This change fixes multiple denial-of-service vulnerabilities:
 * CVE-2016-9131: A malformed response to an ANY query can cause an
   assertion failure during recursion
 * CVE-2016-9147: An error handling a query response containing
   inconsistent DNSSEC information could cause an assertion failure
 * CVE-2016-9444: An unusually-formed DS record response could cause
   an assertion failure
 * CVE-2016-9778: An error handling certain queries using the
   nxdomain-redirect feature could cause a REQUIRE assertion failure
   in db.c

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

If libjson-c is detected during bind-libs configure phase, bind-libs
will be built with libjson support. This results in a missing dependency
error during install phase. Solve this by disabling libjson support.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

Signed-off-by: DonkZZ <donk@evhr.net>

The contents of the file "db.root" is very old (12 years).
Here's a new version downloaded from ftp://ftp.internic.net/domain/



Signed-off-by: DonkZZ <donk@evhr.net>

The variable "config_file" appears twice.

Signed-off-by: DonkZZ <donk@evhr.net>

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

[For-15.05] libsodium: Fix download url

Signed-off-by: Kishan Gondaliya <kishanpgondaliya@gmail.com>

krb5: install include properly and leave libcom_err* in place

Lighttpd for 15.05

(with feedback from @hnyman and patch additions from @MikePetullo)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

This fixes upstream regression introduced in 1.4.40. It was reported &
debugged in https://redmine.lighttpd.net/issues/2793


This fix is queued for 1.4.46 in the personal/gstrauss/master upstream
branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Update to 1.4.42 introduced a problem with starting lighttpd as
OpenWrt/LEDE service. It was stopping whole init process at sth like:
  783 root      1124 S    {S50lighttpd} /bin/sh /etc/rc.common /etc/rc.d/S50lighttpd boot
  799 root      1164 S    /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

It was hanging until getting random pool:
[  176.340007] random: nonblocking pool is initialized
and then immediately the rest of init process followed:
[  176.423475] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[  176.430754] jffs2_build_filesystem(): unlocking the mtd device... done.
[  176.437615] jffs2_build_filesystem(): erasing all blocks after the end marker... done.

This was fixed in 1.4.44, but bump directly to 1.4.45 while at it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Signed-off-by: W. Michael Petullo <mike@flyn.org>

[for-15.05] unbound: DNSSEC trust anchor roll for 2017

Carry both the 2010 and 2017 DS records until 2018.
Unbound complies with RFC5011 but fresh installs
need these anchors to get started.
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root



Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

[for-15.05] ddns-scripts: New update url for service duiadns.net

- new update url for service "duiadns.net" #3969
- updated public_suffix_list.dat

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

[for-15.05] ddns-scripts: backport of 2.7.6-12

- fix detecting local ip from ip command #3834 and https://forum.lede-project.org/t/bugs-in-ddns-scripts/1000


- updated public_suffix_list.dat
- minor fixes to services files

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

[For 15.05] ddns-scripts: Backport of current version 2.7.6-11

fix problem with detecting ip from nslookup

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

Backport of current version 2.7.6-10
- more services
- more functionality
- be prepared for next versions

compiled ipk-packages available at
https://github.com/chris5560/OpenWrt-Backports/tree/master/for-CC15.05.01/ddns-scripts_2.7.6-10



Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

net-snmp: [backport-15.05] add package snmp-mibs

this installs the default MIBS-files under /usr/share/snmp/mibs .
Also aligns the defines to the same sorting-scheme.

backport of daeb5fd5

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>

Apply adblock updates 1.5.3-1.5.4

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

Original commit messages:

adblock: update 1.5.3
* make wget check more flexible,
  fix for broken wget package installations

adblock: bugfix 1.5.4
* CC/uclient-fetch compatibility fix

libaudiofile: updated source url (v0.3.6)

Signed-off-by: Marek Sedlak <bodka.zavinac@gmail.com>

libsodium and dnscrypt-proxy url change for 15.05

Signed-off-by: W. Michael Petullo <mike@flyn.org>

Signed-off-by: Stephan Conrad <stephan@conrad.pics>

Signed-off-by: Stephan Conrad <stephan@conrad.pics>

CC15.05 ruby: bump to 2.2.6

[for 15.05] python: backport version 2.7.12 to CC