aboutsummaryrefslogtreecommitdiff
path: root/net/bind
Commit message (Collapse)AuthorAge
* bind: add nslookup alternative to busybox nslookupIan Cooper2020-05-26
| | | | | | | Add alternative to busybox nslookup. Busybox throws an error when the host does not have an AAAA record. Signed-off-by: Ian Cooper <iancooper@hotmail.com>
* bind: update to version 9.16.3Josef Schlehofer2020-05-20
| | | | | | | | Fixes: CVE-2020-8616 CVE-2020-8617 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bind: update to version (security fix)Jan Pavlinec2020-05-01
| | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* bind9: update to 9.16.1Noah Meyerhans2020-04-07
| | | | | | | | Add libuv dependency Fix optional libxml and c-json dependency handling Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: use json-c instead of jsoncppRosen Penev2020-04-07
| | | | | | | The configure script prefers the latter whereas the code prefers the latter. Hack around it. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* bind: update to version 9.14.8 (security fix)Jan Pavlinec2019-11-21
| | | | | | Fixes CVE-2019-6477 Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* bind: Update to version 9.14.7Josef Schlehofer2019-11-06
| | | | | | Fixes CVE-2019-6475 and CVE-2019-6476 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bind: Update to version 9.14.6Josef Schlehofer2019-09-19
| | | | Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bind: Update to version 9.14.5Josef Schlehofer2019-09-01
| | | | | | Add PKG_LICENSE_FILES Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bind: update to 9.14.4DENG Qingfang2019-07-30
| | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* bind: update to 9.14.3Deng Qingfang2019-06-26
| | | | | | | | Fixed CVE-2019-6471 ChangeLog: https://ftp.isc.org/isc/bind9/9.14.3/CHANGES Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* bind: update to 9.14.2Deng Qingfang2019-05-19
| | | | | | | | | | | | | BIND now requires POSIX thread and IPv6 support to build Add filter-AAAA plugin Remove unrecognized options Remove patch that no longer needed - 002-autoconf-ar-fix.patch Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* bind: update to 9.12.3-P4Deng Qingfang2019-02-24
| | | | | | | | | | | | | Fixed CVEs: CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 Add PKG_CPE_ID Size optimizations Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* bind: update to 9.12.3-P1 and otherDeng Qingfang2019-02-03
| | | | | | | | | Refresh patches Remove --enable-static and --enable-dynamic because they're enabled by default Enable parallel compilation Fix compile without IPv6 Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* bind: update to 9.11.5-P1Deng Qingfang2019-01-12
| | | | | | For changes in 9.11.5-P1 see https://ftp.isc.org/isc/bind9/9.11.5-P1/CHANGES Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* bind: change http servers to httpsJosef Schlehofer2018-11-23
| | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
* bind: a little bit polishing of MakefileJosef Schlehofer2018-11-23
| | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
* bind: Update bind.keysNoah Meyerhans2018-10-29
| | | | | | | | | A multi-year DNSSEC root key update is in progress, as described at https://www.isc.org/downloads/bind/bind-keys/. This change refreshes the bind.keys file, ensuring that the new key, in place as of 2018-10-11, will be recognized and trusted. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Include delv in the bind-tools packageNoah Meyerhans2018-10-29
| | | | | | | delv is a tool for sending DNS queries and validating the results, using the same internal resolver and validator logic as named. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Update to 9.11.5Noah Meyerhans2018-10-29
| | | | | | | | | This includes the fix for CVE-2018-5738: When recursion is enabled but the allow-recursion and allow-query-cache ACLs are not specified, they should be limited to local networks, but they were inadvertently set to match the default allow-query, thus allowing remote queries. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Remove OpenSSL deprecated APIs dependencyRosen Penev2018-10-28
| | | | | | It seems to not be needed anymore. Tested on mvebu and ar71xx. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* bind: Explicitly disable libatomic support (#6375)Noah Meyerhans2018-06-28
| | | | | | | By default, libatomic is conditionally enabled on some platforms, but it's not strictly necessary. We'll disable it here globally rather than introduce an unnecessary dependency. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: update PKG_LICENSE to reflect upstream changeNoah Meyerhans2018-06-13
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Update to version 9.11.3 and optionally support eddsa for dnssecNoah Meyerhans2018-06-13
| | | | | | | | | | | | | | | | | | | | | | EdDSA support is optional and currently defaults to being disabled. The following security issues are addressed with this update: * An error in TSIG handling could permit unauthorized zone transfers or zone updates. These flaws are disclosed in CVE-2017-3142 and CVE-2017-3143. * The BIND installer on Windows used an unquoted service path, which can enable privilege escalation. This flaw is disclosed in CVE-2017-3141. * With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop. This flaw is disclosed in CVE-2017-3140. * Addresses could be referenced after being freed during resolver processing, causing an assertion failure. The chances of this happening were remote, but the introduction of a delay in resolution increased them. This bug is disclosed in CVE-2017-3145. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Update to 9.11.2-P1Noah Meyerhans2018-01-17
| | | | | | | | | | New upstream release fixes the following security issues: * CVE-2017-3145: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: add support for building bind with libxml2 or libjsonHal Martin2017-11-23
| | | | | | | | | | At least one of libjson|libxml2 is required for bind statistics to function. Selecting libjson|libxml2 will result in an additional dependency required to build and install bind-libs. Signed-off-by: Hal Martin <hal.martin@gmail.com>
* bind: disable lmdbStijn Tintel2017-08-24
| | | | | | | | | | | When building on hosts with lmdb installed, bind configure phase fails: configure: error: found lmdb include but not library. Solve this by disabling lmdb. Fixes #4748. Fixes: eab56b6bee5d ("bind: version update to 9.11.2") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* bind: patch unneeded if openssl is build w/ deprecatedPhilip Prindeville2017-08-08
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* bind: fixes for openssl 1.1.0 thread compatibilityPhilip Prindeville2017-08-07
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* bind: version update to 9.11.2Philip Prindeville2017-08-07
| | | | | | Also refresh patches and dependencies. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* bind: Update to 9.10.5-P3Noah Meyerhans2017-07-16
| | | | | | | | | | | | | New upstream release includes fixes for the following security issues: * CVE-2017-3140: With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop * CVE-2017-3142: An error in TSIG handling could permit unauthorized zone transfers or zone updates. * CVE-2017-3143: An error in TSIG handling could permit unauthorized zone transfers or zone updates. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Include dnssec-settime in bind-dnssec/toolSami Olmari2017-06-06
| | | | | | | | | | | | | | <net/bind> Maintainer: @nmeyerhans Compile tested: x86_64, OpenWRT 50107 Run tested: x86 / 64, OpenWRT 50107 Description: Added dnssec-settime into bind-dnssec and bind-tools Signed-off-by: Sami Olmari <sami+git@olmari.fi>
* bind: Update to bind-9.10.5Noah Meyerhans2017-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change includes fixes for several security issues: * CVE-2017-3138: rndc "" could trigger an assertion failure in named. * CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. * CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion failure. * CVE-2017-3135: If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. * CVE-2016-9444: named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. * CVE-2016-9131: named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. * CVE-2016-9131: named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. * CVE-2016-8864: It was possible to trigger assertions when processing responses containing answers of type DNAME. * CVE-2016-6170: Added the ability to specify the maximum number of records permitted in a zone (max-records #;). This provides a mechanism to block overly large zone transfers, which is a potential risk with slave zones from other parties. * CVE-2016-2776: It was possible to trigger an assertion when rendering a message using a specially crafted request. * CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could trigger an infinite recursion bug in lwresd or named with lwres configured if, when combined with a search list entry from resolv.conf, the resulting name is too long. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: update to bind-9.10.4-P5Noah Meyerhans2017-01-11
| | | | | | | | | | | | | | | This change fixes multiple denial-of-service vulnerabilities: * CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion * CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure * CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure * CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Enable filter-aaaa build-time option by default.Noah Meyerhans2017-01-08
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: disable libjson supportStijn Tintel2016-11-29
| | | | | | If libjson-c is detected during bind-libs configure phase, bind-libs will be built with libjson support. This results in a missing dependency error during install phase. Solve this by disabling libjson support.
* bind: set sysconfdir to /etc/bindNoah Meyerhans2016-11-17
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: update to 9.10.4-p4Noah Meyerhans2016-11-01
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Set PKG_USE_MIPS16:=0Noah Meyerhans2016-09-29
|
* bind: Update to 9.9.9-p3 for CVE-2016-2776Noah Meyerhans2016-09-27
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* packages: cleanup Makefile variablesStephen Walker2016-07-09
| | | | | | Standard assignment is immediate expansion without any extraneous spacing, RFC822 compliant email addresses without any quotation marks and long git hashes Signed-off-by: Stephen Walker <stephendwalker+github@gmail.com>
* net/bind: PKG_RELEASE increasedDonkZZ2016-03-20
| | | Signed-off-by: DonkZZ <donk@evhr.net>
* net/bind: Update db.rootDonkZZ2016-03-20
| | | | | | The contents of the file "db.root" is very old (12 years). Here's a new version downloaded from ftp://ftp.internic.net/domain/ Signed-off-by: DonkZZ <donk@evhr.net>
* net/bind: Little cleaning in named.initDonkZZ2016-03-20
| | | | | The variable "config_file" appears twice. Signed-off-by: DonkZZ donk@evhr.net
* bind: Update to 9.9.8-P4 to resolve CVE-2016-1285 and CVE-2016-1286Noah Meyerhans2016-03-09
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: Allow packages to be built with optional filter-aaaa optionNoah Meyerhans2016-01-23
| | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* bind: upgrade to 9.9.8-P3Noah Meyerhans2016-01-23
| | | | | | | | | | Fixes: * CVE-2015-8704 * CVE-2015-3193 * CVE-2015-8000 * CVE-2015-8461 Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* Merge pull request #1722 from rraptorr/bind-ecdsaNoah Meyerhans2015-09-04
|\ | | | | bind: Enable ECDSA support
| * bind: Enable ECDSA supportJanusz Dziemidowicz2015-08-27
| | | | | | | | | | | | | | Enables bind to do ECDSA DNSSEC validation. Depends on OpenSSL support for ECDSA. Increases size of bind-libs package by about 2kB. Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>
* | [bind] Update to 9.9.7-P3 to fix CVE-2015-5722 and CVE-2015-5986Noah Meyerhans2015-09-02
|/ | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Powered by cgit, Themed by Ted Yin.