-ply)))
|
||||||
(native-inputs `(("perl" ,perl)
|
(native-inputs `(("perl" ,perl)
|
||||||
("net-tools" ,net-tools)))
|
("net-tools" ,net-tools)))
|
||||||
(arguments
|
(arguments
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
From: Tobias Geerinckx-Rice <me@tobias.gr>
|
||||||
|
Date: Thu, 25 Apr 2019 04:36:52 +0200
|
||||||
|
Subject: [PATCH] gnu: bind: Fix unused PKCS#11 ECC constants.
|
||||||
|
|
||||||
|
Without this patch, the build fails:
|
||||||
|
|
||||||
|
pkcs11-keygen.c: In function ‘main’:
|
||||||
|
pkcs11-keygen.c:424:32: error: ‘pk11_ecc_prime256v1’ undeclared (first use in this function)
|
||||||
|
public_template[4].pValue = pk11_ecc_prime256v1;
|
||||||
|
^
|
||||||
|
pkcs11-keygen.c:424:32: note: each undeclared identifier is reported only once for each function it appears in
|
||||||
|
pkcs11-keygen.c:428:32: error: ‘pk11_ecc_secp384r1’ undeclared (first use in this function)
|
||||||
|
public_template[4].pValue = pk11_ecc_secp384r1;
|
||||||
|
^
|
||||||
|
make[2]: *** [Makefile:217: pkcs11-keygen.o] Error 1
|
||||||
|
|
||||||
|
Fix copied verbatim from upstream[0].
|
||||||
|
|
||||||
|
[0]: https://gitlab.isc.org/isc-projects/bind9/issues/935
|
||||||
|
|
||||||
|
---
|
||||||
|
--- orig-bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-02-27 15:28:15.000000000 -0800
|
||||||
|
+++ bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-03-11 09:20:50.955257469 -0700
|
||||||
|
@@ -403,6 +403,10 @@
|
||||||
|
public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
|
||||||
|
break;
|
||||||
|
case key_ecc:
|
||||||
|
+#if !defined(HAVE_PKCS11_ECDSA)
|
||||||
|
+ fprintf(stderr, "prime256v1 and secp3841r1 is not supported\n");
|
||||||
|
+ usage();
|
||||||
|
+#else
|
||||||
|
op_type = OP_EC;
|
||||||
|
if (bits == 0)
|
||||||
|
bits = 256;
|
||||||
|
@@ -429,7 +433,7 @@
|
||||||
|
public_template[4].ulValueLen =
|
||||||
|
sizeof(pk11_ecc_secp384r1);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
+#endif
|
||||||
|
break;
|
||||||
|
case key_ecx:
|
||||||
|
#if !defined(CKM_EDDSA_KEY_PAIR_GEN)
|
Loading…
Reference in New Issue