OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.11 2016-11-02T16:26:58+00:00 2016-11-02T16:26:58+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-11-01T22:59:14+00:00 urn:sha1:4a9f2cb2ee597583107a3add8b17f2217b3e0915 Fixes: CVE-2016-8864 - denial-of-service vector which can potentially be exploited against BIND 9 servers. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> [Thomas: fix hash URL in .hash file, noticed by Vicente.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-10-19T09:23:00+00:00 Baruch Siach baruch@tkos.co.il 2016-10-19T08:24:12+00:00 urn:sha1:8ec6dae302e31af3869be5ad0af79e8d18416ff7 configure.in looks in host headers for zlib.h, unless given a headers directory as --with-zlib parameter. Note: a bug in the zlib.h header lookup logic causes configure.in to add -l$(STAGING_DIR)/usr/include/include, and -L$(STAGING_DIR)/usr/include/lib. But this does not affect us. Fixes: http://autobuild.buildroot.net/results/e96/e96a36c4da3c3be4b79a27af75a70bb8955c31a9/ http://autobuild.buildroot.net/results/e0b/e0bd7df5c19c7c65ce0009b7c2b4d4104a5c3109/ http://autobuild.buildroot.net/results/e99/e993940067f7ae841132765f91bfee7248ab125f/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-10-15T09:46:33+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-10-11T12:54:23+00:00 urn:sha1:e662416d844040806a49a97c608aa674dcdd6580 - With the release of BIND 9.11.0, ISC is changing the open source license for BIND from the ISC license to the Mozilla Public License (MPL 2.0). See release notes: http://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html - Explicitly enable/disable zlib support, otherwise the configure script will fail like this: checking for zlib library... yes checking for library containing deflate... no configure: error: found zlib include but not library. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-09-28T11:39:18+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-09-28T10:20:22+00:00 urn:sha1:a808500f2a189e1d4b079ac1d6a2eaa3a0bb59d2 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-07-19T09:50:22+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-19T09:29:06+00:00 urn:sha1:c5a55f79c0ca5fc1a649e69b15cadb1ce5a74c14 Security fixes: CVE-2016-2775 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-04T20:47:43+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-03T15:42:04+00:00 urn:sha1:80c0d7ce1c49854bbf1f2c5daf4a358548193a2c Fixes: CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could trigger an assertion failure. Drop libressl support patch since it's upstream now. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-03-10T19:49:52+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-10T17:22:28+00:00 urn:sha1:67245dcbe14c2e98f44dcc717cfefedd6b7294d9 Fixes: CVE-2016-1285 - An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1286 - A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c CVE-2016-2088 - A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-02-06T09:45:15+00:00 Jan Heylen heyleke@gmail.com 2016-02-06T09:00:07+00:00 urn:sha1:e4749b826c04cda213768332f67ffb82f06105b2 Build sometimes breaks with: libtool: link: `unix/os.lo' is not a valid libtool object make[3]: *** [rndc-confgen] Error 1 make[3]: *** Waiting for unfinished jobs.... make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix' So disable parallel builds. This patch was removed with commit c36b5d89c5616f7ca0a7295cbb5c231606beb71e by Gustavo Zacarias <gustavo@zacarias.com.ar> but the problem still occurs, so disabling parallel builds again. Fixes: http://autobuild.buildroot.org/results/220/2201f04170ea8ef0961e907efce07c041a57c229/ Signed-off-by: Jan Heylen <heyleke@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-26T22:05:40+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-22T12:28:11+00:00 urn:sha1:0a7cea9b80cffc0c0c16f5b59980518362b7b154 Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-30T18:22:51+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-12-30T16:51:04+00:00 urn:sha1:6e8f91f346c3fefd5e9115881813f96ae422b5a7 It conflicts with jsoncpp, bind probes for json/json.h first, but that header is installed by jsoncpp, which is completely different from json-c. Since it's not clear who's correct here (there might be some other json-c predecessor/version that installs there as well) and the same functionality (stats channel) is provided by libxml2 as well, just disable libjson support completely. Fixes: http://autobuild.buildroot.net/results/226/2262c9b46663ea7a45e128a5fd7ff30417c2c2a7/build-end.log (indirectly, it was probing aboslute directories while searching for it) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>