Pullup ticket 2369 - requested by tonnerre security fix for bind 8 - pkgsrc/net/bind8/Makefile 1.40 - pkgsrc/net/bind8/distinfo 1.22 - pkgsrc/net/bind8/patches/patch-ao 1.1 Module Name: pkgsrc Committed By: tonnerre Date: Sun May 11 00:00:57 UTC 2008 Modified Files: pkgsrc/net/bind8: Makefile distinfo Added Files: pkgsrc/net/bind8/patches: patch-ao Log Message: Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary check can be abused for implementation specific exploitation: depending on the use of libbind, this can result in denial of service or even remote code execution.diff -r1.39 -r1.39.4.1 pkgsrc/net/bind8/Makefile
(ghen)
@@ -1,49 +1,50 @@ | @@ -1,49 +1,50 @@ | |||
1 | # $NetBSD: Makefile,v 1.39 2007/11/17 12:04:13 rillig Exp $ | 1 | # $NetBSD: Makefile,v 1.39.4.1 2008/05/11 09:33:42 ghen Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME}pl1 | 4 | PKGNAME= ${DISTNAME}pl1 | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 6 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind8/src/${BIND_VERSION}/ | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind8/src/${BIND_VERSION}/ | |
7 | DISTFILES= bind-src.tar.gz bind-doc.tar.gz | 8 | DISTFILES= bind-src.tar.gz bind-doc.tar.gz | |
8 | 9 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.isc.org/sw/bind/ | 11 | HOMEPAGE= http://www.isc.org/sw/bind/ | |
11 | COMMENT= The Berkeley Internet Name Daemon, an implementation of DNS | 12 | COMMENT= The Berkeley Internet Name Daemon, an implementation of DNS | |
12 | 13 | |||
13 | USE_TOOLS+= lex yacc | 14 | USE_TOOLS+= lex yacc | |
14 | 15 | |||
15 | WRKSRC= ${WRKDIR} | 16 | WRKSRC= ${WRKDIR} | |
16 | BIND_VERSION= 8.4.7 | 17 | BIND_VERSION= 8.4.7 | |
17 | DIST_SUBDIR= bind/${BIND_VERSION} | 18 | DIST_SUBDIR= bind/${BIND_VERSION} | |
18 | 19 | |||
19 | PATCH_SITES= ${MASTER_SITES:S/8.4.7/8.4.7-P1/} | 20 | PATCH_SITES= ${MASTER_SITES:S/8.4.7/8.4.7-P1/} | |
20 | PATCHFILES= 8.4.7-p1.patch | 21 | PATCHFILES= 8.4.7-p1.patch | |
21 | PATCH_DIST_STRIP= -p1 | 22 | PATCH_DIST_STRIP= -p1 | |
22 | 23 | |||
23 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 24 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
24 | 25 | |||
25 | RCD_SCRIPTS= named | 26 | RCD_SCRIPTS= named | |
26 | 27 | |||
27 | BUILD_DIRS= src doc/man | 28 | BUILD_DIRS= src doc/man | |
28 | 29 | |||
29 | .include "../../mk/bsd.prefs.mk" | 30 | .include "../../mk/bsd.prefs.mk" | |
30 | 31 | |||
31 | .if ${OPSYS} == "SunOS" | 32 | .if ${OPSYS} == "SunOS" | |
32 | MAKEFLAGS+= MANROFF=cat | 33 | MAKEFLAGS+= MANROFF=cat | |
33 | MAKEFLAGS+= INSTALL=${INSTALL:Q} | 34 | MAKEFLAGS+= INSTALL=${INSTALL:Q} | |
34 | OWN_DIRS_PERMS= ${PKG_SYSCONFDIR}/ndc.d root other 700 | 35 | OWN_DIRS_PERMS= ${PKG_SYSCONFDIR}/ndc.d root other 700 | |
35 | .endif | 36 | .endif | |
36 | 37 | |||
37 | MAKEFLAGS+= PREFIX=${PREFIX:Q} | 38 | MAKEFLAGS+= PREFIX=${PREFIX:Q} | |
38 | MAKE_FLAGS+= INSTALL_LIB=-o\ ${LIBOWN}\ -g\ ${LIBGRP} | 39 | MAKE_FLAGS+= INSTALL_LIB=-o\ ${LIBOWN}\ -g\ ${LIBGRP} | |
39 | 40 | |||
40 | post-extract: | 41 | post-extract: | |
41 | cd ${WRKSRC}/doc/man && ${RM} -f *.lst* *~ *.BAK *.CKP *.orig | 42 | cd ${WRKSRC}/doc/man && ${RM} -f *.lst* *~ *.BAK *.CKP *.orig | |
42 | ${LN} -s freebsd ${WRKSRC}/src/port/dragonfly | 43 | ${LN} -s freebsd ${WRKSRC}/src/port/dragonfly | |
43 | 44 | |||
44 | post-install: | 45 | post-install: | |
45 | ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/html/bind8 | 46 | ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/html/bind8 | |
46 | cd ${WRKSRC}/doc/html && ${PAX} -rw * ${PREFIX}/share/doc/html/bind8 | 47 | cd ${WRKSRC}/doc/html && ${PAX} -rw * ${PREFIX}/share/doc/html/bind8 | |
47 | ${CHMOD} ${DOCMODE} ${PREFIX}/share/doc/html/bind8/*.html | 48 | ${CHMOD} ${DOCMODE} ${PREFIX}/share/doc/html/bind8/*.html | |
48 | 49 | |||
49 | .include "../../mk/bsd.pkg.mk" | 50 | .include "../../mk/bsd.pkg.mk" |
@@ -1,24 +1,25 @@ | @@ -1,24 +1,25 @@ | |||
1 | $NetBSD: distinfo,v 1.21 2007/09/10 19:05:01 adrianp Exp $ | 1 | $NetBSD: distinfo,v 1.21.6.1 2008/05/11 09:33:42 ghen Exp $ | |
2 | 2 | |||
3 | SHA1 (bind/8.4.7/8.4.7-p1.patch) = 21ace372a55ff10166c3aaefb9ca25889b8e9c99 | 3 | SHA1 (bind/8.4.7/8.4.7-p1.patch) = 21ace372a55ff10166c3aaefb9ca25889b8e9c99 | |
4 | RMD160 (bind/8.4.7/8.4.7-p1.patch) = 09787da6ebf107f680963ead6b9998f734244951 | 4 | RMD160 (bind/8.4.7/8.4.7-p1.patch) = 09787da6ebf107f680963ead6b9998f734244951 | |
5 | Size (bind/8.4.7/8.4.7-p1.patch) = 47224 bytes | 5 | Size (bind/8.4.7/8.4.7-p1.patch) = 47224 bytes | |
6 | SHA1 (bind/8.4.7/bind-doc.tar.gz) = 69baf042cbceaa81485db12f9d877f14a4e4d0f6 | 6 | SHA1 (bind/8.4.7/bind-doc.tar.gz) = 69baf042cbceaa81485db12f9d877f14a4e4d0f6 | |
7 | RMD160 (bind/8.4.7/bind-doc.tar.gz) = 83a19daac958f41e5cac1dea3201d959658744a8 | 7 | RMD160 (bind/8.4.7/bind-doc.tar.gz) = 83a19daac958f41e5cac1dea3201d959658744a8 | |
8 | Size (bind/8.4.7/bind-doc.tar.gz) = 1492480 bytes | 8 | Size (bind/8.4.7/bind-doc.tar.gz) = 1492480 bytes | |
9 | SHA1 (bind/8.4.7/bind-src.tar.gz) = a5f352ca020403bc0f70c6201809c9ba9e56932a | 9 | SHA1 (bind/8.4.7/bind-src.tar.gz) = a5f352ca020403bc0f70c6201809c9ba9e56932a | |
10 | RMD160 (bind/8.4.7/bind-src.tar.gz) = 87ea8fb441d100da49b2f46e1c32d12c9e2322a7 | 10 | RMD160 (bind/8.4.7/bind-src.tar.gz) = 87ea8fb441d100da49b2f46e1c32d12c9e2322a7 | |
11 | Size (bind/8.4.7/bind-src.tar.gz) = 1484718 bytes | 11 | Size (bind/8.4.7/bind-src.tar.gz) = 1484718 bytes | |
12 | SHA1 (patch-aa) = c94c78cb904e713be25da748d3ecfed51b2ed010 | 12 | SHA1 (patch-aa) = c94c78cb904e713be25da748d3ecfed51b2ed010 | |
13 | SHA1 (patch-ab) = 41c03679a97d24302f4eb4bec67fda0b8d4cd9bf | 13 | SHA1 (patch-ab) = 41c03679a97d24302f4eb4bec67fda0b8d4cd9bf | |
14 | SHA1 (patch-ad) = 8b7071e89179af3de5c7645b88d175bb9143a9da | 14 | SHA1 (patch-ad) = 8b7071e89179af3de5c7645b88d175bb9143a9da | |
15 | SHA1 (patch-ae) = e0bf370c94d412fbb3347dfa2fd74a164d7cd944 | 15 | SHA1 (patch-ae) = e0bf370c94d412fbb3347dfa2fd74a164d7cd944 | |
16 | SHA1 (patch-af) = f697c119f38a5e0f1aeeafe4a77e8c1436ec684a | 16 | SHA1 (patch-af) = f697c119f38a5e0f1aeeafe4a77e8c1436ec684a | |
17 | SHA1 (patch-ag) = 399938ee154d671232b87371d8cc7d3b2c419cd7 | 17 | SHA1 (patch-ag) = 399938ee154d671232b87371d8cc7d3b2c419cd7 | |
18 | SHA1 (patch-ah) = 154d3ab6a388a51dbfc1351a7d21e9436f5efa92 | 18 | SHA1 (patch-ah) = 154d3ab6a388a51dbfc1351a7d21e9436f5efa92 | |
19 | SHA1 (patch-ai) = 44090a2cdada15245f5557af13d23061feba54d0 | 19 | SHA1 (patch-ai) = 44090a2cdada15245f5557af13d23061feba54d0 | |
20 | SHA1 (patch-aj) = 6a812ee56aad252c44b7fd0eb839d9d382f1ef6a | 20 | SHA1 (patch-aj) = 6a812ee56aad252c44b7fd0eb839d9d382f1ef6a | |
21 | SHA1 (patch-ak) = db59ad1cda56adfffb75336781c4bd1ad1c79733 | 21 | SHA1 (patch-ak) = db59ad1cda56adfffb75336781c4bd1ad1c79733 | |
22 | SHA1 (patch-al) = f03b3b5480d9294673cdb86cf0f45f48ce9ea895 | 22 | SHA1 (patch-al) = f03b3b5480d9294673cdb86cf0f45f48ce9ea895 | |
23 | SHA1 (patch-am) = 7acd974e10388dba0dcb44c28f2f03e18b7a1c28 | 23 | SHA1 (patch-am) = 7acd974e10388dba0dcb44c28f2f03e18b7a1c28 | |
24 | SHA1 (patch-an) = 41b63a50756d9f73152fc8a48dbf93657064e90f | 24 | SHA1 (patch-an) = 41b63a50756d9f73152fc8a48dbf93657064e90f | |
25 | SHA1 (patch-ao) = 85ee16824e849ad227e04dbf71808446769438af |
$NetBSD: patch-ao,v 1.1.2.2 2008/05/11 09:33:42 ghen Exp $
--- src/lib/inet/inet_network.c.orig 2004-03-17 01:20:24.000000000 +0100
+++ src/lib/inet/inet_network.c
@@ -84,9 +84,9 @@ again:
}
if (!digit)
return (INADDR_NONE);
+ if (pp >= parts + 4 || val > 0xffU)
+ return (INADDR_NONE);
if (*cp == '.') {
- if (pp >= parts + 4 || val > 0xffU)
- return (INADDR_NONE);
*pp++ = val, cp++;
goto again;
}