Fixes CVE-2014-0591 (a crafted query against an NSEC3-signed zone can
crash BIND).
The 9.9.x series is the new ESV vesion, 9.6.x has been retired.
Also cleanup the initscript while at it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a package A depends on config option B and toolchain option C, then
the comment that is given when C is not fulfilled should also depend on B.
For example:
config BR2_PACKAGE_A
depends on BR2_B
depends on BR2_LARGEFILE
depends on BR2_WCHAR
comment "A needs a toolchain w/ largefile, wchar"
depends on !BR2_LARGEFILE || !BR2_WCHAR
This comment should actually be:
comment "A needs a toolchain w/ largefile, wchar"
depends on BR2_B
depends on !BR2_LARGEFILE || !BR2_WCHAR
or if possible (typically when B is a package config option declared in that
same Config.in file):
if BR2_B
comment "A needs a toolchain w/ largefile, wchar"
depends on !BR2_LARGEFILE || !BR2_WCHAR
[other config options depending on B]
endif
Otherwise, the comment would be visible even though the other dependencies
are not met.
This patch adds such missing dependencies, and changes existing such
dependencies from
depends on BR2_BASE_DEP && !BR2_TOOLCHAIN_USES_GLIBC
to
depends on BR2_BASE_DEP
depends on !BR2_TOOLCHAIN_USES_GLIBC
so that (positive) base dependencies are separate from the (negative)
toolchain dependencies. This strategy makes it easier to write such comments
(because one can simply copy the base dependency from the actual package
config option), but also avoids complex and long boolean expressions.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(untested)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Install bind to staging so other applications can use its include files
and libraries.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bind just links to openssl libraries without checking it's dependencies.
This works when doing shared builds since the linker picks the deps up,
but fails badly on static builds.
So just define LIBS="-lz" when openssl is enabled. Fixes:
http://autobuild.buildroot.net/results/a9a166f932e0b6727ae8e470ce748418797875b9/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump bind to version 9.6-ESV-R7-P1.
Fixes CVE-2012-667.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Correct fix for CVE-2011-4313
9.6-ESV-R5-P1 used a restart workaround.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump to version 9.6-ESV-R5.
Also add the server option in case users just want the tools.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
bind needs to be specifically told where OpenSSL is, otherwise, the
build fails with:
checking for OpenSSL library... configure: error: OpenSSL was not found in any of /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump bind to version 9.6-ESV-R4 since the 9.5 series is no longer
supported.
While at it switch to the ESV (Extended Support Version) branch instead
of going for the latest.
Also adjust the package to build against OpenSSL when available for
proper DNSSEC support and libxml2 too.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The build system of bind seems to have issues with (highly) parallel
builds, breaking the build with errors like:
libtool: link: `nothreads/condition.lo' is not a valid libtool object
So disable parallel builds.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
These are probaly out of date by now, and lack of special handling for
avr32 doesn't mean that a package won't work on avr32, so remove them.
Done by sed -i '/comment.*no inherent support for AVR32/{N;N;p}'
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Makefile.autotools.in automatically adds these to the configure invocation,
so there's no need to explicitly list them.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Closes#773.
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before
9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through
9.3.x with DNSSEC validation enabled and checking disabled (CD), allows
remote attackers to conduct DNS cache poisoning attacks via additional
sections in a response sent for resolution of a recursive client query,
which is not properly handled when the response is processed "at the same
time as requesting DNSSEC records (DO)."
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
Closes#145.
Current bind package is version 9.3.2 which is from the 9.3 branch and is
EOLed. It has many security bugs probably fixed in 9.3.6-P1 but since it
won't be supported for long it's probably metter to move on to a supported
branch. CVE-2009-0025, CVE-2008-1447, CVE-2008-0122, CVE-2007-2926 and
probably more. While at it migrate to Makefile.autotools.in too. Also
introduced an option for/not to install userland tools (dig, host, nslookup,
nsupdate).
[ Peter: don't install into staging ]