[pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/bind9 Pullup ticket 2370 - requested by to...

[ghen <ghen%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/09df17d96d80
branches:  pkgsrc-2008Q1
changeset: 540327:09df17d96d80
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Sun May 11 09:42:39 2008 +0000

description:
Pullup ticket 2370 - requested by tonnerre
security fix for bind 9

- pkgsrc/net/bind9/Makefile                             1.97
- pkgsrc/net/bind9/distinfo                             1.35
- pkgsrc/net/bind9/patches/patch-ap                     1.3

   Module Name:         pkgsrc
   Committed By:        tonnerre
   Date:                Sun May 11 00:00:59 UTC 2008

   Modified Files:
           pkgsrc/net/bind9: Makefile distinfo
   Added Files:
           pkgsrc/net/bind9/patches: patch-ap

   Log Message:
   Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced
   boundary check can be abused for implementation specific exploitation:
   depending on the use of libbind, this can result in denial of service
   or even remote code execution.

diffstat:

 net/bind9/Makefile         |   4 ++--
 net/bind9/distinfo         |   3 ++-
 net/bind9/patches/patch-ap |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r f4a12a5802f0 -r 09df17d96d80 net/bind9/Makefile
--- a/net/bind9/Makefile        Sun May 11 09:33:42 2008 +0000
+++ b/net/bind9/Makefile        Sun May 11 09:42:39 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.95 2008/01/18 05:08:40 tnn Exp $
+# $NetBSD: Makefile,v 1.95.2.1 2008/05/11 09:42:39 ghen Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P1/pl1/}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
 
diff -r f4a12a5802f0 -r 09df17d96d80 net/bind9/distinfo
--- a/net/bind9/distinfo        Sun May 11 09:33:42 2008 +0000
+++ b/net/bind9/distinfo        Sun May 11 09:42:39 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2007/08/08 18:32:46 reed Exp $
+$NetBSD: distinfo,v 1.34.6.1 2008/05/11 09:42:39 ghen Exp $
 
 SHA1 (bind-9.4.1-P1.tar.gz) = c65bfd3d6ff1dd78b678fe350e323bfb6d47fe1b
 RMD160 (bind-9.4.1-P1.tar.gz) = ced75a96098d78a7fdd8cc1d1e3daf2ad142ee9f
@@ -14,3 +14,4 @@
 SHA1 (patch-am) = bb267f13dbd30d492f4dfcf9c278b941efa97bed
 SHA1 (patch-an) = 6ec6ede602292ef2eaf5f0891e97576218bd8c3e
 SHA1 (patch-ao) = 9a1ed7b37befdd8e29d233fe55cd62362df3c50e
+SHA1 (patch-ap) = 800486318acbaae22d04ac6e2b7ccddd150fde90
diff -r f4a12a5802f0 -r 09df17d96d80 net/bind9/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/bind9/patches/patch-ap        Sun May 11 09:42:39 2008 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ap,v 1.2.10.1 2008/05/11 09:42:59 ghen Exp $
+
+--- lib/bind/inet/inet_network.c.orig  2005-04-27 07:00:54.000000000 +0200
++++ lib/bind/inet/inet_network.c
+@@ -84,9 +84,9 @@ again:
+       }
+       if (!digit)
+               return (INADDR_NONE);
++      if (pp >= parts + 4 || val > 0xffU)
++              return (INADDR_NONE);
+       if (*cp == '.') {
+-              if (pp >= parts + 4 || val > 0xffU)
+-                      return (INADDR_NONE);
+               *pp++ = val, cp++;
+               goto again;
+       }