buildroot/package/bind/bind.hash, branch 2016.08

bind: bump version to 9.10.4-P2

2016-07-19T09:50:22+00:00

Security fixes: CVE-2016-2775 Signed-off-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.10.4

2016-05-04T20:47:43+00:00

Fixes: CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could trigger an assertion failure. Drop libressl support patch since it's upstream now. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: security bump to version 9.10.3-P4

2016-03-10T19:49:52+00:00

Fixes: CVE-2016-1285 - An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1286 - A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c CVE-2016-2088 - A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: security bump to version 9.10.3-P3

2016-01-26T22:05:40+00:00

Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: bump to version 9.10.3-P2

2015-12-30T13:54:10+00:00

Leave the LTS series for the latest stable version for libressl compatibility. Unfortunately this means threads are now required, but this shouldn't be a problem for a fully-featured resolver. Drop 0001-disable-tests.patch since it's no longer required, genrandom isn't run unless the tests are called upon. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.8-P2

2015-12-17T21:48:46+00:00

Fixes: Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. CVE-2015-8461 - Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. CVE-2015-8000 - Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: bump to version 9.9.8

2015-10-09T13:23:46+00:00

Signed-off-by: Gustavo Zacarias Reviewed-by: Vicente Olivert Riera Tested-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.7-P3

2015-09-04T14:07:37+00:00

Fixes: CVE-2015-5722 - denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. CVE-2015-5986 - denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Signed-off-by: Gustavo Zacarias Reviewed-by: Vicente Olivert Riera Tested-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

bind: security bump to version 9.9.7-P2

2015-07-29T11:01:42+00:00

Fixes CVE-2015-5477 - An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.7-P1

2015-07-08T21:46:06+00:00

Fixes: CVE-2015-4620 - On servers configured to perform DNSSEC validation an assertion failure could be triggered on answers from a specially configured server. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard