46b10b01a2
Fixes CVE-2014-0591 (a crafted query against an NSEC3-signed zone can crash BIND). The 9.9.x series is the new ESV vesion, 9.6.x has been retired. Also cleanup the initscript while at it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
93 lines
2.7 KiB
Makefile
93 lines
2.7 KiB
Makefile
################################################################################
|
|
#
|
|
# bind
|
|
#
|
|
################################################################################
|
|
|
|
BIND_VERSION = 9.9.5
|
|
BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
|
|
BIND_INSTALL_STAGING = YES
|
|
BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh
|
|
BIND_LICENSE = ISC
|
|
BIND_LICENSE_FILES = COPYRIGHT
|
|
BIND_TARGET_SERVER_SBIN = arpaname ddns-confgen dnssec-checkds dnssec-coverage
|
|
BIND_TARGET_SERVER_SBIN += dnssec-importkey dnssec-keygen dnssec-revoke
|
|
BIND_TARGET_SERVER_SBIN += dnssec-settime dnssec-verify genrandom
|
|
BIND_TARGET_SERVER_SBIN += isc-hmac-fixup named-journalprint nsec3hash
|
|
BIND_TARGET_SERVER_SBIN += lwresd named named-checkconf named-checkzone
|
|
BIND_TARGET_SERVER_SBIN += named-compilezone rndc rndc-confgen dnssec-dsfromkey
|
|
BIND_TARGET_SERVER_SBIN += dnssec-keyfromlabel dnssec-signzone
|
|
BIND_TARGET_TOOLS_BIN = dig host nslookup nsupdate
|
|
BIND_CONF_ENV = BUILD_CC="$(TARGET_CC)" \
|
|
BUILD_CFLAGS="$(TARGET_CFLAGS)"
|
|
BIND_CONF_OPT = --localstatedir=/var \
|
|
--with-randomdev=/dev/urandom \
|
|
--enable-epoll --with-libtool \
|
|
--with-gssapi=no --enable-rrl
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBCAP),y)
|
|
BIND_CONF_OPT += --enable-linux-caps
|
|
BIND_DEPENDENCIES += libcap
|
|
else
|
|
BIND_CONF_OPT += --disable-linux-caps
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBXML2),y)
|
|
BIND_CONF_OPT += --with-libxml2=$(STAGING_DIR)/usr --enable-newstats
|
|
BIND_DEPENDENCIES += libxml2
|
|
else
|
|
BIND_CONF_OPT += --with-libxml2=no
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
|
BIND_DEPENDENCIES += openssl
|
|
BIND_CONF_OPT += --with-openssl=$(STAGING_DIR)/usr LIBS="-lz" \
|
|
--with-ecdsa=yes
|
|
# GOST cipher support requires openssl extra engines
|
|
ifeq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
|
|
BIND_CONF_OPT += --with-gost=yes
|
|
else
|
|
BIND_CONF_OPT += --with-gost=no
|
|
endif
|
|
else
|
|
BIND_CONF_OPT += --with-openssl=no
|
|
endif
|
|
|
|
# Used by dnssec-checkds and dnssec-coverage
|
|
ifeq ($(BR2_PACKAGE_PYTHON)$(BR2_PACKAGE_PYTHON3),)
|
|
BIND_CONF_OPT += --with-python=no
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_READLINE),y)
|
|
BIND_DEPENDENCIES += readline
|
|
else
|
|
BIND_CONF_OPT += --with-readline=no
|
|
endif
|
|
|
|
define BIND_TARGET_REMOVE_SERVER
|
|
rm -rf $(addprefix $(TARGET_DIR)/usr/sbin/, $(BIND_TARGET_SERVER_SBIN))
|
|
endef
|
|
|
|
define BIND_TARGET_REMOVE_TOOLS
|
|
rm -rf $(addprefix $(TARGET_DIR)/usr/bin/, $(BIND_TARGET_TOOLS_BIN))
|
|
endef
|
|
|
|
ifeq ($(BR2_PACKAGE_BIND_SERVER),y)
|
|
define BIND_INSTALL_INIT_SYSV
|
|
$(INSTALL) -m 0755 -D package/bind/S81named \
|
|
$(TARGET_DIR)/etc/init.d/S81named
|
|
endef
|
|
else
|
|
BIND_POST_INSTALL_TARGET_HOOKS += BIND_TARGET_REMOVE_SERVER
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_BIND_TOOLS),)
|
|
BIND_POST_INSTALL_TARGET_HOOKS += BIND_TARGET_REMOVE_TOOLS
|
|
endif
|
|
|
|
define BIND_USERS
|
|
named -1 named -1 * /etc/bind - - BIND daemon
|
|
endef
|
|
|
|
$(eval $(autotools-package))
|