Skip to content
Snippets Groups Projects
  1. Jan 30, 2018
  2. Jan 29, 2018
  3. Jan 24, 2018
  4. Dec 07, 2017
  5. Dec 06, 2017
  6. Nov 19, 2017
    • Philip Prindeville's avatar
      bind: version update to 9.11.2 · bc8a2ff3
      Philip Prindeville authored
      
      Also refresh patches and dependencies.
      
      Signed-off-by: default avatarPhilip Prindeville <philipp@redfish-solutions.com>
      bc8a2ff3
    • Noah Meyerhans's avatar
      bind: Update to 9.10.5-P3 · ed10cd0c
      Noah Meyerhans authored
      
      New upstream release includes fixes for the following security issues:
      
       * CVE-2017-3140: With certain RPZ configurations, a response with TTL 0 could
         cause named to go into an infinite query loop
       * CVE-2017-3142: An error in TSIG handling could permit unauthorized zone
         transfers or zone updates.
       * CVE-2017-3143: An error in TSIG handling could permit unauthorized zone
         transfers or zone updates.
      
      Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      ed10cd0c
    • Sami Olmari's avatar
      bind: Include dnssec-settime in bind-dnssec/tool · e2cd2f2b
      Sami Olmari authored
      
      <net/bind>
      
      Maintainer: @nmeyerhans
      Compile tested: x86_64, OpenWRT 50107
      Run tested: x86 / 64, OpenWRT 50107
      
      Description:
      
      Added dnssec-settime into bind-dnssec and bind-tools
      
      Signed-off-by: default avatarSami Olmari <sami+git@olmari.fi>
      e2cd2f2b
    • Noah Meyerhans's avatar
      bind: Update to bind-9.10.5 · f648f376
      Noah Meyerhans authored
      
      This change includes fixes for several security issues:
      
        * CVE-2017-3138: rndc "" could trigger an assertion failure in named.
        * CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to
          upstream queries could trigger assertion failures.
        * CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion
          failure.
        * CVE-2017-3135: If a server is configured with a response policy zone
          (RPZ) that rewrites an answer with local data, and is also configured
          for DNS64 address mapping, a NULL pointer can be read triggering a
          server crash.
        * CVE-2016-9444: named could mishandle authority sections with missing
          RRSIGs, triggering an assertion failure.
        * CVE-2016-9131: named mishandled some responses where covering RRSIG
          records were returned without the requested data, resulting in an
          assertion failure.
        * CVE-2016-9131: named incorrectly tried to cache TKEY records which could
          trigger an assertion failure when there was a class mismatch.
        * CVE-2016-8864: It was possible to trigger assertions when processing
          responses containing answers of type DNAME.
        * CVE-2016-6170: Added the ability to specify the maximum number of
          records permitted in a zone (max-records #;). This provides a mechanism
          to block overly large zone transfers, which is a potential risk with
          slave zones from other parties.
        * CVE-2016-2776: It was possible to trigger an assertion when rendering a
          message using a specially crafted request.
        * CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could
          trigger an infinite recursion bug in lwresd or named with lwres
          configured if, when combined with a search list entry from resolv.conf,
          the resulting name is too long.
      
      Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      f648f376
    • Noah Meyerhans's avatar
      bind: update to bind-9.10.4-P5 · 556c80b1
      Noah Meyerhans authored
      
      This change fixes multiple denial-of-service vulnerabilities:
       * CVE-2016-9131: A malformed response to an ANY query can cause an
         assertion failure during recursion
       * CVE-2016-9147: An error handling a query response containing
         inconsistent DNSSEC information could cause an assertion failure
       * CVE-2016-9444: An unusually-formed DS record response could cause
         an assertion failure
       * CVE-2016-9778: An error handling certain queries using the
         nxdomain-redirect feature could cause a REQUIRE assertion failure
         in db.c
      
      Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      556c80b1
    • Stijn Tintel's avatar
      bind: disable libjson support · bd048aab
      Stijn Tintel authored
      If libjson-c is detected during bind-libs configure phase, bind-libs
      will be built with libjson support. This results in a missing dependency
      error during install phase. Solve this by disabling libjson support.
      bd048aab
    • Noah Meyerhans's avatar
      bind: set sysconfdir to /etc/bind · cc6555e1
      Noah Meyerhans authored
      
      Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      cc6555e1
  7. Nov 18, 2017
  8. Nov 13, 2017
  9. Nov 12, 2017
Loading