Skip to content
Snippets Groups Projects
Select Git revision
  • devel default protected
  • pam
  • release-7.3 protected
  • release-7.4.2 protected
  • genxos-12
  • support-radius-ssh
  • roman-7.4.0a2-shsw-perl-noparallel
  • release-6.5 protected
  • iptv
  • nss
  • snmp
  • firewallmngr_uci
  • nw_firewallmngr
  • rt_fail2ban
  • agnau-nginx-lto
  • sshd_maxretries
  • release-7.4.0alpha2-shsw protected
  • rtsp_puse_res_timeout
  • rtsp_70_fix
  • platform-openwrt-23.05.1
  • v14.07
21 results
Search by author
  • Any Author
  • Amin Ben Romdhane Amin Ben Romdhane amin.benromdhane
  • Andreas Gnau Andreas Gnau AGnau
  • Anjan Chanda Anjan Chanda anjancx
  • Balalakshmi Arunachalam Rajendran Balalakshmi Arunachalam Rajendran arbala
  • Benjamin Larsson Benjamin Larsson benjamin
  • Dariusz Iwanoczko Dariusz Iwanoczko dariusz.iwanoczko
  • Divya Chandrasekaran Divya Chandrasekaran divya.c
  • Elena Vengerova Elena Vengerova helen
  • Erik Karlsson Erik Karlsson erik.karlsson
  • Filip Matusiak Filip Matusiak filmat
  • Fredrik Östling Fredrik Östling fredrik.ostling
  • George Yang George Yang gyang
  • Gouri Natarajan Gouri Natarajan gouri.natarajan
  • Grzegorz Sluja Grzegorz Sluja slujagrz
  • Hope Błaszkowska Hope Błaszkowska jakub.blaszk
  • IOPSYS DevOps Bot IOPSYS DevOps Bot devops_robot
  • Jakob Olsson Jakob Olsson jakob
  • Janusz Dziedzic Janusz Dziedzic janusz
  • Jenkins Inteno Jenkins Inteno jenkins
  • Jerome Rogon Jerome Rogon jerome.rogon
20 authors
  1. Jan 30, 2018
  3. Jan 29, 2018
  5. Jan 24, 2018
  7. Dec 07, 2017
  9. Dec 06, 2017
  11. Nov 19, 2017
    • Philip Prindeville's avatar
      bind: version update to 9.11.2 · bc8a2ff3
      Philip Prindeville authored 
      
Also refresh patches and dependencies.

Signed-off-by: default avatarPhilip Prindeville <philipp@redfish-solutions.com>
      bc8a2ff3
    • Noah Meyerhans's avatar
      bind: Update to 9.10.5-P3 · ed10cd0c
      Noah Meyerhans authored 
      
New upstream release includes fixes for the following security issues:

 * CVE-2017-3140: With certain RPZ configurations, a response with TTL 0 could
   cause named to go into an infinite query loop
 * CVE-2017-3142: An error in TSIG handling could permit unauthorized zone
   transfers or zone updates.
 * CVE-2017-3143: An error in TSIG handling could permit unauthorized zone
   transfers or zone updates.

Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      ed10cd0c
    • Sami Olmari's avatar
      bind: Include dnssec-settime in bind-dnssec/tool · e2cd2f2b
      Sami Olmari authored 
      
<net/bind>

Maintainer: @nmeyerhans
Compile tested: x86_64, OpenWRT 50107
Run tested: x86 / 64, OpenWRT 50107

Description:

Added dnssec-settime into bind-dnssec and bind-tools

Signed-off-by: default avatarSami Olmari <sami+git@olmari.fi>
      e2cd2f2b
    • Noah Meyerhans's avatar
      bind: Update to bind-9.10.5 · f648f376
      Noah Meyerhans authored 
      
This change includes fixes for several security issues:

  * CVE-2017-3138: rndc "" could trigger an assertion failure in named.
  * CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to
    upstream queries could trigger assertion failures.
  * CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion
    failure.
  * CVE-2017-3135: If a server is configured with a response policy zone
    (RPZ) that rewrites an answer with local data, and is also configured
    for DNS64 address mapping, a NULL pointer can be read triggering a
    server crash.
  * CVE-2016-9444: named could mishandle authority sections with missing
    RRSIGs, triggering an assertion failure.
  * CVE-2016-9131: named mishandled some responses where covering RRSIG
    records were returned without the requested data, resulting in an
    assertion failure.
  * CVE-2016-9131: named incorrectly tried to cache TKEY records which could
    trigger an assertion failure when there was a class mismatch.
  * CVE-2016-8864: It was possible to trigger assertions when processing
    responses containing answers of type DNAME.
  * CVE-2016-6170: Added the ability to specify the maximum number of
    records permitted in a zone (max-records #;). This provides a mechanism
    to block overly large zone transfers, which is a potential risk with
    slave zones from other parties.
  * CVE-2016-2776: It was possible to trigger an assertion when rendering a
    message using a specially crafted request.
  * CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could
    trigger an infinite recursion bug in lwresd or named with lwres
    configured if, when combined with a search list entry from resolv.conf,
    the resulting name is too long.

Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      f648f376
    • Noah Meyerhans's avatar
      bind: update to bind-9.10.4-P5 · 556c80b1
      Noah Meyerhans authored 
      
This change fixes multiple denial-of-service vulnerabilities:
 * CVE-2016-9131: A malformed response to an ANY query can cause an
   assertion failure during recursion
 * CVE-2016-9147: An error handling a query response containing
   inconsistent DNSSEC information could cause an assertion failure
 * CVE-2016-9444: An unusually-formed DS record response could cause
   an assertion failure
 * CVE-2016-9778: An error handling certain queries using the
   nxdomain-redirect feature could cause a REQUIRE assertion failure
   in db.c

Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      556c80b1
    • Stijn Tintel's avatar
      bind: disable libjson support · bd048aab
      Stijn Tintel authored 
      If libjson-c is detected during bind-libs configure phase, bind-libs
will be built with libjson support. This results in a missing dependency
error during install phase. Solve this by disabling libjson support.
      bd048aab
    • Noah Meyerhans's avatar
      bind: set sysconfdir to /etc/bind · cc6555e1
      Noah Meyerhans authored 
      
Signed-off-by: default avatarNoah Meyerhans <frodo@morgul.net>
      cc6555e1
  13. Nov 18, 2017
  15. Nov 13, 2017
  17. Nov 12, 2017