From 324f730e5459246f2c72a397e38369960e928550 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Tue, 13 Feb 2024 21:40:21 +0100
Subject: bind: 9.18.21 -> 9.18.24

Fixes CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387 and CVE-2023-50868.

Security advisories:
https://kb.isc.org/docs/cve-2023-4408
https://kb.isc.org/docs/cve-2023-5517
https://kb.isc.org/docs/cve-2023-5679
https://kb.isc.org/docs/cve-2023-6516
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868

Release notes:
https://bind9.readthedocs.io/en/v9.18.24/notes.html
---
 pkgs/servers/dns/bind/default.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'pkgs/servers/dns')

diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix
index 8edd94fb27ada..1046ead01ad00 100644
--- a/pkgs/servers/dns/bind/default.nix
+++ b/pkgs/servers/dns/bind/default.nix
@@ -24,11 +24,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bind";
-  version = "9.18.21";
+  version = "9.18.24";
 
   src = fetchurl {
     url = "https://downloads.isc.org/isc/bind9/${version}/${pname}-${version}.tar.xz";
-    hash = "sha256-pVa+IlBdnqT5xnF67pxUlznGhJiv88ppA1eH7MZI/sU=";
+    hash = "sha256-cJ1zAjyRFd2tO6tltsjHmlkBltDRFPXQyiUz29Ut32Y=";
   };
 
   outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ];
@@ -91,6 +91,9 @@ stdenv.mkDerivation rec {
   preCheck = lib.optionalString stdenv.hostPlatform.isMusl ''
     # musl doesn't respect TZDIR, skip timezone-related tests
     sed -i '/^ISC_TEST_ENTRY(isc_time_formatISO8601L/d' tests/isc/time_test.c
+  '' + lib.optionalString stdenv.hostPlatform.isDarwin ''
+    # Test timeouts on Darwin
+    sed -i '/^ISC_TEST_ENTRY(tcpdns_recv_one/d' tests/isc/netmgr_test.c
   '';
 
   passthru = {
-- 
cgit 1.4.1