Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468)

[Peter Korsgaard <peter () korsgaard com>]

> > > > > "andreas" == andreas  <andreas () rammhold de> writes:

> On 12:13 25.04.19, Peter Korsgaard wrote:
> > It is a bit unfortunate that these security fixes now use
> > isc_atomic_xadd() which are not available on all architectures:
> >
> > .libs/client.o: In function `mark_tcp_active':
> > client.c:(.text+0xc7c): undefined reference to `isc_atomic_xadd'
> > client.c:(.text+0xca0): undefined reference to `isc_atomic_xadd'
> > .libs/client.o: In function `client_accept':
> > client.c:(.text+0x2210): undefined reference to `isc_atomic_xadd'
> > client.c:(.text+0x230c): undefined reference to `isc_atomic_xadd'
> > .libs/client.o: In function `exit_check':
> > client.c:(.text+0x2958): undefined reference to `isc_atomic_xadd'
> > .libs/client.o:client.c:(.text+0x5cb4): more undefined references to `isc_atomic_xadd' follow
> > collect2: error: ld returned 1 exit status

> There is a commit [1] on ISCs GitLab that removes the atomic operations
> in favor of refcounting and thus fixes the aarch64 (and other archs?)
> build error.

> I applied that commit for NixOS. Looks good so far [2].

Yes, that was pointed out to me privatelyl. I am using it as well in
Buildroot:

https://git.buildroot.org/buildroot/commit/?id=fc8ace0938a0bcf2e9fa628a88853252eabc991d

Interesting enough, this fix is on the 9.11 branch:

https://github.com/isc-projects/bind9/commits/v9_11

But not part of the v9_11_6 tag:

https://github.com/isc-projects/bind9/commits/v9_11_6

-- 
Bye, Peter Korsgaard