From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 23 Apr 2013 11:42:07 +0000 (+0000)
Subject: AA: bind: merge r36404 (CVE-2013-2266)
X-Git-Url: http://git.archive.openwrt.org/?p=12.09%2Fpackages.git;a=commitdiff_plain;h=32fb624923a8fb612b18e5e72ae659dfb1d3aee0

AA: bind: merge r36404 (CVE-2013-2266)

git-svn-id: svn://svn.openwrt.org/openwrt/branches/packages_12.09@36405 3c298f89-4303-0410-b956-a3cf2f4a3e73
---

diff --git a/net/bind/Makefile b/net/bind/Makefile
index 06929f5..433b54e 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.9.1-P3
+PKG_VERSION:=9.9.2-P2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
 	ftp://ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_MD5SUM:=8f407c9a988d7b447a54b4cb54230dcb
+PKG_MD5SUM:=2be7763c99b7e7b42ac3a18a267ce1aa
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
diff --git a/net/bind/patches/001-no-tests.patch b/net/bind/patches/001-no-tests.patch
index c4dc533..5fc1787 100644
--- a/net/bind/patches/001-no-tests.patch
+++ b/net/bind/patches/001-no-tests.patch
@@ -6,7 +6,7 @@
  
 -SUBDIRS =	named rndc dig dnssec tests tools nsupdate \
 +SUBDIRS =	named rndc dig dnssec tools nsupdate \
- 		check confgen @PKCS11_TOOLS@
+ 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
  TARGETS =
  
 --- a/lib/Makefile.in
diff --git a/net/bind/patches/002-no-ecdsa-testing.patch b/net/bind/patches/002-no-ecdsa-testing.patch
new file mode 100644
index 0000000..901e246
--- /dev/null
+++ b/net/bind/patches/002-no-ecdsa-testing.patch
@@ -0,0 +1,43 @@
+--- a/configure.in
++++ b/configure.in
+@@ -763,40 +763,6 @@ esac
+ 			AC_MSG_RESULT(no)
+ 		fi
+ 
+-		AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
+-
+-		AC_MSG_CHECKING(for OpenSSL ECDSA support)
+-		have_ecdsa=""
+-		AC_TRY_RUN([
+-#include <stdio.h>
+-#include <openssl/ecdsa.h>
+-#include <openssl/objects.h>
+-int main() {
+-	EC_KEY *ec256, *ec384;
+-
+-#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
+-	return (1);
+-#endif
+-	ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+-	ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
+-	if (ec256 == NULL || ec384 == NULL)
+-		return (2);
+-	return (0);
+-}
+-],
+-		[AC_MSG_RESULT(yes)
+-		have_ecdsa="yes"],
+-		[AC_MSG_RESULT(no)
+-		have_ecdsa="no"])
+-		case $have_ecdsa in
+-		yes)
+-			OPENSSL_ECDSA="yes"
+-			AC_DEFINE(HAVE_OPENSSL_ECDSA)
+-			;;
+-		*)
+-			;;
+-		esac
+-
+ 		AC_MSG_CHECKING(for OpenSSL GOST support)
+ 		have_gost=""
+ 		AC_TRY_RUN([