gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219].

* gnu/packages/dns.scm (isc-bind): Update to 9.16.23. [source]: Add patch. * gnu/packages/patches/bind-re-add-attr-constructor-priority.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
2021-12-09 01:18:03 +01:00 · 2021-12-09 01:18:03 +01:00 · 4ca0e9d5f7
commit 4ca0e9d5f7
parent e5e307b676
3 changed files with 69 additions and 9 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -879,6 +879,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/bazaar-CVE-2017-14176.patch		\
  %D%/packages/patches/bc-fix-cross-compilation.patch		\
  %D%/packages/patches/bear-disable-preinstall-tests.patch	\
  %D%/packages/patches/bind-re-add-attr-constructor-priority.patch	\
  %D%/packages/patches/brightnessctl-elogind-support.patch	\
  %D%/packages/patches/bsd-games-2.17-64bit.patch		\
  %D%/packages/patches/bsd-games-add-configure-config.patch	\
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@ -373,15 +373,17 @@ and BOOTP/TFTP for network booting of diskless machines.")
    ;; When updating, check whether isc-dhcp's bundled copy should be as well.
    ;; The BIND release notes are available here:
    ;; https://www.isc.org/bind/
-    (version "9.16.16")
+    (version "9.16.23")
-    (source (origin
+    (source
     (origin
       (method url-fetch)
       (uri (string-append
             "https://ftp.isc.org/isc/bind9/" version
             "/bind-" version ".tar.xz"))
       (sha256
-               (base32
+        (base32 "0g0pxzhzcz6nzkiab4cs9sgbjdzqgy44aa477v7akdlwm8kmxnyy"))
-                "0yqxfq7qc26x7qhk0nkp8h7x9jggzaafm712bvfffy7qml13k4bc"))))
+       (patches
        (search-patches "bind-re-add-attr-constructor-priority.patch"))))
    (build-system gnu-build-system)
    (outputs `("out" "utils"))
    (inputs
--- a/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch
+++ b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch
@ -0,0 +1,57 @@
 From 6361de07a35f2e9dc1d7201d6b26ca31da93ee69 Mon Sep 17 00:00:00 2001
 From: Tobias Geerinckx-Rice <me@tobias.gr>
 Date: Thu, 9 Dec 2021 01:07:32 +0100
 Subject: [PATCH] Revert "Remove priority from attribute
 constructor/destructor"
 This reverts commit 0340df46ec5897636dd071bc8b5c4272cfa7d7be.  It works
 around an irrelevant operating system and breaks compilation on Guix:
 mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed
 /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 1: 13768 Aborted                 ./${fuzzer}
 Let's simply revert it for now---there are securities at stake!
 ---
 lib/isc/include/isc/util.h | 8 ++++----
 lib/isc/lib.c              | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)
 diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h
 index f0f7f85fa4..64c26587ac 100644
 --- a/lib/isc/include/isc/util.h
 +++ b/lib/isc/include/isc/util.h
@@ -49,11 +49,11 @@
 #endif /* __GNUC__ */
 #if HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR && HAVE_FUNC_ATTRIBUTE_DESTRUCTOR
 -#define ISC_CONSTRUCTOR __attribute__((constructor))
 -#define ISC_DESTRUCTOR	__attribute__((destructor))
 +#define ISC_CONSTRUCTOR(priority) __attribute__((constructor(priority)))
 +#define ISC_DESTRUCTOR(priority)  __attribute__((destructor(priority)))
 #elif WIN32
 -#define ISC_CONSTRUCTOR
 -#define ISC_DESTRUCTOR
 +#define ISC_CONSTRUCTOR(priority)
 +#define ISC_DESTRUCTOR(priority)
 #endif
 /*%
 diff --git a/lib/isc/lib.c b/lib/isc/lib.c
 index f3576b2659..2a167fec21 100644
 --- a/lib/isc/lib.c
 +++ b/lib/isc/lib.c
@@ -35,9 +35,9 @@ isc_lib_register(void) {
 }
 void
 -isc__initialize(void) ISC_CONSTRUCTOR;
 +isc__initialize(void) ISC_CONSTRUCTOR(101);
 void
 -isc__shutdown(void) ISC_DESTRUCTOR;
 +isc__shutdown(void) ISC_DESTRUCTOR(101);
 void
 isc__initialize(void) {
 -- 
 2.34.0