Fixes CVE-2014-0591 (a crafted query against an NSEC3-signed zone can
crash BIND).
The 9.9.x series is the new ESV vesion, 9.6.x has been retired.
Also cleanup the initscript while at it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Install bind to staging so other applications can use its include files
and libraries.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bind just links to openssl libraries without checking it's dependencies.
This works when doing shared builds since the linker picks the deps up,
but fails badly on static builds.
So just define LIBS="-lz" when openssl is enabled. Fixes:
http://autobuild.buildroot.net/results/a9a166f932e0b6727ae8e470ce748418797875b9/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump bind to version 9.6-ESV-R7-P1.
Fixes CVE-2012-667.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Correct fix for CVE-2011-4313
9.6-ESV-R5-P1 used a restart workaround.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump to version 9.6-ESV-R5.
Also add the server option in case users just want the tools.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
bind needs to be specifically told where OpenSSL is, otherwise, the
build fails with:
checking for OpenSSL library... configure: error: OpenSSL was not found in any of /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump bind to version 9.6-ESV-R4 since the 9.5 series is no longer
supported.
While at it switch to the ESV (Extended Support Version) branch instead
of going for the latest.
Also adjust the package to build against OpenSSL when available for
proper DNSSEC support and libxml2 too.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The build system of bind seems to have issues with (highly) parallel
builds, breaking the build with errors like:
libtool: link: `nothreads/condition.lo' is not a valid libtool object
So disable parallel builds.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Makefile.autotools.in automatically adds these to the configure invocation,
so there's no need to explicitly list them.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Closes#773.
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before
9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through
9.3.x with DNSSEC validation enabled and checking disabled (CD), allows
remote attackers to conduct DNS cache poisoning attacks via additional
sections in a response sent for resolution of a recursive client query,
which is not properly handled when the response is processed "at the same
time as requesting DNSSEC records (DO)."
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
Closes#145.
Current bind package is version 9.3.2 which is from the 9.3 branch and is
EOLed. It has many security bugs probably fixed in 9.3.6-P1 but since it
won't be supported for long it's probably metter to move on to a supported
branch. CVE-2009-0025, CVE-2008-1447, CVE-2008-0122, CVE-2007-2926 and
probably more. While at it migrate to Makefile.autotools.in too. Also
introduced an option for/not to install userland tools (dig, host, nslookup,
nsupdate).
[ Peter: don't install into staging ]
they should be configured with --prefix=/usr and we then need to use
make DESTDIR=$(STAGING_DIR) install to get things installed into the
staging directory. The current situation for many packages, which use
--prefix=$(STAGING_DIR) results in the staging_dir paths getting compiled
into the binary itself.
This also adds in a pile of libtool fixups. Between broken pkgconfig,
broken libtool handling, and broken --prefix settings, its a wonder
things have worked as well as they have up till now.
-Erik
This patch consists of:
(1) bind version bump
(2) removing some X-compiling build fixes merged upstream
(3) removing the bind-dlopen patch: not of general enough use
(4) remove the package/bind/bind9 file - it isn't used
(5) Use $(STAGING_DIR)/lib instead of $(STAGING_DIR)/usr/lib
(6) Fix chroot'ed bind handling by init script