OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.02 2017-02-13T17:01:14+00:00 2017-02-13T17:01:14+00:00 Peter Korsgaard peter@korsgaard.com 2017-02-12T21:59:58+00:00 urn:sha1:b9141fc88b24b6e0d565f84ee768f3199f31a6cd Fixes CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash: https://kb.isc.org/article/AA-01453 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-01-13T15:15:42+00:00 Peter Korsgaard peter@korsgaard.com 2017-01-12T08:00:00+00:00 urn:sha1:4bab93be70ba576668a9fa19d0ff92ce2b97c905 Bugfixes: - CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion - CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure - CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure - CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-11-02T16:26:58+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-11-01T22:59:14+00:00 urn:sha1:4a9f2cb2ee597583107a3add8b17f2217b3e0915 Fixes: CVE-2016-8864 - denial-of-service vector which can potentially be exploited against BIND 9 servers. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> [Thomas: fix hash URL in .hash file, noticed by Vicente.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-10-19T09:23:00+00:00 Baruch Siach baruch@tkos.co.il 2016-10-19T08:24:12+00:00 urn:sha1:8ec6dae302e31af3869be5ad0af79e8d18416ff7 configure.in looks in host headers for zlib.h, unless given a headers directory as --with-zlib parameter. Note: a bug in the zlib.h header lookup logic causes configure.in to add -l$(STAGING_DIR)/usr/include/include, and -L$(STAGING_DIR)/usr/include/lib. But this does not affect us. Fixes: http://autobuild.buildroot.net/results/e96/e96a36c4da3c3be4b79a27af75a70bb8955c31a9/ http://autobuild.buildroot.net/results/e0b/e0bd7df5c19c7c65ce0009b7c2b4d4104a5c3109/ http://autobuild.buildroot.net/results/e99/e993940067f7ae841132765f91bfee7248ab125f/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-10-15T09:46:33+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-10-11T12:54:23+00:00 urn:sha1:e662416d844040806a49a97c608aa674dcdd6580 - With the release of BIND 9.11.0, ISC is changing the open source license for BIND from the ISC license to the Mozilla Public License (MPL 2.0). See release notes: http://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html - Explicitly enable/disable zlib support, otherwise the configure script will fail like this: checking for zlib library... yes checking for library containing deflate... no configure: error: found zlib include but not library. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-09-28T11:39:18+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-09-28T10:20:22+00:00 urn:sha1:a808500f2a189e1d4b079ac1d6a2eaa3a0bb59d2 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-07-19T09:50:22+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-19T09:29:06+00:00 urn:sha1:c5a55f79c0ca5fc1a649e69b15cadb1ce5a74c14 Security fixes: CVE-2016-2775 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-04T20:47:43+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-03T15:42:04+00:00 urn:sha1:80c0d7ce1c49854bbf1f2c5daf4a358548193a2c Fixes: CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could trigger an assertion failure. Drop libressl support patch since it's upstream now. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-03-10T19:49:52+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-10T17:22:28+00:00 urn:sha1:67245dcbe14c2e98f44dcc717cfefedd6b7294d9 Fixes: CVE-2016-1285 - An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1286 - A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c CVE-2016-2088 - A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-02-06T09:45:15+00:00 Jan Heylen heyleke@gmail.com 2016-02-06T09:00:07+00:00 urn:sha1:e4749b826c04cda213768332f67ffb82f06105b2 Build sometimes breaks with: libtool: link: `unix/os.lo' is not a valid libtool object make[3]: *** [rndc-confgen] Error 1 make[3]: *** Waiting for unfinished jobs.... make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix' So disable parallel builds. This patch was removed with commit c36b5d89c5616f7ca0a7295cbb5c231606beb71e by Gustavo Zacarias <gustavo@zacarias.com.ar> but the problem still occurs, so disabling parallel builds again. Fixes: http://autobuild.buildroot.org/results/220/2201f04170ea8ef0961e907efce07c041a57c229/ Signed-off-by: Jan Heylen <heyleke@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>