From 55ecf73675bec0e952b0d64e726c9a00042e9670 Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Jan 28 2023 10:57:48 +0000 Subject: Update to 9.16.37 Resolves: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 https://downloads.isc.org/isc/bind9/9.16.37/RELEASE-NOTES-bind-9.16.37.html --- diff --git a/.gitignore b/.gitignore index fe0b3b1..927b010 100644 --- a/.gitignore +++ b/.gitignore @@ -184,3 +184,5 @@ bind-9.7.2b1.tar.gz /bind-9.16.35.tar.xz.asc /bind-9.16.36.tar.xz /bind-9.16.36.tar.xz.asc +/bind-9.16.37.tar.xz +/bind-9.16.37.tar.xz.asc diff --git a/bind-9.11-fips-tests.patch b/bind-9.11-fips-tests.patch index 7e96742..2fc8da4 100644 --- a/bind-9.11-fips-tests.patch +++ b/bind-9.11-fips-tests.patch @@ -1,4 +1,4 @@ -From 9d12d1000aea7d21c2bcc833685f6b7e4addfb28 Mon Sep 17 00:00:00 2001 +From 3e15fd2f88a39bcca7cf71cb53e157ab3c7f39a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:46:45 +0200 Subject: [PATCH] FIPS tests changes @@ -527,10 +527,10 @@ index 4af25b0..9f202d5 100644 }; diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf -index b1f7059..db57bbd 100644 +index 0ecdb68..90b8ab3 100644 --- a/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf -@@ -283,6 +283,6 @@ dyndb "name" "library.so" { +@@ -284,6 +284,6 @@ dyndb "name" "library.so" { system; }; key "mykey" { @@ -620,10 +620,10 @@ index c02654e..0453a87 100644 grep "test string" dig.out.b.ns5.test$n > /dev/null && grep "test string" dig.out.c.ns5.test$n > /dev/null && diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in -index 81d0c99..effbe2e 100644 +index a5cc36d..7bb8923 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf.in +++ b/bin/tests/system/nsupdate/ns1/named.conf.in -@@ -39,7 +39,7 @@ controls { +@@ -40,7 +40,7 @@ controls { }; key altkey { @@ -663,7 +663,7 @@ index c9a756e..fac39d4 100644 $DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key $DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh -index ee634d7..5940147 100755 +index 67ffc27..c554a3f 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -852,7 +852,14 @@ fi @@ -919,7 +919,7 @@ index c2b57dd..cb13aa1 100644 }; diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh -index c0293b3..2ba0c31 100644 +index 35c5588..7d08a24 100644 --- a/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh @@ -81,7 +81,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi @@ -927,10 +927,10 @@ index c0293b3..2ba0c31 100644 echo_i "updating zone (signed) ($n)" ret=0 -$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - < - 32:9.16.37-1 +- Update to 9.16.37 + * Mon Jan 16 2023 Petr Menšík - 32:9.16.36-1 - Update to 9.16.36 - Include rwlock.h from dns/zt.h diff --git a/sources b/sources index 724f213..93ccd71 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.16.36.tar.xz) = 521a021456b6daf260fead75efc298dd964ff00947fd95fadb3c13d52f4c07fb61b74861601d22722e8d546dca284524fd4d770cc5cf347d9659b6df9654ed95 -SHA512 (bind-9.16.36.tar.xz.asc) = 14fbc992a9be8173a8a5aa6f848d7dd69c9cd88eb9e2d13334578aa5a4203b43e5c8f0d0df5407ff3cdf7ea00541a549e2226022ba5ff9c3aff904050b75188d +SHA512 (bind-9.16.37.tar.xz) = 2c4b01f6cc598849688b5b2710caf48db47e1e860df785783ef2b140a25507b48357a9becf7911ba0feda285c4bca87764e21128fac5cf17efa47fd5134dc59f +SHA512 (bind-9.16.37.tar.xz.asc) = 4dbc1cd2334546fb3da0280d511d93b01d9ac2d91f412b7c76a747ee5ab5dbf4a9e7858b2ef0e2f3ea2794212ab7fa54ce1c556ac516781c83bdd58f160cd54e