OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2016-02-06T09:45:15+00:00 2016-02-06T09:45:15+00:00 Jan Heylen heyleke@gmail.com 2016-02-06T09:00:07+00:00 urn:sha1:e4749b826c04cda213768332f67ffb82f06105b2 Build sometimes breaks with: libtool: link: `unix/os.lo' is not a valid libtool object make[3]: *** [rndc-confgen] Error 1 make[3]: *** Waiting for unfinished jobs.... make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix' So disable parallel builds. This patch was removed with commit c36b5d89c5616f7ca0a7295cbb5c231606beb71e by Gustavo Zacarias <gustavo@zacarias.com.ar> but the problem still occurs, so disabling parallel builds again. Fixes: http://autobuild.buildroot.org/results/220/2201f04170ea8ef0961e907efce07c041a57c229/ Signed-off-by: Jan Heylen <heyleke@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-26T22:05:40+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-22T12:28:11+00:00 urn:sha1:0a7cea9b80cffc0c0c16f5b59980518362b7b154 Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-30T18:22:51+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-12-30T16:51:04+00:00 urn:sha1:6e8f91f346c3fefd5e9115881813f96ae422b5a7 It conflicts with jsoncpp, bind probes for json/json.h first, but that header is installed by jsoncpp, which is completely different from json-c. Since it's not clear who's correct here (there might be some other json-c predecessor/version that installs there as well) and the same functionality (stats channel) is provided by libxml2 as well, just disable libjson support completely. Fixes: http://autobuild.buildroot.net/results/226/2262c9b46663ea7a45e128a5fd7ff30417c2c2a7/build-end.log (indirectly, it was probing aboslute directories while searching for it) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-12-30T13:54:10+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-12-30T13:39:29+00:00 urn:sha1:07c1ad4647b6a8e60338fc01ddcb2d629de0ad14 Leave the LTS series for the latest stable version for libressl compatibility. Unfortunately this means threads are now required, but this shouldn't be a problem for a fully-featured resolver. Drop 0001-disable-tests.patch since it's no longer required, genrandom isn't run unless the tests are called upon. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-12-17T21:48:46+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-12-17T21:43:55+00:00 urn:sha1:c3e119e09307eff7ef702f7f860ecbc9b156715e Fixes: Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. CVE-2015-8461 - Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. CVE-2015-8000 - Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-09T13:23:46+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-10-08T20:16:33+00:00 urn:sha1:e5fa81e745b2bc6f9beb6656b973ebb5a9dc5585 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-04T14:07:37+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-09-04T12:39:52+00:00 urn:sha1:38d1a66bda57cb4c47156021ee976c2583b55822 Fixes: CVE-2015-5722 - denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. CVE-2015-5986 - denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-29T11:01:42+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-07-29T10:24:06+00:00 urn:sha1:948a1d40009ea62c2f0c851186539c491c93c1ea Fixes CVE-2015-5477 - An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-08T21:46:06+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-07-08T16:52:15+00:00 urn:sha1:f70f45a43c486d04bc9aeb5a82f1ce778cf607bc Fixes: CVE-2015-4620 - On servers configured to perform DNSSEC validation an assertion failure could be triggered on answers from a specially configured server. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-07T05:37:49+00:00 Nathaniel Roach nroach44@gmail.com 2015-07-06T16:55:45+00:00 urn:sha1:0b067e2737821204ea969f72201f73604d3cd905 This allows usage of the filter-aaaa-on-v4 configuration option. This option disables responding with AAAA records when the request is made over ipv4. This may be useful on networks with ipv6 inside, but no ISP ipv6 (when combined with only listening on ipv4). See https://kb.isc.org/article/AA-00576/ Filter-AAAA-option-in-BIND-9-.html for more information. Signed-off-by: Nathaniel Roach <nroach44@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>