summaryrefslogtreecommitdiffstats
path: root/package/bind
Commit message (Collapse)AuthorAgeFilesLines
* bind: use http:// instead of ftp:// for sitePeter Korsgaard2017-09-221-1/+1
| | | | | | To avoid issues with firewalls blocking ftp. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump to version 9.11.2Peter Korsgaard2017-09-222-3/+3
| | | | | | | | | | | | Adds support for the new ICANN DNSSEC root key for the upcoming KSK rollover (Oct 11): https://www.icann.org/resources/pages/ksk-rollover For more details, see the release notes: https://kb.isc.org/article/AA-01522 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Revert "bind: fix compilation when lmdb.h is present on host"Thomas Petazzoni2017-09-101-1/+0
| | | | | | | | | This reverts commit 7c0ecd4d7526dedce85a49172b031f45cde19a4b, as it is in fact a duplicate of commit bb95fef1e0bec4ebc0584001f337438b17c4744d. Reported-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: fix compilation when lmdb.h is present on hostRobin Jarry2017-09-091-0/+1
| | | | | | | | | | | | | | | | | Bind autoconf scripts look for lmdb.h in /usr/include (even when cross-compiling). When liblmdb-dev is installed, this causes the following error: ... checking for lmdb library... yes checking for library containing mdb_env_create... no configure: error: found lmdb include but not library. Fix this by disabling explicitly lmdb support. Signed-off-by: Robin Jarry <robin.jarry@6wind.com> Signed-off-by: Julien Floret <julien.floret@6wind.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: fix configure in case lmdb devel files are present on the hostPeter Seiderer2017-08-081-0/+1
| | | | | | | | | | | | | | | | | | | Fix configure failure in case lmdb devel files are present on the host by adding --without-lmdb option (reported [1] and fix tested [2],[3] by grunpferd@netscape.net). Fixes: checking for lmdb library... yes checking for library containing mdb_env_create... no configure: error: found lmdb include but not library. [1] http://lists.busybox.net/pipermail/buildroot/2017-August/199945.html [2] http://lists.busybox.net/pipermail/buildroot/2017-August/199963.html [3] http://lists.busybox.net/pipermail/buildroot/2017-August/199964.html Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* bind: bump version to bugfix release 9.11.1-P3Peter Korsgaard2017-07-242-3/+4
| | | | | | | | | | | | BIND 9.11.1-P3 addresses a TSIG regression introduced in the 9.11.1-P2 security bump: https://lists.isc.org/pipermail/bind-announce/2017-July/001057.html Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.11.1-P2Peter Korsgaard2017-07-022-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: * providing an AXFR of a zone to an unauthorized recipient * accepting bogus NOTIFY packets https://kb.isc.org/article/AA-01504/74/CVE-2017-3142 CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic updates An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. https://kb.isc.org/article/AA-01503/74/CVE-2017-3143 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.11-P1Peter Korsgaard2017-06-202-3/+3
| | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules. https://kb.isc.org/article/AA-01495/74/CVE-2017-3140 CVE-2017-3141 is a Windows privilege escalation vector affecting 9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The BIND Windows installer failed to properly quote the service paths, possibly allowing a local user to achieve privilege escalation, if allowed by file system permissions. https://kb.isc.org/article/AA-01496/74/CVE-2017-3141 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/b*/Config.in: fix help text wrappingAdam Duskett2017-05-111-6/+9
| | | | | | | | | | | | | | The check-package script when ran gives warnings on text wrapping on all of these Config files. This patch cleans up all warnings related to the text wrapping for the Config files starting with the letter b in the package directory. The appropriate indentation is: <tab><2 spaces><62 chars> See http://nightly.buildroot.org/#writing-rules-config-in for more information. Signed-off-by: Adam Duskett <aduskett@codeblue.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump version to 9.11.1Vicente Olivert Riera2017-04-202-3/+3
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump version to 9.11.0-P5 (security)Vicente Olivert Riera2017-04-132-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes: - rndc "" could trigger an assertion failure in named. This flaw is disclosed in (CVE-2017-3138). [RT #44924] - Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734] - dns64 with break-dnssec yes; can result in an assertion failure. This flaw is disclosed in CVE-2017-3136. [RT #44653] - If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] - A coding error in the nxdomain-redirect feature could lead to an assertion failure if the redirection namespace was served from a local authoritative data source such as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837] - named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632] - named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. This flaw is disclosed in CVE-2016-9147. [RT #43548] - named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522] - It was possible to trigger assertions when processing responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465] Full release notes: ftp://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html Also, remove --enable-rrl configure option from bind.mk as it doesn't exist anymore. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: use SPDX short identifier for MPL family licensesRahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for MPLv1.0/MPLv1.1/MPLv2.0 is MPL-1.0/MPL-1.1/ MPL-2.0. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/MPLv([1-2]\.[0-1])/MPL-\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.11.0-P3Peter Korsgaard2017-02-132-3/+3
| | | | | | | | Fixes CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash: https://kb.isc.org/article/AA-01453 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.11.0-P2Peter Korsgaard2017-01-132-3/+3
| | | | | | | | | | | | | | | | | | Bugfixes: - CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion - CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure - CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure - CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.11.0-P1Gustavo Zacarias2016-11-022-3/+3
| | | | | | | | | | Fixes: CVE-2016-8864 - denial-of-service vector which can potentially be exploited against BIND 9 servers. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> [Thomas: fix hash URL in .hash file, noticed by Vicente.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: don't lookup zlib.h in host headersBaruch Siach2016-10-191-1/+1
| | | | | | | | | | | | | | | | | configure.in looks in host headers for zlib.h, unless given a headers directory as --with-zlib parameter. Note: a bug in the zlib.h header lookup logic causes configure.in to add -l$(STAGING_DIR)/usr/include/include, and -L$(STAGING_DIR)/usr/include/lib. But this does not affect us. Fixes: http://autobuild.buildroot.net/results/e96/e96a36c4da3c3be4b79a27af75a70bb8955c31a9/ http://autobuild.buildroot.net/results/e0b/e0bd7df5c19c7c65ce0009b7c2b4d4104a5c3109/ http://autobuild.buildroot.net/results/e99/e993940067f7ae841132765f91bfee7248ab125f/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump version to 9.11.0Vicente Olivert Riera2016-10-152-4/+11
| | | | | | | | | | | | | | | | | - With the release of BIND 9.11.0, ISC is changing the open source license for BIND from the ISC license to the Mozilla Public License (MPL 2.0). See release notes: http://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html - Explicitly enable/disable zlib support, otherwise the configure script will fail like this: checking for zlib library... yes checking for library containing deflate... no configure: error: found zlib include but not library. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump version to 9.10.4-P3Vicente Olivert Riera2016-09-282-3/+3
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: bump version to 9.10.4-P2Vicente Olivert Riera2016-07-192-3/+3
| | | | | | | Security fixes: CVE-2016-2775 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.10.4Gustavo Zacarias2016-05-043-132/+3
| | | | | | | | | | | Fixes: CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could trigger an assertion failure. Drop libressl support patch since it's upstream now. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.10.3-P4Gustavo Zacarias2016-03-102-3/+3
| | | | | | | | | | | | | Fixes: CVE-2016-1285 - An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1286 - A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c CVE-2016-2088 - A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: fix intermittent build issues with high BR2_JLEVELJan Heylen2016-02-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | Build sometimes breaks with: libtool: link: `unix/os.lo' is not a valid libtool object make[3]: *** [rndc-confgen] Error 1 make[3]: *** Waiting for unfinished jobs.... make[4]: Leaving directory `/scratch/peko/build/bind-9.6-ESV-R4/bin/rndc/unix' So disable parallel builds. This patch was removed with commit c36b5d89c5616f7ca0a7295cbb5c231606beb71e by Gustavo Zacarias <gustavo@zacarias.com.ar> but the problem still occurs, so disabling parallel builds again. Fixes: http://autobuild.buildroot.org/results/220/2201f04170ea8ef0961e907efce07c041a57c229/ Signed-off-by: Jan Heylen <heyleke@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.10.3-P3Gustavo Zacarias2016-01-262-3/+3
| | | | | | | | | | | | | | | | | | Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: rename ptrsize to ptr_size in the codeGustavo Zacarias2016-01-261-0/+74
| | | | | | | | | | | uClibc in commit 70a04a28 #defined ptrsize globally in bits/setjmp.h for mips. However this is a common variable name and causes build failure for at least bind. So rename ptrsize to ptr_size in bind to avoid this. Fixes: http://autobuild.buildroot.net/results/a92/a92fa5dc5d9d6742d61d4d293f7eac97c5355dfe/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: add libressl-enabling patchGustavo Zacarias2015-12-301-0/+129
| | | | | | | Besides the version bump we also require this patch, which is upstream. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: disable libjson supportGustavo Zacarias2015-12-301-7/+1
| | | | | | | | | | | | | | | | | It conflicts with jsoncpp, bind probes for json/json.h first, but that header is installed by jsoncpp, which is completely different from json-c. Since it's not clear who's correct here (there might be some other json-c predecessor/version that installs there as well) and the same functionality (stats channel) is provided by libxml2 as well, just disable libjson support completely. Fixes: http://autobuild.buildroot.net/results/226/2262c9b46663ea7a45e128a5fd7ff30417c2c2a7/build-end.log (indirectly, it was probing aboslute directories while searching for it) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump to version 9.10.3-P2Gustavo Zacarias2015-12-304-33/+13
| | | | | | | | | | | | | Leave the LTS series for the latest stable version for libressl compatibility. Unfortunately this means threads are now required, but this shouldn't be a problem for a fully-featured resolver. Drop 0001-disable-tests.patch since it's no longer required, genrandom isn't run unless the tests are called upon. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.9.8-P2Gustavo Zacarias2015-12-172-3/+3
| | | | | | | | | | | | | | | | | Fixes: Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. CVE-2015-8461 - Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. CVE-2015-8000 - Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump to version 9.9.8Gustavo Zacarias2015-10-092-3/+3
| | | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: Replace 'echo -n' by 'printf'Maxime Hadjinlian2015-10-041-3/+3
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.9.7-P3Gustavo Zacarias2015-09-042-3/+3
| | | | | | | | | | | | | | | Fixes: CVE-2015-5722 - denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. CVE-2015-5986 - denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.9.7-P2Gustavo Zacarias2015-07-292-3/+3
| | | | | | | | Fixes CVE-2015-5477 - An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: security bump to version 9.9.7-P1Gustavo Zacarias2015-07-082-3/+3
| | | | | | | | | | Fixes: CVE-2015-4620 - On servers configured to perform DNSSEC validation an assertion failure could be triggered on answers from a specially configured server. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/bind: Enable filter-aaaa-on-v4 optionNathaniel Roach2015-07-071-1/+2
| | | | | | | | | | | | | | | This allows usage of the filter-aaaa-on-v4 configuration option. This option disables responding with AAAA records when the request is made over ipv4. This may be useful on networks with ipv6 inside, but no ISP ipv6 (when combined with only listening on ipv4). See https://kb.isc.org/article/AA-00576/ Filter-AAAA-option-in-BIND-9-.html for more information. Signed-off-by: Nathaniel Roach <nroach44@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* packages: remove non-IPv6 dependencies and tweaksGustavo Zacarias2015-04-221-3/+2
| | | | | | | | Now that IPv6 is mandatory remove package dependencies and conditionals for it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove (non-)lfs dependencies and tweaksGustavo Zacarias2015-04-011-3/+2
| | | | | | | | Now that largefile is mandatory removes package dependencies and conditionals. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: indentation cleanupJerzy Grzegorek2015-03-311-17/+20
| | | | | | | This commit doesn't touch infra packages. Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: bump to version 9.9.7Gustavo Zacarias2015-03-032-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.9.6-P2Gustavo Zacarias2015-02-192-3/+3
| | | | | | | | | Fixes CVE-2015-1349 - Revoking a managed trust anchor and supplying an untrusted replacement could cause namedto crash with an assertion failure. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* bind: Add systemd unit file and install it to run at startup.Nathaniel Roach2015-01-122-0/+21
| | | | | | | | The unit file is taken from debian, but tested working. We'll call it named.service to match the sysV initscript. Signed-off-by: Nathaniel Roach <nroach44@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: indentation cleanupJerzy Grzegorek2014-12-301-4/+7
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: indentation cleanupJerzy Grzegorek2014-12-221-3/+3
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSThomas Petazzoni2014-12-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* bind: security bump to version 9.9.6-P1Gustavo Zacarias2014-12-092-3/+3
| | | | | | | | | Fixes CVE-2014-8500 - A flaw in delegation handling could be exploited to put named into an infinite loop, in which each lookup of a name server triggered additional lookups of more name servers. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: not available for static buildsGustavo Zacarias2014-11-283-2/+3
| | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/e27/e27111f484f72c77d2179fa1a29ea7b5271ff9fa/ While at it rename patches to new convention. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* sysv init scripts: fix == bashismAndré Erdmann2014-11-111-2/+2
| | | | | | | | | | | | | | | | | test a == b is not available in e.g. dash. Command(s) used for editing: q=\[\"\'\] operand="${q}?[$]?[a-zA-Z0-9_\?]+${q}?" ## doesn't detect ${VAR} test_expr="(\[\s+${operand}\s+)==(\s+${operand}\s+\])" find . -type f -name '[SK][0-9][0-9]*' | \ xargs sed -r -e "s@${test_expr}@\1=\2@g" -i Signed-off-by: André Erdmann <dywi@mailerd.de> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/*/*.mk: Fix indentMaxime Hadjinlian2014-11-081-1/+1
| | | | | | | | Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS as per the manual example. Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: indentation cleanupJerzy Grzegorek2014-10-261-2/+2
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/.mk files: remove --localstatedir=/var from autotools packagesJörg Krause2014-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Remove --localstatedir=/var from all autotools packages where it is no longer needed. Also remove --localstatedir=/var/lib/dhcp from package dhcp. localstatedir is used by dhcp to set the default directory for the leases files. This can also be done by setting --with-*-lease-file=/var/lib/dhcp/*, which is done in dhcp.mk. A custom --localstatedir is left in: * proftpd.mk * mysql.mk This is safe to do: One of the good thing with autoconf is that if you pass: --localstatedir=/var ... --localstatedir=/var/something Then /var/something will be used. So, we can set --localstatedir=/var by default in the infrastructure, and still have certain packages doing weird things override it. [Thanks to Thomas Petazzoni] Signed-off-by: Jörg Krause <jkrause@posteo.de> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* .mk files: bulk aligment and whitespace cleanup of assignmentsThomas De Schampheleire2014-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Buildroot coding style defines one space around make assignments and does not align the assignment symbols. This patch does a bulk fix of offending packages. The package infrastructures (or more in general assignments to calculated variable names, like $(2)_FOO) are not touched. Alignment of line continuation characters (\) is kept as-is. The sed command used to do this replacement is: find * -name "*.mk" | xargs sed -i \ -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*$#\1 \2#' -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\]\+\)$#\1 \2 \3#' -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\ \t]\+\s*\\\)\s*$#\1 \2 \3#' -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\(\s*\\\)#\1 \2\3#' Brief explanation of this command: ^\([A-Z0-9a-z_]\+\) a regular variable at the beginning of the line \([?:+]\?=\) any assignment character =, :=, ?=, += \([^\\]\+\) any string not containing a line continuation \([^\\ \t]\+\s*\\\) string, optional whitespace, followed by a line continuation character \(\s*\\\) optional whitespace, followed by a line continuation character Hence, the first subexpression handles empty assignments, the second handles regular assignments, the third handles regular assignments with line continuation, and the fourth empty assignments with line continuation. This expression was tested on following test text: (initial tab not included) FOO = spaces before FOO = spaces before and after FOO = tab before FOO = tab and spaces before FOO = tab after FOO = tab and spaces after FOO = spaces and tab after FOO = \ FOO = bar \ FOO = bar space \ FOO = \ GENIMAGE_DEPENDENCIES = host-pkgconf libconfuse FOO += spaces before FOO ?= spaces before and after FOO := FOO = FOO = FOO = FOO = $(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) -C AT91BOOTSTRAP3_DEFCONFIG = \ AXEL_DISABLE_I18N=--i18n=0 After this bulk change, following manual fixups were done: - fix line continuation alignment in cegui06 and spice (the sed expression leaves the number of whitespace between the value and line continuation character intact, but the whitespace before that could have changed, causing misalignment. - qt5base was reverted, as this package uses extensive alignment which actually makes the code more readable. Finally, the end result was manually reviewed. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Cc: Yann E. Morin <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud