Commit Graph

85 Commits

Author SHA1 Message Date
Peter Korsgaard
e14d89d5e0 bind: security bump to version 9.11-P1
Fixes the following security issues:

CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.

https://kb.isc.org/article/AA-01495/74/CVE-2017-3140

CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1.  The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.

https://kb.isc.org/article/AA-01496/74/CVE-2017-3141

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-20 23:14:16 +02:00
Vicente Olivert Riera
b9e147dd5e bind: bump version to 9.11.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 21:47:07 +02:00
Vicente Olivert Riera
1727ea972b bind: bump version to 9.11.0-P5 (security)
Security Fixes:
 - rndc "" could trigger an assertion failure in named. This flaw is
   disclosed in (CVE-2017-3138). [RT #44924]
 - Some chaining (i.e., type CNAME or DNAME) responses to upstream
   queries could trigger assertion failures. This flaw is disclosed in
   CVE-2017-3137. [RT #44734]
 - dns64 with break-dnssec yes; can result in an assertion failure. This
   flaw is disclosed in CVE-2017-3136. [RT #44653]
 - If a server is configured with a response policy zone (RPZ) that
   rewrites an answer with local data, and is also configured for DNS64
   address mapping, a NULL pointer can be read triggering a server
   crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
 - A coding error in the nxdomain-redirect feature could lead to an
   assertion failure if the redirection namespace was served from a
   local authoritative data source such as a local zone or a DLZ instead
   of via recursive lookup. This flaw is disclosed in CVE-2016-9778.
   [RT #43837]
 - named could mishandle authority sections with missing RRSIGs,
   triggering an assertion failure. This flaw is disclosed in
   CVE-2016-9444. [RT #43632]
 - named mishandled some responses where covering RRSIG records were
   returned without the requested data, resulting in an assertion
   failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
 - named incorrectly tried to cache TKEY records which could trigger an
   assertion failure when there was a class mismatch. This flaw is
   disclosed in CVE-2016-9131. [RT #43522]
 - It was possible to trigger assertions when processing responses
   containing answers of type DNAME. This flaw is disclosed in
   CVE-2016-8864. [RT #43465]

Full release notes:

  ftp://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html

Also, remove --enable-rrl configure option from bind.mk as it doesn't
exist anymore.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-13 21:31:56 +02:00
Rahul Bedarkar
f33fd75afc package: use SPDX short identifier for MPL family licenses
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for MPLv1.0/MPLv1.1/MPLv2.0 is MPL-1.0/MPL-1.1/
MPL-2.0.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/MPLv([1-2]\.[0-1])/MPL-\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:27:47 +02:00
Peter Korsgaard
b9141fc88b bind: security bump to version 9.11.0-P3
Fixes CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash:

https://kb.isc.org/article/AA-01453

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-13 18:01:14 +01:00
Peter Korsgaard
4bab93be70 bind: security bump to version 9.11.0-P2
Bugfixes:

 - CVE-2016-9131: A malformed response to an ANY query can cause an
   assertion failure during recursion

 - CVE-2016-9147: An error handling a query response containing inconsistent
   DNSSEC information could cause an assertion failure

 - CVE-2016-9444: An unusually-formed DS record response could cause an
   assertion failure

 - CVE-2016-9778: An error handling certain queries using the
   nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-13 16:15:42 +01:00
Gustavo Zacarias
4a9f2cb2ee bind: security bump to version 9.11.0-P1
Fixes:
CVE-2016-8864 - denial-of-service vector which can potentially be
exploited against BIND 9 servers.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
[Thomas: fix hash URL in .hash file, noticed by Vicente.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-02 17:26:58 +01:00
Baruch Siach
8ec6dae302 bind: don't lookup zlib.h in host headers
configure.in looks in host headers for zlib.h, unless given a headers
directory as --with-zlib parameter.

Note: a bug in the zlib.h header lookup logic causes configure.in to add
-l$(STAGING_DIR)/usr/include/include, and -L$(STAGING_DIR)/usr/include/lib.
But this does not affect us.

Fixes:
http://autobuild.buildroot.net/results/e96/e96a36c4da3c3be4b79a27af75a70bb8955c31a9/
http://autobuild.buildroot.net/results/e0b/e0bd7df5c19c7c65ce0009b7c2b4d4104a5c3109/
http://autobuild.buildroot.net/results/e99/e993940067f7ae841132765f91bfee7248ab125f/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-19 11:23:00 +02:00
Vicente Olivert Riera
e662416d84 bind: bump version to 9.11.0
- With the release of BIND 9.11.0, ISC is changing the open source
  license for BIND from the ISC license to the Mozilla Public License
  (MPL 2.0). See release notes:
  http://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html

- Explicitly enable/disable zlib support, otherwise the configure script
  will fail like this:

  checking for zlib library... yes
  checking for library containing deflate... no
  configure: error: found zlib include but not library.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-15 11:46:33 +02:00
Vicente Olivert Riera
a808500f2a bind: bump version to 9.10.4-P3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-09-28 13:39:18 +02:00
Vicente Olivert Riera
c5a55f79c0 bind: bump version to 9.10.4-P2
Security fixes: CVE-2016-2775

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-19 11:50:22 +02:00
Gustavo Zacarias
80c0d7ce1c bind: security bump to version 9.10.4
Fixes:
CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could
trigger an assertion failure.

Drop libressl support patch since it's upstream now.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-04 22:47:43 +02:00
Gustavo Zacarias
67245dcbe1 bind: security bump to version 9.10.3-P4
Fixes:
CVE-2016-1285 - An error parsing input received by the rndc control
channel can cause an assertion failure in sexpr.c or alist.c
CVE-2016-1286 - A problem parsing resource record signatures for DNAME
resource records can lead to an assertion failure in resolver.c or db.c
CVE-2016-2088 - A response containing multiple DNS cookies causes
servers with cookie support enabled to exit with an assertion failure.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-10 20:49:52 +01:00
Jan Heylen
e4749b826c bind: fix intermittent build issues with high BR2_JLEVEL
Build sometimes breaks with:

libtool: link: `unix/os.lo' is not a valid libtool object
make[3]: *** [rndc-confgen] Error 1
make[3]: *** Waiting for unfinished jobs....
make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix'

So disable parallel builds.

This patch was removed with commit
c36b5d89c5 by Gustavo Zacarias
<gustavo@zacarias.com.ar> but the problem still occurs, so disabling
parallel builds again.

Fixes:
http://autobuild.buildroot.org/results/220/2201f04170ea8ef0961e907efce07c041a57c229/

Signed-off-by: Jan Heylen <heyleke@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-06 10:45:15 +01:00
Gustavo Zacarias
0a7cea9b80 bind: security bump to version 9.10.3-P3
Fixes:

CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and
9.10.x before 9.10.3-P3 allows remote authenticated users to cause a
denial of service (INSIST assertion failure and daemon exit) via a
malformed Address Prefix List (APL) record.

CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3,
when debug logging is enabled, allows remote attackers to cause a denial
of service (REQUIRE assertion failure and daemon exit, or daemon crash)
or possibly have unspecified other impact via (1) OPT data or (2) an ECS
option.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-26 23:05:40 +01:00
Gustavo Zacarias
6e8f91f346 bind: disable libjson support
It conflicts with jsoncpp, bind probes for json/json.h first, but that
header is installed by jsoncpp, which is completely different from
json-c.
Since it's not clear who's correct here (there might be some other
json-c predecessor/version that installs there as well) and the same
functionality (stats channel) is provided by libxml2 as well, just
disable libjson support completely.

Fixes:
http://autobuild.buildroot.net/results/226/2262c9b46663ea7a45e128a5fd7ff30417c2c2a7/build-end.log
(indirectly, it was probing aboslute directories while searching for it)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-30 19:22:51 +01:00
Gustavo Zacarias
07c1ad4647 bind: bump to version 9.10.3-P2
Leave the LTS series for the latest stable version for libressl
compatibility.
Unfortunately this means threads are now required, but this shouldn't be
a problem for a fully-featured resolver.

Drop 0001-disable-tests.patch since it's no longer required, genrandom
isn't run unless the tests are called upon.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-30 14:54:10 +01:00
Gustavo Zacarias
c3e119e093 bind: security bump to version 9.9.8-P2
Fixes:

Named is potentially vulnerable to the OpenSSL vulnerabilty described in
CVE-2015-3193.

CVE-2015-8461 - Incorrect reference counting could result in an INSIST
failure if a socket error occurred while performing a lookup.

CVE-2015-8000 - Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted, triggering a REQUIRE
failure when those records were subsequently cached.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-17 22:48:46 +01:00
Gustavo Zacarias
e5fa81e745 bind: bump to version 9.9.8
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-10-09 15:23:46 +02:00
Gustavo Zacarias
38d1a66bda bind: security bump to version 9.9.7-P3
Fixes:
CVE-2015-5722 - denial-of-service vector which can be exploited remotely
against a BIND server that is performing validation on DNSSEC-signed
records.
CVE-2015-5986 - denial-of-service vector which can be used against a
BIND server that is performing recursion and (under limited conditions)
an authoritative-only nameserver.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-09-04 16:07:37 +02:00
Gustavo Zacarias
948a1d4000 bind: security bump to version 9.9.7-P2
Fixes CVE-2015-5477 - An error in handling TKEY queries can cause named
to exit with a REQUIRE assertion failure.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-29 13:01:42 +02:00
Gustavo Zacarias
f70f45a43c bind: security bump to version 9.9.7-P1
Fixes:
CVE-2015-4620 - On servers configured to perform DNSSEC validation an
assertion failure could be triggered on answers from a specially
configured server.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-07-08 23:46:06 +02:00
Nathaniel Roach
0b067e2737 package/bind: Enable filter-aaaa-on-v4 option
This allows usage of the filter-aaaa-on-v4 configuration option.
This option disables responding with AAAA records when the request
	is made over ipv4. This may be useful on networks with
	ipv6 inside, but no ISP ipv6 (when combined with only
	listening on ipv4).

See https://kb.isc.org/article/AA-00576/
	Filter-AAAA-option-in-BIND-9-.html
	for more information.

Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-07-07 07:37:49 +02:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Gustavo Zacarias
cb10752548 bind: bump to version 9.9.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-03 08:36:01 +01:00
Gustavo Zacarias
7f484d8a1b bind: security bump to version 9.9.6-P2
Fixes CVE-2015-1349 - Revoking a managed trust anchor and supplying an
untrusted replacement could cause namedto crash with an assertion
failure.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-19 21:27:04 +01:00
Nathaniel Roach
c45c3ed8ad bind: Add systemd unit file and install it to run at startup.
The unit file is taken from debian, but tested working.
We'll call it named.service to match the sysV initscript.

Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-12 22:22:20 +01:00
Jerzy Grzegorek
27dd32942e package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-30 11:17:03 +01:00
Jerzy Grzegorek
dd7346f415 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-22 09:27:37 +01:00
Gustavo Zacarias
9289dc562d bind: security bump to version 9.9.6-P1
Fixes CVE-2014-8500 - A flaw in delegation handling could be exploited
to put named into an infinite loop, in which each lookup of a name
server triggered additional lookups of more name servers.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-09 12:40:32 +01:00
Maxime Hadjinlian
dd44b94312 package/*/*.mk: Fix indent
Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS  as per the manual example.

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-08 23:03:45 +01:00
Jerzy Grzegorek
1769933d98 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-26 05:47:05 +01:00
Jörg Krause
ffa33dc552 package/.mk files: remove --localstatedir=/var from autotools packages
Remove --localstatedir=/var from all autotools packages where it is no longer
needed.

Also remove --localstatedir=/var/lib/dhcp from package dhcp. localstatedir is
used by dhcp to set the default directory for the leases files. This can also
be done by setting --with-*-lease-file=/var/lib/dhcp/*, which is done in
dhcp.mk.

A custom --localstatedir is left in:
* proftpd.mk
* mysql.mk

This is safe to do:
One of the good thing with autoconf is that if you pass:
        --localstatedir=/var ... --localstatedir=/var/something
Then /var/something will be used. So, we can set --localstatedir=/var
by default in the infrastructure, and still have certain packages doing
weird things override it. [Thanks to Thomas Petazzoni]

Signed-off-by: Jörg Krause <jkrause@posteo.de>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-18 19:27:42 +02:00
Thomas De Schampheleire
f268f7131b .mk files: bulk aligment and whitespace cleanup of assignments
The Buildroot coding style defines one space around make assignments and
does not align the assignment symbols.

This patch does a bulk fix of offending packages. The package
infrastructures (or more in general assignments to calculated variable
names, like $(2)_FOO) are not touched.

Alignment of line continuation characters (\) is kept as-is.

The sed command used to do this replacement is:
find * -name "*.mk" | xargs sed -i \
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*$#\1 \2#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\]\+\)$#\1 \2 \3#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\ \t]\+\s*\\\)\s*$#\1 \2 \3#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\(\s*\\\)#\1 \2\3#'

Brief explanation of this command:
    ^\([A-Z0-9a-z_]\+\)     a regular variable at the beginning of the line
    \([?:+]\?=\)            any assignment character =, :=, ?=, +=
    \([^\\]\+\)             any string not containing a line continuation
    \([^\\ \t]\+\s*\\\)     string, optional whitespace, followed by a
                            line continuation character
    \(\s*\\\)               optional whitespace, followed by a line
                            continuation character

Hence, the first subexpression handles empty assignments, the second
handles regular assignments, the third handles regular assignments with
line continuation, and the fourth empty assignments with line
continuation.

This expression was tested on following test text: (initial tab not
included)

	FOO     = spaces before
	FOO     =   spaces before and after
	FOO	= tab before
	FOO	  = tab and spaces before
	FOO =	tab after
	FOO =	   tab and spaces after
	FOO =   	spaces and tab after
	FOO =    \
	FOO = bar \
	FOO = bar space    \
	FOO   =		   \
	GENIMAGE_DEPENDENCIES   = host-pkgconf libconfuse
	FOO     += spaces before
	FOO     ?=   spaces before and after
	FOO     :=
	FOO     =
	FOO	=
	FOO	  =
	FOO =
	   $(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) -C
	AT91BOOTSTRAP3_DEFCONFIG = \
	AXEL_DISABLE_I18N=--i18n=0

After this bulk change, following manual fixups were done:
- fix line continuation alignment in cegui06 and spice (the sed
  expression leaves the number of whitespace between the value and line
  continuation character intact, but the whitespace before that could have
  changed, causing misalignment.
- qt5base was reverted, as this package uses extensive alignment which
  actually makes the code more readable.

Finally, the end result was manually reviewed.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Cc: Yann E. Morin <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-07 15:00:28 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
f284a11708 bind: bump to version 9.9.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-01 14:02:51 +02:00
Gustavo Zacarias
26aefa672c bind: fix static openssl linking
Apparently LIBS (environment) isn't pushed to LIBS (autoconf) for the
tests, hence when static linking openssl it misses libz and assumes some
basic digests required for ecdsa support are missing, which is false. Fixes:
http://autobuild.buildroot.net/results/204/20411901d1bc6811e1ef8fa39457257d6bf1a146/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-30 23:51:51 +02:00
Gustavo Zacarias
ee6e435f1b bind: bump to version 9.9.5-p1
Fixes runtime issues when built with gcc 4.9

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-25 16:40:10 +02:00
Gustavo Zacarias
46b10b01a2 bind: security bump to version 9.9.5
Fixes CVE-2014-0591 (a crafted query against an NSEC3-signed zone can
crash BIND).
The 9.9.x series is the new ESV vesion, 9.6.x has been retired.
Also cleanup the initscript while at it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-10 15:33:15 +02:00
Thomas De Schampheleire
eb7bd9ef61 packages: remove uninstall commands
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-06 09:40:40 +01:00
Gustavo Zacarias
33be28d170 bind: bump to version 9.6-ESV-R10
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-27 08:27:16 +01:00
Jerzy Grzegorek
03882d45b2 normalize separator size to 80
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-27 15:22:40 +02:00
Thomas De Schampheleire
d8966bab7a bind: install to staging
Install bind to staging so other applications can use its include files
and libraries.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-27 14:49:41 +02:00
Gustavo Zacarias
98463e6f87 bind: security bump to version 9.6-ESV-R9-P1
Fixes CVE-2013-3919

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-07-19 23:24:02 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias
80ebf12906 bind: fix build failure for static+openssl
Bind just links to openssl libraries without checking it's dependencies.
This works when doing shared builds since the linker picks the deps up,
but fails badly on static builds.
So just define LIBS="-lz" when openssl is enabled. Fixes:
http://autobuild.buildroot.net/results/a9a166f932e0b6727ae8e470ce748418797875b9/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-05 22:57:54 +02:00
Gustavo Zacarias
46acbdb58d bind: add license information
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-28 23:30:54 +01:00
Gustavo Zacarias
cbf09c29d0 bind: security bump to version 9.6-ESV-R8
Fixes CVE-2012-5166, CVE-2012-4244, CVE-2012-3817 and CVE-2012-1667.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-12 12:55:34 +02:00
Gustavo Zacarias
c53e14e30c bind: security bump to version 9.6-ESV-R7-P2
Fixes CVE-2012-3817

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-30 19:17:52 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00