From 1c4b4e99188a11b64ed55a01c7fb923c33adf961 Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 22 Feb 2021 06:53:11 +0000
Subject: [PATCH] Downgrade to BIND-9.16.11, add a security fix Update to
 stunnel-5.58 Tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24263 af4574ff-66df-0310-9fd7-8a98e5e911e0
---
 general.ent                        |  4 ++--
 introduction/welcome/changelog.xml | 15 +++++++++++++++
 networking/netprogs/cifsutils.xml  |  2 +-
 networking/netprogs/ncftp.xml      |  2 +-
 networking/netutils/bind-utils.xml |  8 ++++----
 networking/netutils/traceroute.xml |  2 +-
 networking/netutils/whois.xml      |  2 +-
 packages.ent                       |  4 ++--
 postlfs/security/stunnel.xml       | 12 ++++++------
 server/databases/mariadb.xml       |  2 +-
 server/databases/postgresql.xml    |  2 +-
 server/major/bind.xml              | 12 +++++++++---
 12 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/general.ent b/general.ent
index ec10141877..b342518556 100644
--- a/general.ent
+++ b/general.ent
@@ -1,12 +1,12 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "21">                   <!-- Always 2 digits -->
+<!ENTITY day          "22">                   <!-- Always 2 digits -->
 <!ENTITY month        "02">                   <!-- Always 2 digits -->
 <!ENTITY year         "2021">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "February 21st, &year;">
+<!ENTITY releasedate  "February 22nd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- x.y|development -->
diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml
index f6313bd398..33e63c24c5 100644
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@@ -41,6 +41,21 @@
       </itemizedlist>
     </listitem>
     -->
+    <listitem>
+      <para>February 22nd, 2021</para>
+      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Update to stunnel-5.58. Fixes
+          <ulink url="&blfs-ticket-root;14689">#14689</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Downgrade to BIND-9.16.11 due to major regressions,
+          and apply a security fix via a 'sed' instead. Fixes
+          <ulink url="&blfs-ticket-root;14683">#14683</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>February 21st, 2021</para>
       <itemizedlist>
diff --git a/networking/netprogs/cifsutils.xml b/networking/netprogs/cifsutils.xml
index 648090b915..fd9ee15b81 100644
--- a/networking/netprogs/cifsutils.xml
+++ b/networking/netprogs/cifsutils.xml
@@ -34,7 +34,7 @@
       mounting SMB/CIFS shares on a Linux system.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/networking/netprogs/ncftp.xml b/networking/netprogs/ncftp.xml
index 207d278895..ec0c03ea8e 100644
--- a/networking/netprogs/ncftp.xml
+++ b/networking/netprogs/ncftp.xml
@@ -36,7 +36,7 @@
       <command>ftp</command> program.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/networking/netutils/bind-utils.xml b/networking/netutils/bind-utils.xml
index 4a167895d5..bb23252f70 100644
--- a/networking/netutils/bind-utils.xml
+++ b/networking/netutils/bind-utils.xml
@@ -6,9 +6,9 @@
 
   <!ENTITY bind-download-http   " ">
   <!ENTITY bind-download-ftp    "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
-  <!ENTITY bind-md5sum          "61c545db393628152e5b2c957e8bf712">
-  <!ENTITY bind-size            "4.8 MB">
-  <!ENTITY bind-utils-buildsize "155 MB">
+  <!ENTITY bind-md5sum          "58cbc23121e43ec934d644c4f412ceea">
+  <!ENTITY bind-size            "4.7 MB">
+  <!ENTITY bind-utils-buildsize "154 MB">
   <!ENTITY bind-utils-time      "0.6 SBU">
 ]>
 
@@ -40,7 +40,7 @@
     <application>BIND</application> server, but need these
     client side applications.</para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/networking/netutils/traceroute.xml b/networking/netutils/traceroute.xml
index 6a7410751f..7f89b29683 100644
--- a/networking/netutils/traceroute.xml
+++ b/networking/netutils/traceroute.xml
@@ -45,7 +45,7 @@
       </para>
     </note>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/networking/netutils/whois.xml b/networking/netutils/whois.xml
index 9121c5e6cb..d1c795d811 100644
--- a/networking/netutils/whois.xml
+++ b/networking/netutils/whois.xml
@@ -38,7 +38,7 @@
       expect package in LFS.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/packages.ent b/packages.ent
index ed66affafa..16b8992d7f 100644
--- a/packages.ent
+++ b/packages.ent
@@ -39,7 +39,7 @@
 <!ENTITY polkit-gnome-version         "0.105">
 <!ENTITY shadow-version               "4.8.1">
 <!ENTITY ssh-askpass-version          "&openssh-version;">
-<!ENTITY stunnel-version              "5.57">
+<!ENTITY stunnel-version              "5.58">
 <!ENTITY sudo-version                 "1.9.5p2">
 <!ENTITY tripwire-version             "2.4.3.7">
 <!ENTITY volume_key-version           "0.3.12">
@@ -596,7 +596,7 @@ to avoid building libxml2 twice, which is slow with all deps -->
 <!-- Chapter 16 -->
 <!ENTITY avahi-version                "0.8">
 <!ENTITY bind-minor-version           "9.16">
-<!ENTITY bind-version                 "&bind-minor-version;.12">
+<!ENTITY bind-version                 "&bind-minor-version;.11">
 <!ENTITY mod_dnssd-version            "0.6">
 <!ENTITY NetworkManager-minor         "1.28">
 <!ENTITY NetworkManager-version       "&NetworkManager-minor;.0">
diff --git a/postlfs/security/stunnel.xml b/postlfs/security/stunnel.xml
index a2fa6f12c6..9562db170e 100644
--- a/postlfs/security/stunnel.xml
+++ b/postlfs/security/stunnel.xml
@@ -9,10 +9,10 @@
   <!ENTITY stunnel-download-ftp  "ftp://ftp.stunnel.org/stunnel/archive/5.x/stunnel-&stunnel-version;.tar.gz">
   <!-- Following ftp only has later release -->
 <!--   "ftp://ftp.stunnel.org/stunnel/stunnel-&stunnel-version;.tar.gz"> -->
-  <!ENTITY stunnel-md5sum        "6bbe921f8d2ab4967dc7ff42f6e5d45a">
-  <!ENTITY stunnel-size          "964 KB">
-  <!ENTITY stunnel-buildsize     "7.3 MB">
-  <!ENTITY stunnel-time          "less than 0.1 SBU">
+  <!ENTITY stunnel-md5sum        "aed41cff61d622ff6c8706e9d75c53b7">
+  <!ENTITY stunnel-size          "968 KB">
+  <!ENTITY stunnel-buildsize     "8.8 MB">
+  <!ENTITY stunnel-time          "0.1 SBU">
 ]>
 
 <sect1 id="stunnel" xreflabel="stunnel-&stunnel-version;">
@@ -44,7 +44,7 @@
       server package source code.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -259,7 +259,7 @@ chown stunnel:stunnel /var/lib/stunnel</userinput></screen>
         <systemitem class="username">root</systemitem> user:
       </para>
 
-<screen role="root"><userinput>cat &gt;/etc/stunnel/stunnel.conf &lt;&lt; "EOF" 
+<screen role="root"><userinput>cat &gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF" 
 <literal>; File: /etc/stunnel/stunnel.conf
 
 ; Note: The pid and output locations are relative to the chroot location.
diff --git a/server/databases/mariadb.xml b/server/databases/mariadb.xml
index 95ef8ae460..fe576e3153 100644
--- a/server/databases/mariadb.xml
+++ b/server/databases/mariadb.xml
@@ -36,7 +36,7 @@
       database management system.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/server/databases/postgresql.xml b/server/databases/postgresql.xml
index c2ba924c57..29ee9541d7 100644
--- a/server/databases/postgresql.xml
+++ b/server/databases/postgresql.xml
@@ -36,7 +36,7 @@
       from the Berkeley Postgres database management system.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/server/major/bind.xml b/server/major/bind.xml
index 58b05c1c25..738801d311 100644
--- a/server/major/bind.xml
+++ b/server/major/bind.xml
@@ -6,8 +6,8 @@
 
   <!ENTITY bind-download-http " ">
   <!ENTITY bind-download-ftp  "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
-  <!ENTITY bind-md5sum        "61c545db393628152e5b2c957e8bf712">
-  <!ENTITY bind-size          "4.8 MB">
+  <!ENTITY bind-md5sum        "58cbc23121e43ec934d644c4f412ceea">
+  <!ENTITY bind-size          "4.7 MB">
   <!ENTITY bind-buildsize     "129 MB (23 MB installed)">
   <!ENTITY bind-time          "0.8 SBU (with parallelism=4; add 29+ minutes, somewhat processor independent, to run the complete test suite)">
 ]>
@@ -35,7 +35,7 @@
       to the <xref linkend="bind-utils"/>.
     </para>
 
-    &lfs10_checked;
+    &lfs101_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -135,6 +135,12 @@
 
 <screen role="root"><userinput>pip3 install ply</userinput></screen>
 
+    <para>
+      Fix a security vulnerability:
+    </para>
+
+<screen><userinput remap="pre">sed -i '851 s/len/(len + 1)/' lib/dns/spnego.c</userinput></screen>
+
     <para>
       Install <application>BIND</application> by running the
       following commands: