diff --git a/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list b/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list index 2a8dd47edd..7f9fad5503 100644 --- a/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list +++ b/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list @@ -90,6 +90,8 @@ licenses net-analyzer/nmap +net-dns/bind-tools + net-fs/cifs-utils net-libs/gnutls diff --git a/sdk_container/src/third_party/portage-stable/changelog/security/2022-10-11-bind-tools-update.md b/sdk_container/src/third_party/portage-stable/changelog/security/2022-10-11-bind-tools-update.md new file mode 100644 index 0000000000..97cc64e39e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-10-11-bind-tools-update.md @@ -0,0 +1 @@ +- bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178)) diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-10-11-bind-tools-update.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-10-11-bind-tools-update.md new file mode 100644 index 0000000000..4db375c12b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-10-11-bind-tools-update.md @@ -0,0 +1 @@ +- bind tools ([9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES)) diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/Manifest b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/Manifest index fe9aee4cdc..e3e798fba8 100644 --- a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/Manifest @@ -1,6 +1,6 @@ -DIST bind-9.16.15.tar.xz 5025688 BLAKE2B 8b0723d46f812793f5a52b1ddacf21fe28e183ef8cd166eadf0af163280021fce7c0a6a560d28dacbc6dd4642e41eb5424b4de2c5ff1049a5cfa5d52e3df5beb SHA512 30dad6e2144b3ac53ef0a2d1ed3c8342120f148fc0eb6409113a6d5ed3444eecb917915fdf39c26fd223396fc1e873410a50da305f0b870864f7fbbdccec8033 -DIST bind-9.16.18.tar.xz 5023512 BLAKE2B 7766c1e6ab30ae42f0ba49d96fe0e2675e79aa01c48569d3cf5c122944319fbb88299a193ce06cc0aa67f6085fd80e29472fc7adc845e4bbb7ff6896dae87ed6 SHA512 6ba2f14324ebdc66d2a6d60e929fb47e170dd7662cf4b18ef3ad9da30a61b43c7d5539e931c483ab36e63ae0398aeed255fd672489fb332dccf182df9aa102f9 -DIST bind-9.16.21.tar.xz 5057816 BLAKE2B bc7de285b45084a4904aee7c5c3042c7a2075968f19ed76b932c976f86f60bc8bf0d6cce8889a9adf7e807c8151bd6088ef1b2b00460a4d1cff7a74bb2221d43 SHA512 2cb71e50600fd7409ca7b7e2e9cf4ef6668b07faad7980ac8060e6a76f30a315182d75534ad1dcfb740c225cdf727b2bd6aa9ceb24ab77ffff09b7b5d6eaca2d -DIST bind-9.16.22.tar.xz 5059000 BLAKE2B c4853a8be268f9666f3677adf2e64c6d74f7df44d2dc05df544cead38c6c3b86489d25a66ccea6ce8ca89fa525a1848fe93a8aaa6bb1ee090aa189bf6aad40f3 SHA512 586fb4d5a656d6539033dcdfdd230b36465a2d2e6ada651c1f1548d062a9050e7a962af87e2a56931fe24c65586d29012d4a041dcddbb28f42b4d01fe291d9d1 -DIST bind-9.16.25.tar.xz 5086780 BLAKE2B cb62d0d4e25f508f1a77fae6a11ff144d2436346c45a936d572df4c843cd72ec81cffacd0a81dcb74eb73b8bca7d0762a5746baadda36f260b79b72eade24d18 SHA512 e43c0e59159d3a5642db051f3982d8767fb726426380c32960fefe4b9afd05708ed8f7e80a98b803a580b048e1a368c888e2dd5695fa5fcd7b8b75574a27cb62 DIST bind-9.16.27.tar.xz 5084340 BLAKE2B 37b49ce81aa5122493a4feb2bb7be53c5d46ff2ce28456aec31ce1332520a09c10bb2293c736bffe7badbc2bc3d156c05f83367678bd101e17b99ca3ff69bebf SHA512 5c71f228db83aa8cc9e65466d6e5afca4a9f80c693358111a003fe09e1a14522175eb2b6a0f11e2a2cd4fdba01f2ae315de52e394a441b3861ca2a011e02af62 +DIST bind-9.16.29.tar.xz 5088348 BLAKE2B 17ee1443926327c30f1d5820110b01a193c53eb24e23385b713217a4e49d9c2b5ddb6e1c49cb80d2c9083c71ce7872a26fe3597209f2e3215e6cc7e930e68004 SHA512 b4acbafed370438ac53e73468ccb5ea5745a1c8f764dd96f9c9a027594a3b7ce0d486e7f01138b39795b456265e0e6116cd76e44f5a3329687cd718550ca79fb +DIST bind-9.16.30.tar.xz 5086288 BLAKE2B 35fe14b58a018df25563e58a9632b4431f740bc7a708eb823117541548d23b1855e43058cf7323361ca904d5e59d687e282abb73dc8b617e4eb25ef113168e93 SHA512 cc9bcbedf63c2efe0a23f14db3e57fdae46f0509aac58e5840a6805ce4fbd76cad5bfde4d461442adb88c4d947f8d79bf979aeb24aeb9303b6adc8d169b7118c +DIST bind-9.16.31.tar.xz 5087424 BLAKE2B 75c9038c00fe289161a15a8e4fdadaef5a6a7f3ca03068ec24e82aa9f30ac82d0ded9cf73df83219058cd81b198ea8f561211a323e31b41407294f6932dc61d3 SHA512 8577b4d021a5a763b8669d59ef6c3499238e87657ca94ccfc530cb9a7a215ee3682002aa6141f5731154cbc43e0e6094372961468811a68bbd2a37e20e287c7e +DIST bind-9.16.32.tar.xz 5091860 BLAKE2B df6f2c878138015da580dfaf0e16b5a97b11ead9f99c1425a09da8484954196ea3dafb828ac3ab386200ce2b180646c7eb1e0e62a84c153162270a4a1e19a5fc SHA512 99abedf055901b43e1a85c448ee4c2dd731b7ab77de1454b73c8f9df816aa32262e70e23a8112959d94be990fd4f1c48c36611657ba745670141a7447fd53316 +DIST bind-9.16.33.tar.xz 5092516 BLAKE2B 4246b61ce91af3d494ace4b8065b4c0043b2cfaf28c6de326691a969837e7d1cfbc0dac6b1e1a5182fc32af68048abcfa1202d00022951f3caa13afb03ebeb69 SHA512 43fd2cea52dfd1115a4cca83830ab5b93208be401cdbbdff2bbf204b8f0d99fb434ad3156d3a21649488cc904ae09f145feba97b9b6918b0cf063ff5e2b10af5 diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.25.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild similarity index 93% rename from sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.25.ebuild rename to sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild index 95720a1a0c..6ab46c3106 100644 --- a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.25.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild @@ -46,6 +46,10 @@ S="${WORKDIR}/${MY_P}" # bug 479092, requires networking RESTRICT="test" +PATCHES=( + "${FILESDIR}"/${P}-fortify-source-3.patch +) + src_prepare() { default @@ -54,6 +58,10 @@ src_prepare() { # Disable tests for now, bug 406399 sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + # Do not disable thread local storage on Solaris, it works with our + # toolchain, and it breaks further configure checks + sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die + # bug #220361 rm aclocal.m4 || die rm -rf libtool.m4/ || die diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.22.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.30.ebuild similarity index 79% rename from sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.22.ebuild rename to sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.30.ebuild index 2d254f1dda..777764136b 100644 --- a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.22.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.30.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit autotools flag-o-matic toolchain-funcs +inherit autotools flag-o-matic multiprocessing toolchain-funcs MY_PN=${PN//-tools} MY_PV=${PV/_p/-P} @@ -17,13 +17,14 @@ SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz" LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+caps doc gssapi idn ipv6 libedit readline xml" +IUSE="+caps doc gssapi idn ipv6 libedit readline test xml" # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 +RESTRICT="!test? ( test )" COMMON_DEPEND=" dev-libs/libuv:= - caps? ( sys-libs/libcap ) dev-libs/openssl:= + caps? ( sys-libs/libcap ) xml? ( dev-libs/libxml2 ) idn? ( net-dns/libidn2:= ) gssapi? ( virtual/krb5 ) @@ -37,22 +38,24 @@ RDEPEND="${COMMON_DEPEND}" # sphinx required for man-page and html creation BDEPEND=" - doc? ( dev-python/sphinx ) virtual/pkgconfig + doc? ( dev-python/sphinx ) + test? ( + dev-util/cmocka + dev-util/kyua + ) " S="${WORKDIR}/${MY_P}" -# bug 479092, requires networking -RESTRICT="test" - src_prepare() { default - export LDFLAGS="${LDFLAGS} -L${EPREFIX}/usr/$(get_libdir)" + append-ldflags "-L${ESYSROOT}/usr/$(get_libdir)" - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + # Do not disable thread local storage on Solaris, it works with our + # toolchain, and it breaks further configure checks + sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die # bug #220361 rm aclocal.m4 || die @@ -88,22 +91,22 @@ src_configure() { myeconfargs+=( --without-readline ) fi - # bug 344029 + # bug #344029 append-cflags "-DDIG_SIGCHASE" # to expose CMSG_* macros from sys/sockets.h [[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600" - # localstatedir for nsupdate -l, bug 395785 + # localstatedir for nsupdate -l, bug #395785 tc-export BUILD_CC econf "${myeconfargs[@]}" # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h + echo '#undef SO_BSDCOMPAT' >> config.h || die } src_compile() { - local AR=$(tc-getAR) + local AR="$(tc-getAR)" emake AR="${AR}" -C lib/ emake AR="${AR}" -C bin/delv/ @@ -113,6 +116,11 @@ src_compile() { emake -C doc/man/ man $(usev doc) } +src_test() { + # system tests ('emake test') require network configuration for IPs etc + TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit +} + src_install() { local man_dir="${S}/doc/man" local html_dir="${man_dir}/_build/html" diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.18.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.31.ebuild similarity index 74% rename from sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.18.ebuild rename to sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.31.ebuild index fdd10e501a..4a9cc94b8e 100644 --- a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.18.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.31.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit autotools flag-o-matic toolchain-funcs +inherit autotools flag-o-matic multiprocessing toolchain-funcs MY_PN=${PN//-tools} MY_PV=${PV/_p/-P} @@ -11,19 +11,20 @@ MY_PV=${MY_PV/_rc/rc} MY_P="${MY_PN}-${MY_PV}" DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen" -HOMEPAGE="https://www.isc.org/software/bind" +HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9" SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz" LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+caps doc gssapi idn ipv6 libedit readline xml" -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 +IUSE="+caps doc gssapi idn libedit readline test xml" +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687 +RESTRICT="!test? ( test )" COMMON_DEPEND=" dev-libs/libuv:= - caps? ( sys-libs/libcap ) dev-libs/openssl:= + caps? ( sys-libs/libcap ) xml? ( dev-libs/libxml2 ) idn? ( net-dns/libidn2:= ) gssapi? ( virtual/krb5 ) @@ -37,22 +38,24 @@ RDEPEND="${COMMON_DEPEND}" # sphinx required for man-page and html creation BDEPEND=" - doc? ( dev-python/sphinx ) virtual/pkgconfig + doc? ( dev-python/sphinx ) + test? ( + dev-util/cmocka + dev-util/kyua + ) " S="${WORKDIR}/${MY_P}" -# bug 479092, requires networking -RESTRICT="test" - src_prepare() { default - export LDFLAGS="${LDFLAGS} -L${EPREFIX}/usr/$(get_libdir)" + append-ldflags "-L${ESYSROOT}/usr/$(get_libdir)" - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + # Do not disable thread local storage on Solaris, it works with our + # toolchain, and it breaks further configure checks + sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die # bug #220361 rm aclocal.m4 || die @@ -70,8 +73,8 @@ src_configure() { --without-lmdb --without-maxminddb --disable-geoip - --with-openssl="${EPREFIX}"/usr - $(use_with idn libidn2) + --with-openssl="${ESYSROOT}"/usr + $(use_with idn libidn2 "${ESYSROOT}"/usr) $(use_with xml libxml2) $(use_with gssapi) $(use_with readline) @@ -88,22 +91,22 @@ src_configure() { myeconfargs+=( --without-readline ) fi - # bug 344029 + # bug #344029 append-cflags "-DDIG_SIGCHASE" # to expose CMSG_* macros from sys/sockets.h [[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600" - # localstatedir for nsupdate -l, bug 395785 + # localstatedir for nsupdate -l, bug #395785 tc-export BUILD_CC econf "${myeconfargs[@]}" # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h + echo '#undef SO_BSDCOMPAT' >> config.h || die } src_compile() { - local AR=$(tc-getAR) + local AR="$(tc-getAR)" emake AR="${AR}" -C lib/ emake AR="${AR}" -C bin/delv/ @@ -113,6 +116,12 @@ src_compile() { emake -C doc/man/ man $(usev doc) } +src_test() { + # system tests ('emake test') require network configuration for IPs etc + # so we run the unit tests instead. + TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit +} + src_install() { local man_dir="${S}/doc/man" local html_dir="${man_dir}/_build/html" diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.21.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.32.ebuild similarity index 74% rename from sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.21.ebuild rename to sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.32.ebuild index fdd10e501a..4a9cc94b8e 100644 --- a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.21.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.32.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit autotools flag-o-matic toolchain-funcs +inherit autotools flag-o-matic multiprocessing toolchain-funcs MY_PN=${PN//-tools} MY_PV=${PV/_p/-P} @@ -11,19 +11,20 @@ MY_PV=${MY_PV/_rc/rc} MY_P="${MY_PN}-${MY_PV}" DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen" -HOMEPAGE="https://www.isc.org/software/bind" +HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9" SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz" LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+caps doc gssapi idn ipv6 libedit readline xml" -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 +IUSE="+caps doc gssapi idn libedit readline test xml" +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687 +RESTRICT="!test? ( test )" COMMON_DEPEND=" dev-libs/libuv:= - caps? ( sys-libs/libcap ) dev-libs/openssl:= + caps? ( sys-libs/libcap ) xml? ( dev-libs/libxml2 ) idn? ( net-dns/libidn2:= ) gssapi? ( virtual/krb5 ) @@ -37,22 +38,24 @@ RDEPEND="${COMMON_DEPEND}" # sphinx required for man-page and html creation BDEPEND=" - doc? ( dev-python/sphinx ) virtual/pkgconfig + doc? ( dev-python/sphinx ) + test? ( + dev-util/cmocka + dev-util/kyua + ) " S="${WORKDIR}/${MY_P}" -# bug 479092, requires networking -RESTRICT="test" - src_prepare() { default - export LDFLAGS="${LDFLAGS} -L${EPREFIX}/usr/$(get_libdir)" + append-ldflags "-L${ESYSROOT}/usr/$(get_libdir)" - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + # Do not disable thread local storage on Solaris, it works with our + # toolchain, and it breaks further configure checks + sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die # bug #220361 rm aclocal.m4 || die @@ -70,8 +73,8 @@ src_configure() { --without-lmdb --without-maxminddb --disable-geoip - --with-openssl="${EPREFIX}"/usr - $(use_with idn libidn2) + --with-openssl="${ESYSROOT}"/usr + $(use_with idn libidn2 "${ESYSROOT}"/usr) $(use_with xml libxml2) $(use_with gssapi) $(use_with readline) @@ -88,22 +91,22 @@ src_configure() { myeconfargs+=( --without-readline ) fi - # bug 344029 + # bug #344029 append-cflags "-DDIG_SIGCHASE" # to expose CMSG_* macros from sys/sockets.h [[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600" - # localstatedir for nsupdate -l, bug 395785 + # localstatedir for nsupdate -l, bug #395785 tc-export BUILD_CC econf "${myeconfargs[@]}" # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h + echo '#undef SO_BSDCOMPAT' >> config.h || die } src_compile() { - local AR=$(tc-getAR) + local AR="$(tc-getAR)" emake AR="${AR}" -C lib/ emake AR="${AR}" -C bin/delv/ @@ -113,6 +116,12 @@ src_compile() { emake -C doc/man/ man $(usev doc) } +src_test() { + # system tests ('emake test') require network configuration for IPs etc + # so we run the unit tests instead. + TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit +} + src_install() { local man_dir="${S}/doc/man" local html_dir="${man_dir}/_build/html" diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.15.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.33.ebuild similarity index 74% rename from sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.15.ebuild rename to sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.33.ebuild index 892235add4..013e0effc4 100644 --- a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.15.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.33.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit autotools flag-o-matic toolchain-funcs +inherit autotools flag-o-matic multiprocessing toolchain-funcs MY_PN=${PN//-tools} MY_PV=${PV/_p/-P} @@ -11,19 +11,20 @@ MY_PV=${MY_PV/_rc/rc} MY_P="${MY_PN}-${MY_PV}" DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen" -HOMEPAGE="https://www.isc.org/software/bind" +HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9" SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz" LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+caps doc gssapi idn ipv6 libedit readline xml" -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 +IUSE="+caps doc gssapi idn libedit readline test xml" +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687 +RESTRICT="!test? ( test )" COMMON_DEPEND=" dev-libs/libuv:= - caps? ( sys-libs/libcap ) dev-libs/openssl:= + caps? ( sys-libs/libcap ) xml? ( dev-libs/libxml2 ) idn? ( net-dns/libidn2:= ) gssapi? ( virtual/krb5 ) @@ -37,22 +38,24 @@ RDEPEND="${COMMON_DEPEND}" # sphinx required for man-page and html creation BDEPEND=" - doc? ( dev-python/sphinx ) virtual/pkgconfig + doc? ( dev-python/sphinx ) + test? ( + dev-util/cmocka + dev-util/kyua + ) " S="${WORKDIR}/${MY_P}" -# bug 479092, requires networking -RESTRICT="test" - src_prepare() { default - export LDFLAGS="${LDFLAGS} -L${EPREFIX}/usr/$(get_libdir)" + append-ldflags "-L${ESYSROOT}/usr/$(get_libdir)" - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + # Do not disable thread local storage on Solaris, it works with our + # toolchain, and it breaks further configure checks + sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die # bug #220361 rm aclocal.m4 || die @@ -70,8 +73,8 @@ src_configure() { --without-lmdb --without-maxminddb --disable-geoip - --with-openssl="${EPREFIX}"/usr - $(use_with idn libidn2) + --with-openssl="${ESYSROOT}"/usr + $(use_with idn libidn2 "${ESYSROOT}"/usr) $(use_with xml libxml2) $(use_with gssapi) $(use_with readline) @@ -88,22 +91,22 @@ src_configure() { myeconfargs+=( --without-readline ) fi - # bug 344029 + # bug #344029 append-cflags "-DDIG_SIGCHASE" # to expose CMSG_* macros from sys/sockets.h [[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600" - # localstatedir for nsupdate -l, bug 395785 + # localstatedir for nsupdate -l, bug #395785 tc-export BUILD_CC econf "${myeconfargs[@]}" # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h + echo '#undef SO_BSDCOMPAT' >> config.h || die } src_compile() { - local AR=$(tc-getAR) + local AR="$(tc-getAR)" emake AR="${AR}" -C lib/ emake AR="${AR}" -C bin/delv/ @@ -113,6 +116,12 @@ src_compile() { emake -C doc/man/ man $(usev doc) } +src_test() { + # system tests ('emake test') require network configuration for IPs etc + # so we run the unit tests instead. + TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit +} + src_install() { local man_dir="${S}/doc/man" local html_dir="${man_dir}/_build/html" diff --git a/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/files/bind-tools-9.16.29-fortify-source-3.patch b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/files/bind-tools-9.16.29-fortify-source-3.patch new file mode 100644 index 0000000000..d084d6e62c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-dns/bind-tools/files/bind-tools-9.16.29-fortify-source-3.patch @@ -0,0 +1,35 @@ +https://gitlab.isc.org/isc-projects/bind9/-/commit/b6670787d25743ddf39dfe8e615828efc928f50d +https://gitlab.isc.org/isc-projects/bind9/-/issues/3351 +https://bugs.gentoo.org/847295 + +From: Evan Hunt +Date: Fri, 13 May 2022 19:59:58 -0700 +Subject: [PATCH] prevent a possible buffer overflow in configuration check + +corrected code that could have allowed a buffer overfow while +parsing named.conf. + +(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472) +--- a/lib/bind9/check.c ++++ b/lib/bind9/check.c +@@ -2500,8 +2500,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, + } else if (dns_name_isula(zname)) { + ula = true; + } +- tmp += strlen(tmp); + len -= strlen(tmp); ++ tmp += strlen(tmp); + (void)snprintf(tmp, len, "%u/%s", zclass, + (ztype == CFG_ZONE_INVIEW) ? target + : (viewname != NULL) ? viewname +@@ -3247,8 +3247,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, + char *tmp = keydirbuf; + size_t len = sizeof(keydirbuf); + dns_name_format(zname, keydirbuf, sizeof(keydirbuf)); +- tmp += strlen(tmp); + len -= strlen(tmp); ++ tmp += strlen(tmp); + (void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir); + tresult = keydirexist(zconfig, (const char *)keydirbuf, + kaspname, keydirs, logctx, mctx); +GitLab