all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#52377] [security]: Update BIND DNS
@ 2021-12-08 19:56 Leo Famulari
  2021-12-08 20:03 ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
  0 siblings, 1 reply; 7+ messages in thread
From: Leo Famulari @ 2021-12-08 19:56 UTC (permalink / raw)
  To: 52377

[-- Attachment #1: Type: text/plain, Size: 137 bytes --]

The following two patches update the BIND 9 DNS package, as well as the
bundled BIND in isc-dhcp. Please test them on your Guix Systems.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}].
  2021-12-08 19:56 [bug#52377] [security]: Update BIND DNS Leo Famulari
@ 2021-12-08 20:03 ` Leo Famulari
  2021-12-08 20:03   ` [bug#52377] [security 2/2] gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219] Leo Famulari
                     ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Leo Famulari @ 2021-12-08 20:03 UTC (permalink / raw)
  To: 52377

* gnu/packages/dns.scm (isc-bind): Update to 9.16.23.
---
 gnu/packages/dns.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 0c2e037b4f..dbd67125d0 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -373,7 +373,7 @@ (define-public isc-bind
     ;; When updating, check whether isc-dhcp's bundled copy should be as well.
     ;; The BIND release notes are available here:
     ;; https://www.isc.org/bind/
-    (version "9.16.16")
+    (version "9.16.23")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -381,7 +381,7 @@ (define-public isc-bind
                     "/bind-" version ".tar.xz"))
               (sha256
                (base32
-                "0yqxfq7qc26x7qhk0nkp8h7x9jggzaafm712bvfffy7qml13k4bc"))))
+                "0g0pxzhzcz6nzkiab4cs9sgbjdzqgy44aa477v7akdlwm8kmxnyy"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
-- 
2.34.0





^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [bug#52377] [security 2/2] gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219].
  2021-12-08 20:03 ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
@ 2021-12-08 20:03   ` Leo Famulari
  2021-12-08 20:12   ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
  2021-12-09  0:29   ` bug#52377: " Tobias Geerinckx-Rice via Guix-patches via
  2 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2021-12-08 20:03 UTC (permalink / raw)
  To: 52377

* gnu/packages/admin.scm (isc-dhcp)[inputs]: Update bundled BIND to 9.11.36.
---
 gnu/packages/admin.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 8e55d980e0..ce12c01582 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1152,7 +1152,7 @@ (define-public alive
 (define-public isc-dhcp
   (let* ((bind-major-version "9")
          (bind-minor-version "11")
-         (bind-patch-version "32")
+         (bind-patch-version "36")
          (bind-release-type "")         ; for patch release, use "-P"
          (bind-release-version "")      ; for patch release, e.g. "6"
          (bind-version (string-append bind-major-version
@@ -1312,7 +1312,7 @@ (define-public isc-dhcp
                                         "/bind-" bind-version ".tar.gz"))
                     (sha256
                      (base32
-                      "0hhkb4d14hvly2751cxl2s2xyim3bri8qaisgkcm456xfi5wpy6b"))))
+                      "108nh7hha4r0lb5hf1fn7lqaascvhsrghpz6afm5lf9vf2vgqly9"))))
 
                 ("coreutils*" ,coreutils)
                 ("sed*" ,sed)))
-- 
2.34.0





^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}].
  2021-12-08 20:03 ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
  2021-12-08 20:03   ` [bug#52377] [security 2/2] gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219] Leo Famulari
@ 2021-12-08 20:12   ` Leo Famulari
  2021-12-08 20:35     ` Leo Famulari
  2021-12-09  0:29   ` bug#52377: " Tobias Geerinckx-Rice via Guix-patches via
  2 siblings, 1 reply; 7+ messages in thread
From: Leo Famulari @ 2021-12-08 20:12 UTC (permalink / raw)
  To: 52377

On Wed, Dec 08, 2021 at 03:03:25PM -0500, Leo Famulari wrote:
> * gnu/packages/dns.scm (isc-bind): Update to 9.16.23.

This actually fails its test suite, like this:

------
starting phase `check'
for fuzzer in dns_name_fromtext_target dns_rdata_fromwire_text; do \
	./${fuzzer} ; \
done
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_name_fromtext_target.in/example.com
mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed
/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 1: 13086 Aborted                 ./${fuzzer}
testing 39 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/svcb
testing 6 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/sshfp
testing 6 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/smimea
testing 9 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-99
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-98
testing 17 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-97
testing 11 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-96
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-95
testing 23 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-94
testing 48 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-93
testing 74 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-92
testing 42 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-91
testing 74 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-90
testing 52 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-9
testing 63 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-89
testing 36 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-88
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-87
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-86
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-85
testing 9 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-84
testing 15 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-83
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-82
testing 11 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-81
testing 11 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-80
testing 67 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-8
testing 9 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-79
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-78
testing 8 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-77
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-76
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-75
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-74
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-73
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-72
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-71
testing 27 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-70
testing 9 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-7
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-69
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-68
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-67
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-66
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-65
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-64
testing 23 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-63
testing 28 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-62
testing 29 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-61
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-60
testing 5 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-6
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-59
testing 38 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-58
testing 49 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-57
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-56
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-55
testing 83 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-54
testing 7 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-53
testing 6 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-52
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-51
testing 18 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-50
testing 5 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-5
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-49
testing 54 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-48
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-47
testing 23 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-46
testing 38 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-45
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-44
testing 30 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-43
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-42
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-41
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-40
testing 5 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-4
testing 22 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-39
testing 66 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-38
testing 66 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-37
testing 10 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-36
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-35
testing 7 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-34
testing 11 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-33
testing 9 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-32
testing 37 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-31
testing 33 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-30
testing 72 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-3
testing 8 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-29
testing 8 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-28
testing 7 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-27
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-26
testing 15 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-25
testing 8 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-24
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-23
testing 19 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-22
testing 75 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-21
testing 151 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-20
testing 5 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-2
testing 22 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-19
testing 23 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-18
testing 38 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-17
testing 5 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-16
testing 7 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-15
testing 7 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-143
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-142
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-141
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-140
testing 38 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-14
testing 51 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-139
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-138
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-137
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-136
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-135
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-134
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-133
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-132
testing 51 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-131
testing 60 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-130
testing 30 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-13
testing 26 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-129
testing 56 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-128
testing 48 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-127
testing 50 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-126
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-125
testing 65 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-124
testing 25 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-123
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-122
testing 110 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-121
testing 126 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-120
testing 8 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-12
testing 57 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-119
testing 115 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-118
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-117
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-116
testing 57 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-115
testing 57 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-114
testing 93 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-113
testing 69 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-112
testing 84 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-111
testing 71 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-110
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-11
testing 68 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-109
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-108
testing 31 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-107
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-106
testing 22 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-105
testing 21 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-104
testing 44 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-103
testing 26 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-102
testing 25 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-101
testing 12 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-100
testing 77 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-10
testing 7 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-1
testing 15 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/input-0
testing 20 bytes from /tmp/guix-build-bind-9.16.23.drv-0/bind-9.16.23/fuzz/dns_rdata_fromwire_text.in/cdnskey
mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed
/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 1: 13087 Aborted                 ./${fuzzer}
make: *** [Makefile:460: check] Error 134
command "make" "check" failed with status 2
builder for `/gnu/store/a622a1zbzsa3n7jl6igw09d3sd743b2l-bind-9.16.23.drv' failed with exit code 1
build of /gnu/store/a622a1zbzsa3n7jl6igw09d3sd743b2l-bind-9.16.23.drv failed
View build log at '/var/log/guix/drvs/a6/22a1zbzsa3n7jl6igw09d3sd743b2l-bind-9.16.23.drv.bz2'.
guix build: error: build of `/gnu/store/a622a1zbzsa3n7jl6igw09d3sd743b2l-bind-9.16.23.drv' failed
------




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}].
  2021-12-08 20:12   ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
@ 2021-12-08 20:35     ` Leo Famulari
  0 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2021-12-08 20:35 UTC (permalink / raw)
  To: 52377

On Wed, Dec 08, 2021 at 03:12:20PM -0500, Leo Famulari wrote:
> On Wed, Dec 08, 2021 at 03:03:25PM -0500, Leo Famulari wrote:
> > * gnu/packages/dns.scm (isc-bind): Update to 9.16.23.
> 
> This actually fails its test suite, like this:

This failure appears in 9.16.17. So, there is not even an intermediate
upgrade of this package that we can deploy.




^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#52377: [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}].
  2021-12-08 20:03 ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
  2021-12-08 20:03   ` [bug#52377] [security 2/2] gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219] Leo Famulari
  2021-12-08 20:12   ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
@ 2021-12-09  0:29   ` Tobias Geerinckx-Rice via Guix-patches via
  2021-12-09  4:14     ` [bug#52377] " Leo Famulari
  2 siblings, 1 reply; 7+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-12-09  0:29 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 52377-done, guix-patches

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

Leo,

Leo Famulari 写道:
> * gnu/packages/dns.scm (isc-bind): Update to 9.16.23.

Thanks!

I updated BIND to 9.16.23 in commit 
4ca0e9d5f77ec309a5a8a7eba3d97fd3bb4852d5, which reverts the 
upstream commit that caused this new test failure.  I had to 
tediously bisect this; I never would've guessed it was to blame.

The patch won't keep forever.  Bug reports to ISC seem to require 
a GitLab account.  Can't say I'm in a terrible rush to create yet 
another one.  Do you have one?

Maybe this problem will just go away with a newer GCC.  We can 
hope…

I went ahead and pushed your matching isc-dhcp patch.  I wouldn't 
normally do this to people with commit access but it seemed 
justified.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}].
  2021-12-09  0:29   ` bug#52377: " Tobias Geerinckx-Rice via Guix-patches via
@ 2021-12-09  4:14     ` Leo Famulari
  0 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2021-12-09  4:14 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 52377-done, 52377

[-- Attachment #1: Type: text/plain, Size: 965 bytes --]

On Thu, Dec 09, 2021 at 01:29:17AM +0100, Tobias Geerinckx-Rice wrote:
> I updated BIND to 9.16.23 in commit
> 4ca0e9d5f77ec309a5a8a7eba3d97fd3bb4852d5, which reverts the upstream commit
> that caused this new test failure.  I had to tediously bisect this; I never
> would've guessed it was to blame.

Thanks for doing this work. You said it was tedious, but I'm curious if
you have some scripts for bisecting Guix packages through upstream Git
history?

> The patch won't keep forever.  Bug reports to ISC seem to require a GitLab
> account.  Can't say I'm in a terrible rush to create yet another one.  Do
> you have one?

I probably can't look at this until next week (vacation).

> Maybe this problem will just go away with a newer GCC.  We can hope…

It's worth a try.

> I went ahead and pushed your matching isc-dhcp patch.  I wouldn't normally
> do this to people with commit access but it seemed justified.

I'm happy you did it!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-12-09  4:16 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-08 19:56 [bug#52377] [security]: Update BIND DNS Leo Famulari
2021-12-08 20:03 ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
2021-12-08 20:03   ` [bug#52377] [security 2/2] gnu: isc-dhcp: Update bundled BIND to 9.11.36 [fixes CVE-2021-25219] Leo Famulari
2021-12-08 20:12   ` [bug#52377] [security 1/2] gnu: BIND: Update to 9.16.23 [fixes CVE-2021-{25218, 25219}] Leo Famulari
2021-12-08 20:35     ` Leo Famulari
2021-12-09  0:29   ` bug#52377: " Tobias Geerinckx-Rice via Guix-patches via
2021-12-09  4:14     ` [bug#52377] " Leo Famulari

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.