diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2018-07-14 20:55:36 +0300 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2018-07-14 20:56:03 +0300 |
commit | 0a34402b19b0563e3723f26fadb3681537e08faf (patch) | |
tree | 5ef4a8dd48b913971fbf42369448ed01712daa9d /gnu/packages/patches/bind-CVE-2018-5738.patch | |
parent | 8911d85b9c361c53df9a9b70ae7f8b03fbdb5b49 (diff) | |
parent | 5908818e309280b124b64f5320e4b98210093061 (diff) | |
download | guix-0a34402b19b0563e3723f26fadb3681537e08faf.tar.gz |
Merge remote-tracking branch 'origin/master' into qt-updates
Diffstat (limited to 'gnu/packages/patches/bind-CVE-2018-5738.patch')
-rw-r--r-- | gnu/packages/patches/bind-CVE-2018-5738.patch | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/gnu/packages/patches/bind-CVE-2018-5738.patch b/gnu/packages/patches/bind-CVE-2018-5738.patch deleted file mode 100644 index ddef014651..0000000000 --- a/gnu/packages/patches/bind-CVE-2018-5738.patch +++ /dev/null @@ -1,100 +0,0 @@ -Fix CVE-2018-5738: - -https://kb.isc.org/article/AA-01616/0/CVE-2018-5738 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 - -diff --git a/bin/named/server.c b/bin/named/server.c -index f63554e..847c4ff 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECKM(named_config_getport(config, &port), "port"); - dns_view_setdstport(view, port); - -- CHECK(configure_view_acl(vconfig, config, named_g_config, -- "allow-query", NULL, actx, -- named_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - "allow-query-cache-on", NULL, actx, - named_g_mctx, &view->cacheonacl)); - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, named_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ named_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ named_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - named_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - named_g_mctx, &view->recursiononacl)); -@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion", NULL, - actx, named_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion-on", NULL, - actx, named_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-query-cache", NULL, - actx, named_g_mctx, -@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, named_g_config, -+ "allow-query", NULL, -+ actx, named_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, |