[pkg-dhcp-commits] [SCM] ISC DHCP packaging for Debian branch, master, updated. debian/4.2.4-5-1-g0eb7775

Michael Gilbert mgilbert at debian.org
Tue Apr 2 01:21:28 UTC 2013 

The following commit has been merged in the master branch:
commit 0eb7775d92b2274903a4dd26af78d9aa9b77a0a7
Author: Michael Gilbert <mgilbert at debian.org>
Date:   Mon Apr 1 21:19:53 2013 -0400

    fix cve-2013-2494

diff --git a/debian/bind-patches/cve-2013-2494.patch b/debian/bind-patches/cve-2013-2494.patch
new file mode 100644
index 0000000..d722e1e
--- /dev/null
+++ b/debian/bind-patches/cve-2013-2494.patch
@@ -0,0 +1,40 @@
+Index: bind-9.8.3/config.h.in
+===================================================================
+--- bind-9.8.3.orig/config.h.in	2012-05-09 22:43:18.000000000 +0000
++++ bind-9.8.3/config.h.in	2013-03-31 22:54:10.010907735 +0000
+@@ -280,9 +280,6 @@
+ /* Define if your OpenSSL version supports GOST. */
+ #undef HAVE_OPENSSL_GOST
+ 
+-/* Define to 1 if you have the <regex.h> header file. */
+-#undef HAVE_REGEX_H
+-
+ /* Define to 1 if you have the `setegid' function. */
+ #undef HAVE_SETEGID
+ 
+Index: bind-9.8.3/configure
+===================================================================
+--- bind-9.8.3.orig/configure	2012-05-09 22:43:18.000000000 +0000
++++ bind-9.8.3/configure	2013-03-31 22:53:24.410908128 +0000
+@@ -20443,7 +20443,7 @@
+ fi
+ 
+ 
+-for ac_header in fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h
++for ac_header in fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+Index: bind-9.8.3/configure.in
+===================================================================
+--- bind-9.8.3.orig/configure.in	2012-05-09 22:43:18.000000000 +0000
++++ bind-9.8.3/configure.in	2013-03-31 22:53:34.434908041 +0000
+@@ -298,7 +298,7 @@
+ 
+ AC_HEADER_STDC
+ 
+-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
++AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+ [$ac_includes_default
+ #ifdef HAVE_SYS_PARAM_H
+ # include <sys/param.h>
diff --git a/debian/bind-patches/series b/debian/bind-patches/series
new file mode 100644
index 0000000..ee1d08b
--- /dev/null
+++ b/debian/bind-patches/series
@@ -0,0 +1 @@
+cve-2013-2494.patch
diff --git a/debian/changelog b/debian/changelog
index b0a43ed..7763ead 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+isc-dhcp (4.2.4-6) unstable; urgency=high
+
+  * Fix cve-2013-2494: issues with regular expression handling in the embedded
+    bind library (closes: #704426).
+
+ -- Michael Gilbert <mgilbert at debian.org>  Sun, 31 Mar 2013 23:52:58 +0000
+
 isc-dhcp (4.2.4-5) unstable; urgency=medium
 
   * Handle dhclient.conf left behind during a prior lenny->squeeze upgrade,
diff --git a/debian/control b/debian/control
index c8a433e..4b0d2d7 100644
--- a/debian/control
+++ b/debian/control
@@ -9,6 +9,7 @@ Build-Depends:
  debhelper (>> 7),
  dpkg-dev (>= 1.13.2),
  groff,
+ quilt,
  autoconf,
  automake,
  pkg-config,
diff --git a/debian/rules b/debian/rules
index cd96512..6f52e53 100755
--- a/debian/rules
+++ b/debian/rules
@@ -35,7 +35,14 @@ CFLAGS += -D_PATH_DHCPD_CONF='"/etc/dhcp/dhcpd.conf"'
 CFLAGS += -D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"'
 CFLAGS += -DNOMINUM
 
-build-ldap-stamp:
+
+bind-stamp:
+	dh_testdir
+	cd bind && tar xf bind.tar.gz && cd bind-* && \
+	    QUILT_PATCHES=../../debian/bind-patches quilt push -a
+	touch $@
+
+build-ldap-stamp: bind-stamp
 	dh_testdir
 
 	./configure \
@@ -63,7 +70,7 @@ build-arch-stamp:
 	dh_testdir
 	touch $@
 
-build-non-ldap-stamp:
+build-non-ldap-stamp: bind-stamp
 	dh_testdir
 
 	./configure \
@@ -80,7 +87,7 @@ build-non-ldap-stamp:
 
 clean:
 	dh_testdir
-	rm -f build*stamp install*stamp
+	rm -f build*stamp install*stamp bind-stamp
 
 	[ ! -f Makefile ] || $(MAKE) distclean
 	rm -f Makefile client/Makefile config.log config.status

-- 
ISC DHCP packaging for Debian

More information about the pkg-dhcp-commits mailing list