gnu: isc-dhcp: Update to 4.3.3; update bundled bind to 9.9.8-P2.
Fixes CVE-2015-8000 and CVE-2015-8461. * gnu/packages/admin.scm (isc-dhcp): Update to 4.3.3. [inputs]: Add 'bind-source-tarball'. [arguments]: Use modify-phases. Add 'replace-bundled-bind' phase. In 'post-configure' phase, avoid hard-coding version numbers of bundled bind.
This commit is contained in:
parent
f9a5b18897
commit
6548b1e122
|
@ -388,20 +388,51 @@ connection alive.")
|
||||||
(license license:gpl3+)))
|
(license license:gpl3+)))
|
||||||
|
|
||||||
(define-public isc-dhcp
|
(define-public isc-dhcp
|
||||||
|
(let* ((bind-major-version "9")
|
||||||
|
(bind-minor-version "9")
|
||||||
|
(bind-patch-version "8")
|
||||||
|
(bind-release-type "-P")
|
||||||
|
(bind-release-version "2")
|
||||||
|
(bind-version (string-append bind-major-version
|
||||||
|
"."
|
||||||
|
bind-minor-version
|
||||||
|
"."
|
||||||
|
bind-patch-version
|
||||||
|
bind-release-type
|
||||||
|
bind-release-version)))
|
||||||
(package
|
(package
|
||||||
(name "isc-dhcp")
|
(name "isc-dhcp")
|
||||||
(version "4.3.1")
|
(version "4.3.3")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "http://ftp.isc.org/isc/dhcp/"
|
(uri (string-append "http://ftp.isc.org/isc/dhcp/"
|
||||||
version "/dhcp-" version ".tar.gz"))
|
version "/dhcp-" version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"1w4s7sni1m9223ya8m2a64lr62845c6xlraprjf8zfx6lylbqv16"))))
|
"1pjy4lylx7dww1fp2mk5ikya5vxaf97z70279j81n74vn12ljg2m"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(#:phases (alist-cons-after
|
`(#:phases
|
||||||
'configure 'post-configure
|
(modify-phases %standard-phases
|
||||||
|
(add-after 'unpack 'replace-bundled-bind
|
||||||
|
(lambda* (#:key inputs #:allow-other-keys)
|
||||||
|
(delete-file "bind/bind.tar.gz")
|
||||||
|
(copy-file (assoc-ref inputs "bind-source-tarball")
|
||||||
|
"bind/bind.tar.gz")
|
||||||
|
(chmod "bind/bind.tar.gz" #o644)
|
||||||
|
(substitute* "bind/version.tmp"
|
||||||
|
(("^MAJORVER=.*")
|
||||||
|
(format #f "MAJORVER=~a\n" ,bind-major-version))
|
||||||
|
(("^MINORVER=.*")
|
||||||
|
(format #f "MINORVER=~a\n" ,bind-minor-version))
|
||||||
|
(("^PATCHVER=.*")
|
||||||
|
(format #f "PATCHVER=~a\n" ,bind-patch-version))
|
||||||
|
(("^RELEASETYPE=.*")
|
||||||
|
(format #f "RELEASETYPE=~a\n" ,bind-release-type))
|
||||||
|
(("^RELEASEVER=.*")
|
||||||
|
(format #f "RELEASEVER=~a\n" ,bind-release-version)))
|
||||||
|
#t))
|
||||||
|
(add-after 'configure 'post-configure
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
(lambda* (#:key outputs #:allow-other-keys)
|
||||||
;; Point to the right client script, which will be
|
;; Point to the right client script, which will be
|
||||||
;; installed in a later phase.
|
;; installed in a later phase.
|
||||||
|
@ -422,18 +453,18 @@ connection alive.")
|
||||||
(string-append "./configure CONFIG_SHELL="
|
(string-append "./configure CONFIG_SHELL="
|
||||||
sh " SHELL=" sh))))
|
sh " SHELL=" sh))))
|
||||||
|
|
||||||
|
(let ((bind-directory (string-append "bind-" ,bind-version)))
|
||||||
(system* "tar" "xf" "bind.tar.gz")
|
(system* "tar" "xf" "bind.tar.gz")
|
||||||
(for-each patch-shebang
|
(for-each patch-shebang
|
||||||
(find-files "bind-9.9.5-P1" ".*"))
|
(find-files bind-directory ".*"))
|
||||||
(zero? (system* "tar" "cf" "bind.tar.gz"
|
(zero? (system* "tar" "cf" "bind.tar.gz"
|
||||||
"bind-9.9.5-P1"
|
bind-directory
|
||||||
;; avoid non-determinism in the archive
|
;; avoid non-determinism in the archive
|
||||||
"--sort=name"
|
"--sort=name"
|
||||||
"--mtime=@0"
|
"--mtime=@0"
|
||||||
"--owner=root:0"
|
"--owner=root:0"
|
||||||
"--group=root:0"))))
|
"--group=root:0"))))))
|
||||||
(alist-cons-after
|
(add-after 'install 'post-install
|
||||||
'install 'post-install
|
|
||||||
(lambda* (#:key inputs outputs #:allow-other-keys)
|
(lambda* (#:key inputs outputs #:allow-other-keys)
|
||||||
;; Install the dhclient script for GNU/Linux and make sure
|
;; Install the dhclient script for GNU/Linux and make sure
|
||||||
;; if finds all the programs it needs.
|
;; if finds all the programs it needs.
|
||||||
|
@ -458,8 +489,7 @@ connection alive.")
|
||||||
,(map (lambda (dir)
|
,(map (lambda (dir)
|
||||||
(string-append dir "/bin:"
|
(string-append dir "/bin:"
|
||||||
dir "/sbin"))
|
dir "/sbin"))
|
||||||
(list inetutils net-tools coreutils sed))))))
|
(list inetutils net-tools coreutils sed))))))))))
|
||||||
%standard-phases))))
|
|
||||||
|
|
||||||
(native-inputs `(("perl" ,perl)))
|
(native-inputs `(("perl" ,perl)))
|
||||||
|
|
||||||
|
@ -467,6 +497,18 @@ connection alive.")
|
||||||
("net-tools" ,net-tools)
|
("net-tools" ,net-tools)
|
||||||
("iproute" ,iproute)
|
("iproute" ,iproute)
|
||||||
|
|
||||||
|
;; XXX isc-dhcp bundles a copy of bind that has security
|
||||||
|
;; flaws, so we use a newer version.
|
||||||
|
("bind-source-tarball"
|
||||||
|
,(origin
|
||||||
|
(method url-fetch)
|
||||||
|
(uri (string-append "http://ftp.isc.org/isc/bind9/"
|
||||||
|
bind-version
|
||||||
|
"/bind-" bind-version ".tar.gz"))
|
||||||
|
(sha256
|
||||||
|
(base32
|
||||||
|
"0agkpmpna7s67la13krn4xlhwhdjpazmljxlq0zbjdwnw4k1k17m"))))
|
||||||
|
|
||||||
;; When cross-compiling, we need the cross Coreutils and sed.
|
;; When cross-compiling, we need the cross Coreutils and sed.
|
||||||
;; Otherwise just use those from %FINAL-INPUTS.
|
;; Otherwise just use those from %FINAL-INPUTS.
|
||||||
,@(if (%current-target-system)
|
,@(if (%current-target-system)
|
||||||
|
@ -480,7 +522,7 @@ connection alive.")
|
||||||
"ISC's Dynamic Host Configuration Protocol (DHCP) distribution provides a
|
"ISC's Dynamic Host Configuration Protocol (DHCP) distribution provides a
|
||||||
reference implementation of all aspects of DHCP, through a suite of DHCP
|
reference implementation of all aspects of DHCP, through a suite of DHCP
|
||||||
tools: server, client, and relay agent.")
|
tools: server, client, and relay agent.")
|
||||||
(license license:isc)))
|
(license license:isc))))
|
||||||
|
|
||||||
(define-public libpcap
|
(define-public libpcap
|
||||||
(package
|
(package
|
||||||
|
|
Loading…
Reference in New Issue