buildroot/package/bind, branch 2016.02

bind: fix intermittent build issues with high BR2_JLEVEL

2016-02-06T09:45:15+00:00

Build sometimes breaks with: libtool: link: `unix/os.lo' is not a valid libtool object make[3]: *** [rndc-confgen] Error 1 make[3]: *** Waiting for unfinished jobs.... make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix' So disable parallel builds. This patch was removed with commit c36b5d89c5616f7ca0a7295cbb5c231606beb71e by Gustavo Zacarias but the problem still occurs, so disabling parallel builds again. Fixes: http://autobuild.buildroot.org/results/220/2201f04170ea8ef0961e907efce07c041a57c229/ Signed-off-by: Jan Heylen Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.10.3-P3

2016-01-26T22:05:40+00:00

Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: rename ptrsize to ptr_size in the code

2016-01-26T22:05:40+00:00

uClibc in commit 70a04a28 #defined ptrsize globally in bits/setjmp.h for mips. However this is a common variable name and causes build failure for at least bind. So rename ptrsize to ptr_size in bind to avoid this. Fixes: http://autobuild.buildroot.net/results/a92/a92fa5dc5d9d6742d61d4d293f7eac97c5355dfe/ Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: add libressl-enabling patch

2015-12-30T22:20:57+00:00

Besides the version bump we also require this patch, which is upstream. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: disable libjson support

2015-12-30T18:22:51+00:00

It conflicts with jsoncpp, bind probes for json/json.h first, but that header is installed by jsoncpp, which is completely different from json-c. Since it's not clear who's correct here (there might be some other json-c predecessor/version that installs there as well) and the same functionality (stats channel) is provided by libxml2 as well, just disable libjson support completely. Fixes: http://autobuild.buildroot.net/results/226/2262c9b46663ea7a45e128a5fd7ff30417c2c2a7/build-end.log (indirectly, it was probing aboslute directories while searching for it) Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: bump to version 9.10.3-P2

2015-12-30T13:54:10+00:00

Leave the LTS series for the latest stable version for libressl compatibility. Unfortunately this means threads are now required, but this shouldn't be a problem for a fully-featured resolver. Drop 0001-disable-tests.patch since it's no longer required, genrandom isn't run unless the tests are called upon. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.8-P2

2015-12-17T21:48:46+00:00

Fixes: Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. CVE-2015-8461 - Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. CVE-2015-8000 - Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: bump to version 9.9.8

2015-10-09T13:23:46+00:00

Signed-off-by: Gustavo Zacarias Reviewed-by: Vicente Olivert Riera Tested-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

package: Replace 'echo -n' by 'printf'

2015-10-03T22:56:41+00:00

'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian Reviewed-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Peter Korsgaard

bind: security bump to version 9.9.7-P3

2015-09-04T14:07:37+00:00

Fixes: CVE-2015-5722 - denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. CVE-2015-5986 - denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Signed-off-by: Gustavo Zacarias Reviewed-by: Vicente Olivert Riera Tested-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard