| Summary: | <net-dns/bind-9.18.29: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Kyle Elbert <kcelbert> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | normal | CC: | anders.gentoo, chutzpah, ole+gentoo, vamp898 |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://kb.isc.org/docs/aa-00913 | ||
| See Also: | https://github.com/gentoo/gentoo/pull/25220 | ||
| Whiteboard: | A3 [stable] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 941696, 832218 | ||
| Bug Blocks: | |||
|
Description
Kyle Elbert
2024-07-23 22:57:00 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fee87f6a429d64ad7cdd55348802cd8662dc9c9c commit fee87f6a429d64ad7cdd55348802cd8662dc9c9c Author: Sam James <sam@gentoo.org> AuthorDate: 2024-08-31 05:55:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:17 +0000 profiles: mask new Bind Please unmask and test. If you have any issues, please file a new bug. The mask will be lifted by 2024-09-02. Test it before then please! Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eeefb354f217b318b31ef252c71d6cea749c0101 commit eeefb354f217b318b31ef252c71d6cea749c0101 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-02-16 00:32:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:17 +0000 profiles/arch/loong: mask bind[dnstap] dev-libs/fstrm not keyworded here Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> profiles/arch/loong/package.use.mask | 4 ++++ 1 file changed, 4 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=754524d4345dd41ff9e31cba85afb4f104a9815a commit 754524d4345dd41ff9e31cba85afb4f104a9815a Author: Sam James <sam@gentoo.org> AuthorDate: 2023-02-15 23:44:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:16 +0000 net-dns/bind-tools: add 9.18.0 This is just a proxy for net-dns/bind. Splitting the ebuilds is *way* too fragile and gains nothing because the same software gets built again anyway, just thrown away at the end. Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind-tools/bind-tools-9.18.0.ebuild | 14 ++++++++++++++ 1 file changed, 14 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e50ac466402806e78c10a98b626bd737e0edbe49 commit e50ac466402806e78c10a98b626bd737e0edbe49 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-08-31 06:56:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:16 +0000 net-dns/bind: restore some old files to /var/bind We need to keep named.cache, root.cache, and localhost.zone because we installed these for years *and* configs referencing them. Dropping them suddenly means they disappear yet the configs still refer to them. It's unnecessary disruption which we should handle at another time. (No CONFIG_PROTECT applies there.) Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/bind-9.18.29.ebuild | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ec2125d3019ec659f58f471f8f3b075a1e0bb86 commit 7ec2125d3019ec659f58f471f8f3b075a1e0bb86 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-17 04:27:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:15 +0000 net-dns/bind: add 9.18.29, drop 9.18.0 Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/Manifest | 2 +- .../{bind-9.18.0.ebuild => bind-9.18.29.ebuild} | 63 ++++++++++------------ 2 files changed, 30 insertions(+), 35 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=654c7d2780ac64a43e9ee0c04e0964a110755f5a commit 654c7d2780ac64a43e9ee0c04e0964a110755f5a Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-16 18:54:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:14 +0000 net-dns/bind: restore USE=jemalloc We can't force jemalloc because bind-tools (which this now blocks, and installs the same tools as, and we may end up just using net-dns/bind for all of it) needs to be usable in as many places as possible and jemalloc isn't ported to all arches. We can therefore restore ~sparc. Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/bind-9.18.0.ebuild | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de3f4c4ededefda3220a8dd4c7a8622567ed2584 commit de3f4c4ededefda3220a8dd4c7a8622567ed2584 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-16 18:50:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:14 +0000 net-dns/bind: use standard USE=test USE=test-extra means we lose some of the niceties of emerge ... --with-test-deps and such. In order to avoid circular dependencies, use the normal pattern of: - emerge -v1o --with-test-deps net-dns/bind - FEATURES=test emerge -v1 net-dns/bind Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/bind-9.18.0.ebuild | 7 ++++--- net-dns/bind/metadata.xml | 1 - 2 files changed, 4 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20c274b220ba9be18fa465ff03cd9e7b95b1591b commit 20c274b220ba9be18fa465ff03cd9e7b95b1591b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-16 18:35:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:13 +0000 net-dns/bind: restore chroot support Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Bug: https://github.com/gentoo/gentoo/pull/24001 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/bind-9.18.0.ebuild | 89 +++++++++++++++++++- net-dns/bind/files/named.confd-r8 | 19 +++++ net-dns/bind/files/named.init-r15 | 170 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 268 insertions(+), 10 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39301e95ce662ec2f7feda5aafc9adc32a04901d commit 39301e95ce662ec2f7feda5aafc9adc32a04901d Author: Eray Aslan <eraya@a21an.org> AuthorDate: 2022-01-29 17:01:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:13 +0000 net-dns/bind: whitespace Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/24001 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/files/named.conf-r9 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=261167b216cb2970b23e16aee3d0a76476d1adca commit 261167b216cb2970b23e16aee3d0a76476d1adca Author: Eray Aslan <eraya@a21an.org> AuthorDate: 2022-01-29 16:58:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:12 +0000 net-dns/bind: add dot and doh examples to config file Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/files/named.conf-r9 | 42 ++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 15 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0795ed82642d14ebb9e975db7bfd98fbca25c770 commit 0795ed82642d14ebb9e975db7bfd98fbca25c770 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2022-01-28 14:53:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:10:11 +0000 net-dns/bind: bump to 9.18.0 - punted CHROOT stuff to simplify the ebuild and scripts - bind-tools binaries (dig, delv etc) are not stand alone binaries anymore but link to bind libraries, i.e. net-dns/bind and net-dns/bind-tools by neccesity produce the same libraries resulting in file collisions. soft blocked each other for now - net-dns/bind now produces everything, including binaries produced by net-dns/bind-tools - old style dlz drivers have been removed upstream. prefer dumping from datastore (database, ldap etc) to a file on a regular basis/on demand instead anyway - licensing: bind is mozilla-2.0 - dev-libs/jemalloc is the preferred allocator for bind-9.18. made it obligatory and dropped sparc keyword - json and zlib USE flags dropped and made obligatory. zlib is more or less necessary because of doh stuff. json requirement is a small library. xml is still behind a USE flag as it has the potential to bring in big libraries (icu etc) - python is optional and only used for testing - upstream dropped berkdb support - unified geoip and geoip2 USE flags - build system now uses a more traditional autotools stack. punted old stuff from the ebuild - do not install a zone file for loopback addresses. they are already built in - no need for named.cache as well - install named.conf.auth as a sample config file for authoratative named server. recursive server do not need one to function - openrc init script and confd revized, mostly because of punting chroot Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/Manifest | 1 + net-dns/bind/bind-9.18.0.ebuild | 151 ++++++++++++++++++++++++++++++++++++++ net-dns/bind/files/named.conf-r9 | 21 ++++++ net-dns/bind/files/named.confd-r8 | 18 +++++ net-dns/bind/files/named.init-r15 | 99 +++++++++++++++++++++++++ net-dns/bind/metadata.xml | 2 + 6 files changed, 292 insertions(+) |
