me
/
guix
Archived
1
0
Fork 0

gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219].

* gnu/packages/dns.scm (isc-bind): Update to 9.16.23.
[source]: Add patch.
* gnu/packages/patches/bind-re-add-attr-constructor-priority.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
master
Tobias Geerinckx-Rice 2021-12-09 01:18:03 +01:00
parent e5e307b676
commit 4ca0e9d5f7
No known key found for this signature in database
GPG Key ID: 0DB0FF884F556D79
3 changed files with 69 additions and 9 deletions

View File

@ -879,6 +879,7 @@ dist_patch_DATA = \
%D%/packages/patches/bazaar-CVE-2017-14176.patch \
%D%/packages/patches/bc-fix-cross-compilation.patch \
%D%/packages/patches/bear-disable-preinstall-tests.patch \
%D%/packages/patches/bind-re-add-attr-constructor-priority.patch \
%D%/packages/patches/brightnessctl-elogind-support.patch \
%D%/packages/patches/bsd-games-2.17-64bit.patch \
%D%/packages/patches/bsd-games-add-configure-config.patch \

View File

@ -373,15 +373,17 @@ and BOOTP/TFTP for network booting of diskless machines.")
;; When updating, check whether isc-dhcp's bundled copy should be as well.
;; The BIND release notes are available here:
;; https://www.isc.org/bind/
(version "9.16.16")
(source (origin
(method url-fetch)
(uri (string-append
"https://ftp.isc.org/isc/bind9/" version
"/bind-" version ".tar.xz"))
(sha256
(base32
"0yqxfq7qc26x7qhk0nkp8h7x9jggzaafm712bvfffy7qml13k4bc"))))
(version "9.16.23")
(source
(origin
(method url-fetch)
(uri (string-append
"https://ftp.isc.org/isc/bind9/" version
"/bind-" version ".tar.xz"))
(sha256
(base32 "0g0pxzhzcz6nzkiab4cs9sgbjdzqgy44aa477v7akdlwm8kmxnyy"))
(patches
(search-patches "bind-re-add-attr-constructor-priority.patch"))))
(build-system gnu-build-system)
(outputs `("out" "utils"))
(inputs

View File

@ -0,0 +1,57 @@
From 6361de07a35f2e9dc1d7201d6b26ca31da93ee69 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Thu, 9 Dec 2021 01:07:32 +0100
Subject: [PATCH] Revert "Remove priority from attribute
constructor/destructor"
This reverts commit 0340df46ec5897636dd071bc8b5c4272cfa7d7be. It works
around an irrelevant operating system and breaks compilation on Guix:
mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed
/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 1: 13768 Aborted ./${fuzzer}
Let's simply revert it for now---there are securities at stake!
---
lib/isc/include/isc/util.h | 8 ++++----
lib/isc/lib.c | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h
index f0f7f85fa4..64c26587ac 100644
--- a/lib/isc/include/isc/util.h
+++ b/lib/isc/include/isc/util.h
@@ -49,11 +49,11 @@
#endif /* __GNUC__ */
#if HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR && HAVE_FUNC_ATTRIBUTE_DESTRUCTOR
-#define ISC_CONSTRUCTOR __attribute__((constructor))
-#define ISC_DESTRUCTOR __attribute__((destructor))
+#define ISC_CONSTRUCTOR(priority) __attribute__((constructor(priority)))
+#define ISC_DESTRUCTOR(priority) __attribute__((destructor(priority)))
#elif WIN32
-#define ISC_CONSTRUCTOR
-#define ISC_DESTRUCTOR
+#define ISC_CONSTRUCTOR(priority)
+#define ISC_DESTRUCTOR(priority)
#endif
/*%
diff --git a/lib/isc/lib.c b/lib/isc/lib.c
index f3576b2659..2a167fec21 100644
--- a/lib/isc/lib.c
+++ b/lib/isc/lib.c
@@ -35,9 +35,9 @@ isc_lib_register(void) {
}
void
-isc__initialize(void) ISC_CONSTRUCTOR;
+isc__initialize(void) ISC_CONSTRUCTOR(101);
void
-isc__shutdown(void) ISC_DESTRUCTOR;
+isc__shutdown(void) ISC_DESTRUCTOR(101);
void
isc__initialize(void) {
--
2.34.0