fixes commit 098600ef (main/heimdal: security fix (CVE-2017-17439))

fixes https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/issues/6

ref #11914

remove duplicate entry in secfixes comment and unused patch for
CVE-2019-6116.

The compressed .tgz patch that was added in commit 44af29fb
(main/ghostscript: security update for CVE-2019-6116) was actually never
applied. The issue was fixed in 9.26-r2.

ref #11914

ref #11914

CVE-2017-3142 and CVE-2017-3143 were fixed in 9.11.1_p1-r1,
commit 000448bf (main/bind: fix for CVE-2017-3142 and CVE-2017-3143.
Fixes #7497).

CVE-2017-3145 was fixed in 9.11.2_p1-r0, commit 000448bf (main/bind:
fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497)

ref #11914

Update secfixes comment and remove duplicate entry for CVE-2018-5712.

The fix for CVE-2018-5712 in 7.1.13 was incomplete and got finally fixed
in 7.1.17 together with a new CVE id (CVE-2018-10547).

ref #11914
upstream ref: https://bugs.php.net/bug.php?id=76129

The fix for CVE-2018-5712 in 5.6.33 was incomplete and got finally fixed
in 5.6.36 together with a new CVE id (CVE-2018-10547).

Update secfixes comment and remove duplicate entry for CVE-2018-5712.

ref #11914
upstream ref: https://bugs.php.net/bug.php?id=76129

CVE-2017-3738 was fixed in commit 69941fbb (main/openssl: security
upgrade to 1.0.2n)

Richard Mortier authored 5 years ago and Natanael Copa committed 5 years ago

Signed-off-by: Richard Mortier <mort@cantab.net>

Fixes #10336

- CVE-2019-8320
- CVE-2019-8321
- CVE-2019-8322
- CVE-2019-8323
- CVE-2019-8324
- CVE-2019-8325

fixes #10290

fixes #10256

(cherry picked from commit ebd55722)

fixes #9644

(cherry picked from commit cde8024d)

Leo authored 5 years ago and Natanael Copa committed 5 years ago

- Add secfixes
  CVE-2019-7317
  CVE-2018-14048
  CVE-2018-14550
- Remove pkg-config detected depends_dev

fixes #10365

This fixes builds on non-x86

This release introduced 3 new tools with python dependency
(dnssec-checkdns, dnssec-coverage and dnssec-keymgr). Move those tools
to a subpackage, bind-dnssec-tools, to avoid unexpectedly pull in python
as dependency for stable upgraders.

There are other tools in bind-tools that belongs to bind-dnssec-tools,
but we dont move those in a stable branch to avoid breaking things for
current users.

Include patch to fix build on non-x86:
https://gitlab.isc.org/isc-projects/bind9/commit/d72f436b7d7c697b262968c48c2d7643069ab17f
https://lists.isc.org/pipermail/bind-users/2019-April/101673.html

fixes #10371

tcely authored 5 years ago and Natanael Copa committed 5 years ago

https://www.dabeaz.com/ply/
Python Lex & Yacc

needed by bind

Andy Postnikov authored 6 years ago and Natanael Copa committed 5 years ago

fixes #10202

Sören Tempel authored 7 years ago and Natanael Copa committed 5 years ago

Not strictly needed but since this is code written by us, fixing it
seems to be a good idea.

Fixes #10328

CVE-2018-14629, CVE-2018-16841 and CVE-2018-16851

- CVE-2018-14647
- CVE-2018-20406
- CVE-2019-9636

fixes #10300

CVE-2019-1787, CVE-2019-1788, CVE-2019-1789

Fixes #10266

Fixes #10250

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>

fixes #10281

https://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html

- CVE-2019-6465
- CVE-2018-5745
- CVE-2018-5744
- CVE-2018-5740
- CVE-2018-5738

Fixes #10169

With the release of BIND 9.11.0, ISC changed to the open source license
for BIND from the ISC license to the Mozilla Public License (MPL 2.0).

BIND 9.11 (Extended Support Version) will be supported until at least
December, 2021.

FAIL: gdimagecopyresampled/bug00201
FAIL: gdimagegrayscale/basic

CVE-2018-5711, CVE-2019-6977, CVE-2019-6978

Fixes #10087

CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898

Fixes #10197

Update license, disable check