buildroot/package/bind, branch 2018.02

bind: security bump to version 9.11.2-P1

2018-01-17T13:07:41+00:00

Fixes the following security issue: CVE-2017-3145: Improper sequencing during cleanup can lead to a use-after-free error, triggering an assertion failure and crash in named. For more details, see the advisory: https://lists.isc.org/pipermail/bind-announce/2018-January/001072.html Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

bind: use http:// instead of ftp:// for site

2017-09-22T21:28:10+00:00

To avoid issues with firewalls blocking ftp. Signed-off-by: Peter Korsgaard

bind: bump to version 9.11.2

2017-09-22T21:28:06+00:00

Adds support for the new ICANN DNSSEC root key for the upcoming KSK rollover (Oct 11): https://www.icann.org/resources/pages/ksk-rollover For more details, see the release notes: https://kb.isc.org/article/AA-01522 Signed-off-by: Peter Korsgaard

Revert "bind: fix compilation when lmdb.h is present on host"

2017-09-10T15:16:15+00:00

This reverts commit 7c0ecd4d7526dedce85a49172b031f45cde19a4b, as it is in fact a duplicate of commit bb95fef1e0bec4ebc0584001f337438b17c4744d. Reported-by: Peter Seiderer Signed-off-by: Thomas Petazzoni

bind: fix compilation when lmdb.h is present on host

2017-09-09T20:25:02+00:00

Bind autoconf scripts look for lmdb.h in /usr/include (even when cross-compiling). When liblmdb-dev is installed, this causes the following error: ... checking for lmdb library... yes checking for library containing mdb_env_create... no configure: error: found lmdb include but not library. Fix this by disabling explicitly lmdb support. Signed-off-by: Robin Jarry Signed-off-by: Julien Floret Signed-off-by: Thomas Petazzoni

bind: fix configure in case lmdb devel files are present on the host

2017-08-08T18:45:07+00:00

Fix configure failure in case lmdb devel files are present on the host by adding --without-lmdb option (reported [1] and fix tested [2],[3] by grunpferd@netscape.net). Fixes: checking for lmdb library... yes checking for library containing mdb_env_create... no configure: error: found lmdb include but not library. [1] http://lists.busybox.net/pipermail/buildroot/2017-August/199945.html [2] http://lists.busybox.net/pipermail/buildroot/2017-August/199963.html [3] http://lists.busybox.net/pipermail/buildroot/2017-August/199964.html Signed-off-by: Peter Seiderer Signed-off-by: Arnout Vandecappelle (Essensium/Mind)

bind: bump version to bugfix release 9.11.1-P3

2017-07-24T16:33:42+00:00

BIND 9.11.1-P3 addresses a TSIG regression introduced in the 9.11.1-P2 security bump: https://lists.isc.org/pipermail/bind-announce/2017-July/001057.html Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.11.1-P2

2017-07-02T21:48:41+00:00

Fixes the following security issues: CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: * providing an AXFR of a zone to an unauthorized recipient * accepting bogus NOTIFY packets https://kb.isc.org/article/AA-01504/74/CVE-2017-3142 CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic updates An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. https://kb.isc.org/article/AA-01503/74/CVE-2017-3143 Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.11-P1

2017-06-20T21:14:16+00:00

Fixes the following security issues: CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules. https://kb.isc.org/article/AA-01495/74/CVE-2017-3140 CVE-2017-3141 is a Windows privilege escalation vector affecting 9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The BIND Windows installer failed to properly quote the service paths, possibly allowing a local user to achieve privilege escalation, if allowed by file system permissions. https://kb.isc.org/article/AA-01496/74/CVE-2017-3141 Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

package/b*/Config.in: fix help text wrapping

2017-05-11T21:26:49+00:00

The check-package script when ran gives warnings on text wrapping on all of these Config files. This patch cleans up all warnings related to the text wrapping for the Config files starting with the letter b in the package directory. The appropriate indentation is: <2 spaces><62 chars> See http://nightly.buildroot.org/#writing-rules-config-in for more information. Signed-off-by: Adam Duskett Signed-off-by: Thomas Petazzoni