From ed7e9fe9c2c97215596d12888a7adc4a572a243b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Thu, 12 Jul 2018 01:50:07 +0000 Subject: Thu Jul 12 01:50:07 UTC 2018 a/kernel-generic-4.14.55-x86_64-1.txz: Upgraded. a/kernel-huge-4.14.55-x86_64-1.txz: Upgraded. a/kernel-modules-4.14.55-x86_64-1.txz: Upgraded. d/kernel-headers-4.14.55-x86-1.txz: Upgraded. d/rust-1.27.1-x86_64-1.txz: Upgraded. k/kernel-source-4.14.55-noarch-1.txz: Upgraded. n/bind-9.13.2-x86_64-1.txz: Upgraded. This update fixes security issues: Fixed a bug where extraordinarily large zone transfers caused several problems, with possible outcomes including corrupted journal files or server exit due to assertion failure. Don't permit recursive query service to unauthorized clients. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 (* Security fix *) n/curl-7.61.0-x86_64-1.txz: Upgraded. This update fixes a buffer overflow in SMTP send. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500 (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. --- source/n/bind/bind.libidn.patch | 297 ---------------------------------------- 1 file changed, 297 deletions(-) delete mode 100644 source/n/bind/bind.libidn.patch (limited to 'source/n/bind/bind.libidn.patch') diff --git a/source/n/bind/bind.libidn.patch b/source/n/bind/bind.libidn.patch deleted file mode 100644 index 6e042be74..000000000 --- a/source/n/bind/bind.libidn.patch +++ /dev/null @@ -1,297 +0,0 @@ -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in -index bd219c5..f71685b 100644 ---- a/bin/dig/Makefile.in -+++ b/bin/dig/Makefile.in -@@ -38,10 +38,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} \ - ${ISCCFGDEPLIBS} ${LWRESDEPLIBS} - - LIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn - - NOSYMLIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn - - SUBDIRS = - -@@ -59,6 +59,8 @@ HTMLPAGES = dig.html host.html nslookup.html - - MANOBJS = ${MANPAGES} ${HTMLPAGES} - -+EXT_CFLAGS = -DWITH_LIBIDN -+ - @BIND9_MAKE_RULES@ - - dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook -index 7a7e8e4..b36047f 100644 ---- a/bin/dig/dig.docbook -+++ b/bin/dig/dig.docbook -@@ -1251,8 +1251,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr - dig appropriately converts character encoding of - domain name before sending a request to DNS server or displaying a - reply from the server. -- If you'd like to turn off the IDN support for some reason, defines -- the IDN_DISABLE environment variable. -+ If you'd like to turn off the IDN support for some reason, define -+ the CHARSET=ASCII environment variable. - The IDN support is disabled if the variable is set when - dig runs. - -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 1f8bcf2..f657c30 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -33,6 +33,11 @@ - #include - #endif - -+#ifdef WITH_LIBIDN -+#include -+#include -+#endif -+ - #include - #ifdef DIG_SIGCHASE - #include -@@ -158,6 +163,14 @@ static void idn_check_result(idn_result_t r, const char *msg); - int idnoptions = 0; - #endif - -+#ifdef WITH_LIBIDN -+static isc_result_t libidn_locale_to_utf8 (const char* from, char *to); -+static isc_result_t libidn_utf8_to_ascii (const char* from, char *to); -+static isc_result_t output_filter (isc_buffer_t *buffer, -+ unsigned int used_org, -+ isc_boolean_t absolute); -+#endif -+ - isc_socket_t *keep = NULL; - isc_sockaddr_t keepaddr; - -@@ -1448,8 +1461,15 @@ setup_system(isc_boolean_t ipv4only, isc_boolean_t ipv6only) { - - #ifdef WITH_IDN - initialize_idn(); -+ -+#endif -+#ifdef WITH_LIBIDN -+ result = dns_name_settotextfilter(output_filter); -+ check_result(result, "dns_name_settotextfilter"); -+#ifdef HAVE_SETLOCALE -+ setlocale (LC_ALL, ""); -+#endif - #endif -- - if (keyfile[0] != 0) - setup_file_key(); - else if (keysecret[0] != 0) -@@ -2231,8 +2251,11 @@ setup_lookup(dig_lookup_t *lookup) { - idn_result_t mr; - char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; - #endif -+#ifdef WITH_LIBIDN -+ char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME]; -+#endif - --#ifdef WITH_IDN -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) - result = dns_name_settotextfilter(lookup->idnout ? - output_filter : NULL); - check_result(result, "dns_name_settotextfilter"); -@@ -2274,6 +2297,14 @@ setup_lookup(dig_lookup_t *lookup) { - mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, - utf8_textname, sizeof(utf8_textname)); - idn_check_result(mr, "convert textname to UTF-8"); -+#elif defined (WITH_LIBIDN) -+ result = libidn_locale_to_utf8 (lookup->textname, utf8_str); -+ check_result (result, "convert textname to UTF-8"); -+ len = strlen (utf8_str); -+ if (len < MXNAME) -+ (void) strcpy (utf8_name, utf8_str); -+ else -+ fatal ("Too long name"); - #endif - - /* -@@ -2286,15 +2317,11 @@ setup_lookup(dig_lookup_t *lookup) { - if (lookup->new_search) { - #ifdef WITH_IDN - if ((count_dots(utf8_textname) >= ndots) || !usesearch) { -- lookup->origin = NULL; /* Force abs lookup */ -- lookup->done_as_is = ISC_TRUE; -- lookup->need_search = usesearch; -- } else if (lookup->origin == NULL && usesearch) { -- lookup->origin = ISC_LIST_HEAD(search_list); -- lookup->need_search = ISC_FALSE; -- } -+#elif defined (WITH_LIBIDN) -+ if ((count_dots(utf8_name) >= ndots) || !usesearch) { - #else - if ((count_dots(lookup->textname) >= ndots) || !usesearch) { -+#endif - lookup->origin = NULL; /* Force abs lookup */ - lookup->done_as_is = ISC_TRUE; - lookup->need_search = usesearch; -@@ -2302,7 +2329,6 @@ setup_lookup(dig_lookup_t *lookup) { - lookup->origin = ISC_LIST_HEAD(search_list); - lookup->need_search = ISC_FALSE; - } --#endif - } - - #ifdef WITH_IDN -@@ -2319,6 +2345,20 @@ setup_lookup(dig_lookup_t *lookup) { - IDN_IDNCONV | IDN_LENCHECK, utf8_textname, - idn_textname, sizeof(idn_textname)); - idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); -+#elif defined (WITH_LIBIDN) -+ if (lookup->origin != NULL) { -+ result = libidn_locale_to_utf8 (lookup->origin->origin, utf8_str); -+ check_result (result, "convert origin to UTF-8"); -+ if (len > 0 && utf8_name[len - 1] != '.') { -+ utf8_name[len++] = '.'; -+ if (len + strlen (utf8_str) < MXNAME) -+ (void) strcpy (utf8_name + len, utf8_str); -+ else -+ fatal ("Too long name + origin"); -+ } -+ } -+ -+ result = libidn_utf8_to_ascii (utf8_name, ascii_name); - #else - if (lookup->origin != NULL) { - debug("trying origin %s", lookup->origin->origin); -@@ -2389,6 +2429,13 @@ setup_lookup(dig_lookup_t *lookup) { - result = dns_name_fromtext(lookup->name, &b, - dns_rootname, 0, - &lookup->namebuf); -+#elif defined (WITH_LIBIDN) -+ len = strlen (ascii_name); -+ isc_buffer_init(&b, ascii_name, len); -+ isc_buffer_add(&b, len); -+ result = dns_name_fromtext(lookup->name, &b, -+ dns_rootname, 0, -+ &lookup->namebuf); - #else - len = (unsigned int) strlen(lookup->textname); - isc_buffer_init(&b, lookup->textname, len); -@@ -4377,7 +4424,7 @@ destroy_libs(void) { - void * ptr; - dig_message_t *chase_msg; - #endif --#ifdef WITH_IDN -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) - isc_result_t result; - #endif - -@@ -4418,6 +4465,10 @@ destroy_libs(void) { - result = dns_name_settotextfilter(NULL); - check_result(result, "dns_name_settotextfilter"); - #endif -+#ifdef WITH_LIBIDN -+ result = dns_name_settotextfilter (NULL); -+ check_result(result, "clearing dns_name_settotextfilter"); -+#endif - dns_name_destroy(); - - if (commctx != NULL) { -@@ -4603,6 +4654,97 @@ idn_check_result(idn_result_t r, const char *msg) { - } - } - #endif /* WITH_IDN */ -+#ifdef WITH_LIBIDN -+static isc_result_t -+libidn_locale_to_utf8 (const char *from, char *to) { -+ char *utf8_str; -+ -+ debug ("libidn_locale_to_utf8"); -+ utf8_str = stringprep_locale_to_utf8 (from); -+ if (utf8_str != NULL) { -+ (void) strcpy (to, utf8_str); -+ free (utf8_str); -+ return ISC_R_SUCCESS; -+ } -+ -+ debug ("libidn_locale_to_utf8: failure"); -+ return ISC_R_FAILURE; -+} -+static isc_result_t -+libidn_utf8_to_ascii (const char *from, char *to) { -+ char *ascii; -+ int iresult; -+ -+ debug ("libidn_utf8_to_ascii"); -+ iresult = idna_to_ascii_8z (from, &ascii, 0); -+ if (iresult != IDNA_SUCCESS) { -+ debug ("idna_to_ascii_8z: %s", idna_strerror (iresult)); -+ return ISC_R_FAILURE; -+ } -+ -+ (void) strcpy (to, ascii); -+ free (ascii); -+ return ISC_R_SUCCESS; -+} -+ -+static isc_result_t -+output_filter (isc_buffer_t *buffer, unsigned int used_org, -+ isc_boolean_t absolute) { -+ -+ char tmp1[MXNAME], *tmp2; -+ size_t fromlen, tolen; -+ isc_boolean_t end_with_dot; -+ int iresult; -+ -+ debug ("output_filter"); -+ -+ fromlen = isc_buffer_usedlength (buffer) - used_org; -+ if (fromlen >= MXNAME) -+ return ISC_R_SUCCESS; -+ memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org, fromlen); -+ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; -+ if (absolute && !end_with_dot) { -+ fromlen++; -+ if (fromlen >= MXNAME) -+ return ISC_R_SUCCESS; -+ tmp1[fromlen - 1] = '.'; -+ } -+ tmp1[fromlen] = '\0'; -+ -+ iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0); -+ if (iresult != IDNA_SUCCESS) { -+ debug ("output_filter: %s", idna_strerror (iresult)); -+ return ISC_R_SUCCESS; -+ } -+ -+ (void) strcpy (tmp1, tmp2); -+ free (tmp2); -+ -+ tmp2 = stringprep_utf8_to_locale (tmp1); -+ if (tmp2 == NULL) { -+ debug ("output_filter: stringprep_utf8_to_locale failed"); -+ return ISC_R_SUCCESS; -+ } -+ -+ (void) strcpy (tmp1, tmp2); -+ free (tmp2); -+ -+ tolen = strlen (tmp1); -+ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') -+ tolen--; -+ -+ if (isc_buffer_length (buffer) < used_org + tolen) -+ return ISC_R_NOSPACE; -+ -+ debug ("%s", tmp1); -+ -+ isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) - used_org); -+ memcpy (isc_buffer_used (buffer), tmp1, tolen); -+ isc_buffer_add (buffer, tolen); -+ -+ return ISC_R_SUCCESS; -+} -+#endif /* WITH_LIBIDN*/ - - #ifdef DIG_SIGCHASE - void -- cgit v1.2.3