main/bind: security upgrade to 9.11.0_p5 - fixes #7141

CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

main/bind: security upgrade to 9.11.0_p5 - fixes #7141
d3fda9ff · Sergei Lukin · Leonardo Arena · 0f35f852 · d3fda9ff
Commit d3fda9ff authored 7 years ago by Sergei Lukin Committed by Leonardo Arena 7 years ago
--- a/main/bind/APKBUILD
+++ b/main/bind/APKBUILD
@@ -3,7 +3,7 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=bind
-pkgver=9.11.0_p3
+pkgver=9.11.0_p5
 _ver=${pkgver%_p*}
 _p=${pkgver#*_p}
 [ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p"
@@ -30,6 +30,10 @@ source="http://ftp.isc.org/isc/bind9/${_ver}/bind-${_ver}.tar.gz
 	"
 # secfixes:
+#   9.11.0_p5-r0:
+#     - CVE-2017-3136
+#     - CVE-2017-3137
+#     - CVE-2017-3138
 #   9.10.4_p5-r0:
 #     - CVE-2016-9131
 #     - CVE-2016-9147
@@ -132,7 +136,7 @@ tools() {
 	done
 }
-sha512sums="fd5818ea36d7d4aa754a69ced675485cdb80b82f871b3f175c24715c0bd57fc78d4566657996f86ab32cb4158a974e97bb941ff9920cc3718b3484c161164b45  bind-9.11.0-P3.tar.gz
+sha512sums="142407db35a7bba6e676f2b3dc726a3a6ece9df8a27722f108ec309e24c4614da097b6cd31675c4925e68ff147896bc0a16dd71aa74dd73753ba86a2dbd7d3bd  bind-9.11.0-P5.tar.gz
 f3e3d1b680617485b9db20a59a10fec3b3b539d423984493228a7d5aaa29d699b9012ad60e863e56bdaf15b73952c22710d0ded1c86cd24417ac775ee062cfa3  bind.so_bsdcompat.patch
 196c0a3b43cf89e8e3547d7fb63a93ff9a3306505658dfd9aa78e6861be6b226580b424dd3dd44b955b2d9f682b1dc62c457f3ac29ce86200ef070140608c015  named.initd
 127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf  named.confd