[pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/bind8 Pullup ticket 2369 - requested by to...

[ghen <ghen%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f4a12a5802f0
branches:  pkgsrc-2008Q1
changeset: 540326:f4a12a5802f0
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Sun May 11 09:33:42 2008 +0000

description:
Pullup ticket 2369 - requested by tonnerre
security fix for bind 8

- pkgsrc/net/bind8/Makefile                             1.40
- pkgsrc/net/bind8/distinfo                             1.22
- pkgsrc/net/bind8/patches/patch-ao                     1.1

   Module Name: pkgsrc
   Committed By:        tonnerre
   Date:                Sun May 11 00:00:57 UTC 2008

   Modified Files:
           pkgsrc/net/bind8: Makefile distinfo
   Added Files:
           pkgsrc/net/bind8/patches: patch-ao

   Log Message:
   Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced
   boundary check can be abused for implementation specific exploitation:
   depending on the use of libbind, this can result in denial of service
   or even remote code execution.

diffstat:

 net/bind8/Makefile         |   3 ++-
 net/bind8/distinfo         |   3 ++-
 net/bind8/patches/patch-ao |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diffs (47 lines):

diff -r 7c8bef41da9d -r f4a12a5802f0 net/bind8/Makefile
--- a/net/bind8/Makefile        Sun May 11 09:25:19 2008 +0000
+++ b/net/bind8/Makefile        Sun May 11 09:33:42 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.39 2007/11/17 12:04:13 rillig Exp $
+# $NetBSD: Makefile,v 1.39.4.1 2008/05/11 09:33:42 ghen Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME}pl1
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind8/src/${BIND_VERSION}/
 DISTFILES=     bind-src.tar.gz bind-doc.tar.gz
diff -r 7c8bef41da9d -r f4a12a5802f0 net/bind8/distinfo
--- a/net/bind8/distinfo        Sun May 11 09:25:19 2008 +0000
+++ b/net/bind8/distinfo        Sun May 11 09:33:42 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2007/09/10 19:05:01 adrianp Exp $
+$NetBSD: distinfo,v 1.21.6.1 2008/05/11 09:33:42 ghen Exp $
 
 SHA1 (bind/8.4.7/8.4.7-p1.patch) = 21ace372a55ff10166c3aaefb9ca25889b8e9c99
 RMD160 (bind/8.4.7/8.4.7-p1.patch) = 09787da6ebf107f680963ead6b9998f734244951
@@ -22,3 +22,4 @@
 SHA1 (patch-al) = f03b3b5480d9294673cdb86cf0f45f48ce9ea895
 SHA1 (patch-am) = 7acd974e10388dba0dcb44c28f2f03e18b7a1c28
 SHA1 (patch-an) = 41b63a50756d9f73152fc8a48dbf93657064e90f
+SHA1 (patch-ao) = 85ee16824e849ad227e04dbf71808446769438af
diff -r 7c8bef41da9d -r f4a12a5802f0 net/bind8/patches/patch-ao
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/bind8/patches/patch-ao        Sun May 11 09:33:42 2008 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ao,v 1.1.2.2 2008/05/11 09:33:42 ghen Exp $
+
+--- src/lib/inet/inet_network.c.orig   2004-03-17 01:20:24.000000000 +0100
++++ src/lib/inet/inet_network.c
+@@ -84,9 +84,9 @@ again:
+       }
+       if (!digit)
+               return (INADDR_NONE);
++      if (pp >= parts + 4 || val > 0xffU)
++              return (INADDR_NONE);
+       if (*cp == '.') {
+-              if (pp >= parts + 4 || val > 0xffU)
+-                      return (INADDR_NONE);
+               *pp++ = val, cp++;
+               goto again;
+       }