From 180e2fcdc7fba9b47d94a88df00f5e61c7e07e44 Mon Sep 17 00:00:00 2001 From: erwin Date: Wed, 27 Mar 2013 10:11:43 +0000 Subject: Update to 9.8.4-P2 Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] Security: CVE-2013-2266 Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S --- contrib/bind9/CHANGES | 7 +++++++ contrib/bind9/config.h.in | 3 --- contrib/bind9/configure.in | 2 +- contrib/bind9/version | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) (limited to 'contrib/bind9') diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index 6d1ee31..bd064e5 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,3 +1,10 @@ + --- 9.8.4-P2 released --- + +3516. [security] Removed the check for regex.h in configure in order + to disable regex syntax checking, as it exposes + BIND to a critical flaw in libregex on some + platforms. [RT #32688] + --- 9.8.4-P1 released --- 3407. [security] Named could die on specific queries with dns64 enabled. diff --git a/contrib/bind9/config.h.in b/contrib/bind9/config.h.in index e2f5999..42d7a21 100644 --- a/contrib/bind9/config.h.in +++ b/contrib/bind9/config.h.in @@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int *sig); /* Define if your OpenSSL version supports GOST. */ #undef HAVE_OPENSSL_GOST -/* Define to 1 if you have the header file. */ -#undef HAVE_REGEX_H - /* Define to 1 if you have the `setegid' function. */ #undef HAVE_SETEGID diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in index a0ec700..0567add 100644 --- a/contrib/bind9/configure.in +++ b/contrib/bind9/configure.in @@ -298,7 +298,7 @@ esac AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, +AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, [$ac_includes_default #ifdef HAVE_SYS_PARAM_H # include diff --git a/contrib/bind9/version b/contrib/bind9/version index 1090bee..da686fa 100644 --- a/contrib/bind9/version +++ b/contrib/bind9/version @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=8 PATCHVER=4 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2 -- cgit v1.1