Commit Graph

64 Commits

Author SHA1 Message Date
Gustavo Zacarias
f70f45a43c bind: security bump to version 9.9.7-P1
Fixes:
CVE-2015-4620 - On servers configured to perform DNSSEC validation an
assertion failure could be triggered on answers from a specially
configured server.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-07-08 23:46:06 +02:00
Nathaniel Roach
0b067e2737 package/bind: Enable filter-aaaa-on-v4 option
This allows usage of the filter-aaaa-on-v4 configuration option.
This option disables responding with AAAA records when the request
	is made over ipv4. This may be useful on networks with
	ipv6 inside, but no ISP ipv6 (when combined with only
	listening on ipv4).

See https://kb.isc.org/article/AA-00576/
	Filter-AAAA-option-in-BIND-9-.html
	for more information.

Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-07-07 07:37:49 +02:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Gustavo Zacarias
cb10752548 bind: bump to version 9.9.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-03 08:36:01 +01:00
Gustavo Zacarias
7f484d8a1b bind: security bump to version 9.9.6-P2
Fixes CVE-2015-1349 - Revoking a managed trust anchor and supplying an
untrusted replacement could cause namedto crash with an assertion
failure.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-19 21:27:04 +01:00
Nathaniel Roach
c45c3ed8ad bind: Add systemd unit file and install it to run at startup.
The unit file is taken from debian, but tested working.
We'll call it named.service to match the sysV initscript.

Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-12 22:22:20 +01:00
Jerzy Grzegorek
27dd32942e package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-30 11:17:03 +01:00
Jerzy Grzegorek
dd7346f415 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-22 09:27:37 +01:00
Gustavo Zacarias
9289dc562d bind: security bump to version 9.9.6-P1
Fixes CVE-2014-8500 - A flaw in delegation handling could be exploited
to put named into an infinite loop, in which each lookup of a name
server triggered additional lookups of more name servers.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-09 12:40:32 +01:00
Maxime Hadjinlian
dd44b94312 package/*/*.mk: Fix indent
Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS  as per the manual example.

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-08 23:03:45 +01:00
Jerzy Grzegorek
1769933d98 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-26 05:47:05 +01:00
Jörg Krause
ffa33dc552 package/.mk files: remove --localstatedir=/var from autotools packages
Remove --localstatedir=/var from all autotools packages where it is no longer
needed.

Also remove --localstatedir=/var/lib/dhcp from package dhcp. localstatedir is
used by dhcp to set the default directory for the leases files. This can also
be done by setting --with-*-lease-file=/var/lib/dhcp/*, which is done in
dhcp.mk.

A custom --localstatedir is left in:
* proftpd.mk
* mysql.mk

This is safe to do:
One of the good thing with autoconf is that if you pass:
        --localstatedir=/var ... --localstatedir=/var/something
Then /var/something will be used. So, we can set --localstatedir=/var
by default in the infrastructure, and still have certain packages doing
weird things override it. [Thanks to Thomas Petazzoni]

Signed-off-by: Jörg Krause <jkrause@posteo.de>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-18 19:27:42 +02:00
Thomas De Schampheleire
f268f7131b .mk files: bulk aligment and whitespace cleanup of assignments
The Buildroot coding style defines one space around make assignments and
does not align the assignment symbols.

This patch does a bulk fix of offending packages. The package
infrastructures (or more in general assignments to calculated variable
names, like $(2)_FOO) are not touched.

Alignment of line continuation characters (\) is kept as-is.

The sed command used to do this replacement is:
find * -name "*.mk" | xargs sed -i \
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*$#\1 \2#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\]\+\)$#\1 \2 \3#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\ \t]\+\s*\\\)\s*$#\1 \2 \3#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\(\s*\\\)#\1 \2\3#'

Brief explanation of this command:
    ^\([A-Z0-9a-z_]\+\)     a regular variable at the beginning of the line
    \([?:+]\?=\)            any assignment character =, :=, ?=, +=
    \([^\\]\+\)             any string not containing a line continuation
    \([^\\ \t]\+\s*\\\)     string, optional whitespace, followed by a
                            line continuation character
    \(\s*\\\)               optional whitespace, followed by a line
                            continuation character

Hence, the first subexpression handles empty assignments, the second
handles regular assignments, the third handles regular assignments with
line continuation, and the fourth empty assignments with line
continuation.

This expression was tested on following test text: (initial tab not
included)

	FOO     = spaces before
	FOO     =   spaces before and after
	FOO	= tab before
	FOO	  = tab and spaces before
	FOO =	tab after
	FOO =	   tab and spaces after
	FOO =   	spaces and tab after
	FOO =    \
	FOO = bar \
	FOO = bar space    \
	FOO   =		   \
	GENIMAGE_DEPENDENCIES   = host-pkgconf libconfuse
	FOO     += spaces before
	FOO     ?=   spaces before and after
	FOO     :=
	FOO     =
	FOO	=
	FOO	  =
	FOO =
	   $(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) -C
	AT91BOOTSTRAP3_DEFCONFIG = \
	AXEL_DISABLE_I18N=--i18n=0

After this bulk change, following manual fixups were done:
- fix line continuation alignment in cegui06 and spice (the sed
  expression leaves the number of whitespace between the value and line
  continuation character intact, but the whitespace before that could have
  changed, causing misalignment.
- qt5base was reverted, as this package uses extensive alignment which
  actually makes the code more readable.

Finally, the end result was manually reviewed.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Cc: Yann E. Morin <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-07 15:00:28 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
f284a11708 bind: bump to version 9.9.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-01 14:02:51 +02:00
Gustavo Zacarias
26aefa672c bind: fix static openssl linking
Apparently LIBS (environment) isn't pushed to LIBS (autoconf) for the
tests, hence when static linking openssl it misses libz and assumes some
basic digests required for ecdsa support are missing, which is false. Fixes:
http://autobuild.buildroot.net/results/204/20411901d1bc6811e1ef8fa39457257d6bf1a146/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-30 23:51:51 +02:00
Gustavo Zacarias
ee6e435f1b bind: bump to version 9.9.5-p1
Fixes runtime issues when built with gcc 4.9

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-25 16:40:10 +02:00
Gustavo Zacarias
46b10b01a2 bind: security bump to version 9.9.5
Fixes CVE-2014-0591 (a crafted query against an NSEC3-signed zone can
crash BIND).
The 9.9.x series is the new ESV vesion, 9.6.x has been retired.
Also cleanup the initscript while at it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-10 15:33:15 +02:00
Thomas De Schampheleire
eb7bd9ef61 packages: remove uninstall commands
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-06 09:40:40 +01:00
Gustavo Zacarias
33be28d170 bind: bump to version 9.6-ESV-R10
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-27 08:27:16 +01:00
Jerzy Grzegorek
03882d45b2 normalize separator size to 80
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-27 15:22:40 +02:00
Thomas De Schampheleire
d8966bab7a bind: install to staging
Install bind to staging so other applications can use its include files
and libraries.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-27 14:49:41 +02:00
Gustavo Zacarias
98463e6f87 bind: security bump to version 9.6-ESV-R9-P1
Fixes CVE-2013-3919

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-07-19 23:24:02 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias
80ebf12906 bind: fix build failure for static+openssl
Bind just links to openssl libraries without checking it's dependencies.
This works when doing shared builds since the linker picks the deps up,
but fails badly on static builds.
So just define LIBS="-lz" when openssl is enabled. Fixes:
http://autobuild.buildroot.net/results/a9a166f932e0b6727ae8e470ce748418797875b9/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-05 22:57:54 +02:00
Gustavo Zacarias
46acbdb58d bind: add license information
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-28 23:30:54 +01:00
Gustavo Zacarias
cbf09c29d0 bind: security bump to version 9.6-ESV-R8
Fixes CVE-2012-5166, CVE-2012-4244, CVE-2012-3817 and CVE-2012-1667.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-12 12:55:34 +02:00
Gustavo Zacarias
c53e14e30c bind: security bump to version 9.6-ESV-R7-P2
Fixes CVE-2012-3817

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-30 19:17:52 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Gustavo Zacarias
eb29c78a63 bind: security bump to version 9.6-ESV-R7-P1
Bump bind to version 9.6-ESV-R7-P1.
Fixes CVE-2012-667.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-16 22:17:09 +02:00
Gustavo Zacarias
24e4058594 bind: bump to version 9.6-ESV-R7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-23 22:26:03 +02:00
Gustavo Zacarias
5b333ffe81 bind: security bump to 9.6-ESV-R6
Correct fix for CVE-2011-4313
9.6-ESV-R5-P1 used a restart workaround.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-05 14:44:29 +02:00
Gustavo Zacarias
f2619d0576 bind: security bump to version 9.6-ESV-R5-P1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-26 22:18:56 +01:00
Gustavo Zacarias
c36b5d89c5 bind: version bump to 9.6-ESV-R5 and server option
Bump to version 9.6-ESV-R5.
Also add the server option in case users just want the tools.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-10-15 23:19:15 +02:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Peter Korsgaard
aa7a46d612 bind: fix intermittent build issues with high BR2_JLEVEL
Build sometimes breaks with:

libtool: link: `unix/os.lo' is not a valid libtool object
make[3]: *** [rndc-confgen] Error 1
make[3]: *** Waiting for unfinished jobs....
make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix'

So disable parallel builds.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-07-24 14:02:25 +02:00
Thomas Petazzoni
a02cfbf1f4 bind: give path to OpenSSL when OpenSSL is enabled
bind needs to be specifically told where OpenSSL is, otherwise, the
build fails with:

checking for OpenSSL library... configure: error: OpenSSL was not found in any of /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-05-19 20:03:35 +02:00
Gustavo Zacarias
6780d0ba04 bind: security bump to version 9.6-ESV-R4
Bump bind to version 9.6-ESV-R4 since the 9.5 series is no longer
supported.
While at it switch to the ESV (Extended Support Version) branch instead
of going for the latest.

Also adjust the package to build against OpenSSL when available for
proper DNSSEC support and libxml2 too.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-05-03 21:15:17 +02:00
Peter Korsgaard
b1a3545a3f bind: disable parallel build
The build system of bind seems to have issues with (highly) parallel
builds, breaking the build with errors like:

libtool: link: `nothreads/condition.lo' is not a valid libtool object

So disable parallel builds.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-20 14:36:52 +01:00
Gustavo Zacarias
aa59aeb6b5 bind: security bump to 9.5.2-p4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-19 10:43:08 +01:00
Thomas Petazzoni
478ea1a12d packages: remove unneeded _INSTALL_TARGET_OPT definitions
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-27 15:32:32 +02:00
Thomas Petazzoni
50f8b80f2a bind: remove old-style hook usage and step override
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-12 19:24:58 +02:00
Peter Korsgaard
a96be19bc3 package: remove redundant DISABLE_{IPV6,NLS,LARGEFILE} configure args
Makefile.autotools.in automatically adds these to the configure invocation,
so there's no need to explicitly list them.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-22 14:29:00 +01:00
Gustavo Zacarias
49d92ebea7 Bump bind to 9.5.1-P2
Closes #1015.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-02-03 17:22:57 +01:00
Gustavo Zacarias
b5867d93ae Bump bind to 9.5.2-P1
Closes #773.

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before
9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through
9.3.x with DNSSEC validation enabled and checking disabled (CD), allows
remote attackers to conduct DNS cache poisoning attacks via additional
sections in a response sent for resolution of a recursive client query,
which is not properly handled when the response is processed "at the same
time as requesting DNSSEC records (DO)."

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-12-06 20:11:32 +01:00
Will Newton
422ce6536b package: Remove unnecessary dependencies on uclibc.
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.

Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-03 20:22:38 +02:00
Gustavo Zacarias
ff69aeea40 Bump to bind-9.5.1-P3 security fix for CVE-2009-0696
Closes #495.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-30 17:10:06 +02:00
Peter Korsgaard
66ef1e589a bind: bump version (security issue with DNSSEC DLV)
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>, closes #275.
2009-04-15 18:29:50 +00:00
Peter Korsgaard
acdbb39bf5 bind: touch post-install stamp file 2009-03-05 21:38:30 +00:00
Peter Korsgaard
00fd5b2264 bind: isc-config.sh gets installed into usr/bin, not / 2009-03-05 13:33:11 +00:00