# Fix CVE2009-0858
epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+ # Fix CVE2008-4392
+ epatch \
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+
if use ipv6; then
elog "At present dnstrace does NOT support IPv6. It will"\
- "be compiled without IPv6 support."
+ "be compiled without IPv6 support."
cp -pR "${S}" "${S}-noipv6"
# Careful -- >=test21 of the IPv6 patch includes the errno patch
epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2"
- # Fix CVE2008-4392
+ # Parts of the ipv6 patch fail due to the CVE2008-4392 fix above.
+ # The following two patches fix those hunks.
epatch \
- "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch" \
- "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch"
+ "${FILESDIR}/query.h-mjo.patch" \
+ "${FILESDIR}/query.c-mjo.patch"
cd "${S}-noipv6"
fi
- # Fix CVE2008-4392
- epatch \
- "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \
- "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
-
epatch "${FILESDIR}/${PV}-errno.patch"
if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]]