aboutsummaryrefslogtreecommitdiffstats
path: root/main/bind
Commit message (Collapse)AuthorAgeFilesLines
* main/bind: upgrade to 9.11.8 (CVE-2019-6471)Kevin Daudt2019-06-232-137/+5
| | | | | Replace-atomic-operations.patch was an upstream patch that is now included in the release.
* main/bind: make sure all patches are appliedNatanael Copa2019-05-033-36/+34
| | | | This fixes builds on non-x86
* main/bind: security upgrade to 9.11.6_p1 (CVE-2018-5743,CVE-2019-6467)Natanael Copa2019-05-032-6/+174
| | | | | | | | | | | | | | | | | This release introduced 3 new tools with python dependency (dnssec-checkdns, dnssec-coverage and dnssec-keymgr). Move those tools to a subpackage, bind-dnssec-tools, to avoid unexpectedly pull in python as dependency for stable upgraders. There are other tools in bind-tools that belongs to bind-dnssec-tools, but we dont move those in a stable branch to avoid breaking things for current users. Include patch to fix build on non-x86: https://gitlab.isc.org/isc-projects/bind9/commit/d72f436b7d7c697b262968c48c2d7643069ab17f https://lists.isc.org/pipermail/bind-users/2019-April/101673.html fixes #10370
* main/bind: security upgrade to 9.11.5_p4tcely2019-04-121-3/+8
| | | | | | | | | | | | | | | | | | https://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html - CVE-2019-6465 - CVE-2018-5745 - CVE-2018-5744 - CVE-2018-5740 - CVE-2018-5738 Fixes #10168 With the release of BIND 9.11.0, ISC changed to the open source license for BIND from the ISC license to the Mozilla Public License (MPL 2.0). BIND 9.11 (Extended Support Version) will be supported until at least December, 2021.
* main/bind: security upgrade to 9.12.3 (CVE-2018-5741)Natanael Copa2018-11-291-2/+4
| | | | fixes #9464
* main/bind: security upgrade to 9.11.4_p1 (CVE-2018-5740)Natanael Copa2018-09-101-2/+4
| | | | fixes #9359
* main/bind: security upgrade to 9.11.3Jakub Jirutka2018-05-241-2/+8
|
* main/bind: Upgrade to 9.11.2-P1tcely2018-02-061-3/+5
| | | | (cherry picked from commit b3fd1eb4e8e0f578e1fbaf76d9903a9012274dee)
* main/bind: rebuild against libressl-2.6Natanael Copa2017-11-091-1/+1
|
* main/bind: upgrade to 9.11.2Natanael Copa2017-10-311-3/+3
|
* main/bind: bump pkgrelNatanael Copa2017-08-081-1/+1
| | | | bump pkgrel to avoid mismatch with caches
* Revert "main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496"Francesco Colista2017-08-072-291/+2
| | | | This reverts commit 724d3ef9cc4c309dc09e750d37ca4cb86b32df85.
* main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496Francesco Colista2017-08-072-2/+291
|
* main/bind: upgrade to 9.11.1_p2Natanael Copa2017-07-061-2/+2
|
* main/bind: security upgrade to 9.11.1_p1 (CVE-2017-3140)Natanael Copa2017-06-161-2/+2
| | | | fixes #7437
* main/bind: upgrade to 9.11.1Natanael Copa2017-06-141-3/+3
|
* main/bind: rebuild against libressl 2.5Natanael Copa2017-04-181-1/+1
|
* main/bind: security upgrade to 9.11.0_p5 - fixes #7141Sergey Lukin2017-04-141-2/+6
| | | | | | CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
* main/bind: security upgrade to 9.11.0_p3 (CVE-2017-3135)Natanael Copa2017-02-091-21/+3
| | | | fixes #6828
* main/bind: dont create homedir for bind userNatanael Copa2017-01-242-2/+2
| | | | | We dont want copy the content of /etc/skel to /etc/bind ref #6725
* main/bind: Upgrade to 9.11.0-P2.Przemyslaw Pawelczyk2017-01-171-4/+4
| | | | | | | | | | | | | | https://www.isc.org/downloads/bind/bind-9-11-new-features/ https://deepthought.isc.org/article/AA-01446/0/BIND-9.11.0-P2-Release-Notes.html https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html Release notes mention addressing issue described in: CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c but it's not present in 9.10.x, so it's not a security upgrade.
* main/bind: security upgrade to 9.10.4_p5 - fixes #6675Sergei Lukin2017-01-131-8/+15
| | | | | | CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
* main/bind: security upgrade to 9.10.4_p4 (CVE-2016-8864)Natanael Copa2016-11-021-5/+5
|
* main/bind: rebuild against libresslNatanael Copa2016-10-101-2/+2
|
* main/bind: security upgrade to 9.10.4_p3 (CVE-2016-2776)Natanael Copa2016-09-281-4/+4
| | | | fixes #6223
* main/bind: security upgrade to 9.10.4_p2 (CVE-2016-2775)Natanael Copa2016-07-251-5/+5
| | | | fixes #5951
* main/bind: rebuild with libxml2. Fixes #5711Francesco Colista2016-06-271-3/+3
|
* main/bind: upgrade to 9.10.4_p1Natanael Copa2016-05-271-5/+5
|
* main/bind: upgrade to 9.10.4Natanael Copa2016-05-161-5/+5
|
* main/[various]: bump pkgrel for pre-install fixesPrzemyslaw Pawelczyk2016-04-251-1/+1
|
* Reorder arguments passed to addgroup/adduser in scripts.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | | Now all invocations have following order of arguments (if present): addgroup -S -g ... GROUP adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
* Improve consistency of scripts using adduser/addgroup.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | | | | | | | Following rules have been applied: - script starts with shebang !#/bin/sh followed by blank line, - script ends with exit 0 prepended by blank line, - only stderr of adduser, addgroup or passwd is redirected to /dev/null, - getent passwd/group instances has been removed, - manual checking of file and group existence has been removed, - `|| true` instances has been removed. Comments and line wrapping have been preserved.
* Add -g option (GECOS/comment) to adduser in scripts.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | This way we can avoid ugly default: Linux user,,,
* Add lacking -S option (system) to adduser/addgroup in scripts.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Groups and users created by packages shouldn't use high ids by default (unless explicitly requested), to distinguish them from groups and users created by administrators for humans. Following 41 files lacked -S next to addgroup: - community/sword/sword.pre-install - main/amavisd-new/amavisd-new.pre-install - main/chrony/chrony.pre-install - main/cvechecker/cvechecker.pre-install - main/dnsmasq/dnsmasq.pre-install - main/freeradius/freeradius.pre-install - main/gdnsd/gdnsd.pre-install - main/haproxy/haproxy.pre-install - main/haproxy/haproxy.pre-upgrade - main/kamailio/kamailio.pre-install - main/logcheck/logcheck.pre-install - main/mlmmj/mlmmj.pre-install - main/nrpe/nrpe.pre-install - main/open-vm-tools/open-vm-tools.pre-install - main/postgrey/postgrey.pre-install - main/privoxy/privoxy.pre-install - main/redis/redis.pre-install - main/samba/winbind.pre-install - main/sircbot/sircbot.pre-install - main/smokeping/smokeping.pre-install - main/squark/squark.post-install - main/squid/squid.pre-install - main/squid/squid.pre-upgrade - main/subversion/subversion.pre-install - main/trac/trac.pre-install - main/vsftpd/vsftpd.pre-install - main/zabbix/zabbix-agent.pre-install - testing/3proxy/3proxy.pre-install - testing/cluster-glue/cluster-glue.pre-install - testing/elasticsearch/elasticsearch.pre-install - testing/emby/emby.pre-install - testing/gdnsd/gdnsd.pre-install - testing/icinga2/icinga2.pre-install - testing/lusca/lusca.pre-install - testing/lusca/lusca.pre-upgrade - testing/mongodb/mongodb.pre-install - testing/openxcap/openxcap.pre-install - testing/prosody/prosody.pre-install - testing/rancid/rancid.pre-install - testing/rutorrent/rutorrent.pre-install - testing/zabbix/zabbix-agent.pre-install Following 60 files lacked -S next to adduser: - community/caddy/caddy.pre-install - community/domoticz/domoticz.pre-install - community/minetest/minetest-server.pre-install - community/oscam/oscam.pre-install - community/seafile/seafile-server.pre-install - community/syncthing/syncthing.pre-install - main/apache2/apache2.pre-install - main/aports-build/aports-build.pre-install - main/atheme-iris/atheme-iris.pre-install - main/bind/bind.pre-install - main/clamav/clamav-db.pre-install - main/clamsmtp/clamsmtp.pre-install - main/clamsmtp/clamsmtp.pre-upgrade - main/coova-chilli/coova-chilli.pre-install - main/cvechecker/cvechecker.pre-install - main/dhcp/dhcp.pre-install - main/distcc/distcc.pre-install - main/djbdns/dnscache.pre-install - main/djbdns/tinydns.pre-install - main/dovecot/dovecot.pre-install - main/ez-ipupdate/ez-ipupdate.pre-install - main/fetchmail/fetchmail.pre-install - main/freeswitch/freeswitch.pre-install - main/gitolite/gitolite.pre-install - main/gnats/gnats.pre-install - main/gross/gross.pre-install - main/icecast/icecast.pre-install - main/kamailio/kamailio.pre-install - main/lighttpd/lighttpd.pre-install - main/mariadb/mariadb.pre-install - main/memcached/memcached.pre-install - main/ngircd/ngircd.pre-install - main/nrpe/nrpe.pre-install - main/openntpd/openntpd.pre-install - main/postgrey/postgrey.pre-install - main/snort/snort.pre-install - main/squid/squid.pre-install - main/squid/squid.pre-upgrade - main/subversion/subversion.pre-install - main/trac/trac.pre-install - main/transmission/transmission-daemon.pre-install - main/ympd/ympd.pre-install - main/znc/znc.pre-install - testing/at/at.pre-install - testing/buildbot-slave/buildbot-slave.pre-install - testing/buildbot/buildbot.pre-install - testing/clapf/clapf.pre-install - testing/cluster-glue/cluster-glue.pre-install - testing/dbmail/dbmail.pre-install - testing/dspam/dspam.pre-install - testing/ejabberd/ejabberd.pre-install - testing/emby/emby.pre-install - testing/mongodb/mongodb.pre-install - testing/opensips/opensips.pre-install - testing/pdns/pdns.pre-install - testing/prosody/prosody.pre-install - testing/qpage/qpage.pre-install - testing/rrdbot/rrdbot.pre-install - testing/wt/wt.pre-install - unmaintained/ejabberd-git/ejabberd-git.pre-install
* main/bind: security upgrade to 9.10.3_p4 ↵Natanael Copa2016-03-101-5/+5
| | | | | | (CVE-2016-1285,CVE-2016-1286,CVE-2016-2088) fixes #5243
* main/bind: remove /var/log/namedKaarle Ritvanen2016-02-041-2/+1
| | | | not used by default configuration
* main/bind: security upgrade to 9.10.3_p3 (CVE-2015-8704,CVE-2015-8705)Natanael Copa2016-01-201-4/+4
|
* main/bind: security upgrade to 9.10.3_p2 (CVE-2015-8461,CVE-2015-8000)Natanael Copa2015-12-161-5/+5
| | | | fixes #4956
* main/bind: move dnssec to -tools subpackageSören Tempel2015-11-161-7/+21
|
* main/bind: upgrade to 9.10.3Natanael Copa2015-09-171-4/+4
|
* Do not delete *.la files manuallyBartłomiej Piotrowski2015-09-101-1/+0
| | | | | Since abuild v2.22.0, these are removed automatically unless 'libtool' option has been specified.
* main/bind: upgrade to 9.10.2_p4Natanael Copa2015-09-071-5/+5
|
* main/bind: user libcap for capabilitiesNatanael Copa2015-08-131-2/+2
|
* main/bind: upgrade to 9.10.2_p3Natanael Copa2015-07-291-4/+4
|
* main/bind: security upgrade to 9.10.2_p2 (CVE-2015-4620)Natanael Copa2015-07-081-5/+5
|
* main/bind: enable capsNatanael Copa2015-06-231-2/+2
| | | | | | | | | Neeed for -u option with multithread: named: -u with Linux threads not supported: no capabilities support or capabilities disabled at build time ref #4281
* main/bind: upgrade to 9.10.2_p1Natanael Copa2015-06-121-5/+5
|
* main/*: replace all sbin/runscript with sbin/openrc-runNatanael Copa2015-04-282-5/+5
|
* main/bind: upgrade to 9.10.2Natanael Copa2015-03-111-5/+5
|
* main/bind: enable threadsNatanael Copa2015-03-111-2/+2
|