aboutsummaryrefslogtreecommitdiffstats
path: root/main/bind
Commit message (Collapse)AuthorAgeFilesLines
* main/bind: bump pkgrelNatanael Copa2017-08-081-1/+1
| | | | bump pkgrel to avoid mismatch with caches
* Revert "main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496"Francesco Colista2017-08-072-291/+2
| | | | This reverts commit 724d3ef9cc4c309dc09e750d37ca4cb86b32df85.
* main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496Francesco Colista2017-08-072-2/+291
|
* main/bind: upgrade to 9.11.1_p2Natanael Copa2017-07-061-2/+2
|
* main/bind: security upgrade to 9.11.1_p1 (CVE-2017-3140)Natanael Copa2017-06-161-2/+2
| | | | fixes #7437
* main/bind: upgrade to 9.11.1Natanael Copa2017-06-141-3/+3
|
* main/bind: rebuild against libressl 2.5Natanael Copa2017-04-181-1/+1
|
* main/bind: security upgrade to 9.11.0_p5 - fixes #7141Sergey Lukin2017-04-141-2/+6
| | | | | | CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
* main/bind: security upgrade to 9.11.0_p3 (CVE-2017-3135)Natanael Copa2017-02-091-21/+3
| | | | fixes #6828
* main/bind: dont create homedir for bind userNatanael Copa2017-01-242-2/+2
| | | | | We dont want copy the content of /etc/skel to /etc/bind ref #6725
* main/bind: Upgrade to 9.11.0-P2.Przemyslaw Pawelczyk2017-01-171-4/+4
| | | | | | | | | | | | | | https://www.isc.org/downloads/bind/bind-9-11-new-features/ https://deepthought.isc.org/article/AA-01446/0/BIND-9.11.0-P2-Release-Notes.html https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html Release notes mention addressing issue described in: CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c but it's not present in 9.10.x, so it's not a security upgrade.
* main/bind: security upgrade to 9.10.4_p5 - fixes #6675Sergei Lukin2017-01-131-8/+15
| | | | | | CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
* main/bind: security upgrade to 9.10.4_p4 (CVE-2016-8864)Natanael Copa2016-11-021-5/+5
|
* main/bind: rebuild against libresslNatanael Copa2016-10-101-2/+2
|
* main/bind: security upgrade to 9.10.4_p3 (CVE-2016-2776)Natanael Copa2016-09-281-4/+4
| | | | fixes #6223
* main/bind: security upgrade to 9.10.4_p2 (CVE-2016-2775)Natanael Copa2016-07-251-5/+5
| | | | fixes #5951
* main/bind: rebuild with libxml2. Fixes #5711Francesco Colista2016-06-271-3/+3
|
* main/bind: upgrade to 9.10.4_p1Natanael Copa2016-05-271-5/+5
|
* main/bind: upgrade to 9.10.4Natanael Copa2016-05-161-5/+5
|
* main/[various]: bump pkgrel for pre-install fixesPrzemyslaw Pawelczyk2016-04-251-1/+1
|
* Reorder arguments passed to addgroup/adduser in scripts.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | | Now all invocations have following order of arguments (if present): addgroup -S -g ... GROUP adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
* Improve consistency of scripts using adduser/addgroup.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | | | | | | | Following rules have been applied: - script starts with shebang !#/bin/sh followed by blank line, - script ends with exit 0 prepended by blank line, - only stderr of adduser, addgroup or passwd is redirected to /dev/null, - getent passwd/group instances has been removed, - manual checking of file and group existence has been removed, - `|| true` instances has been removed. Comments and line wrapping have been preserved.
* Add -g option (GECOS/comment) to adduser in scripts.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | This way we can avoid ugly default: Linux user,,,
* Add lacking -S option (system) to adduser/addgroup in scripts.Przemyslaw Pawelczyk2016-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Groups and users created by packages shouldn't use high ids by default (unless explicitly requested), to distinguish them from groups and users created by administrators for humans. Following 41 files lacked -S next to addgroup: - community/sword/sword.pre-install - main/amavisd-new/amavisd-new.pre-install - main/chrony/chrony.pre-install - main/cvechecker/cvechecker.pre-install - main/dnsmasq/dnsmasq.pre-install - main/freeradius/freeradius.pre-install - main/gdnsd/gdnsd.pre-install - main/haproxy/haproxy.pre-install - main/haproxy/haproxy.pre-upgrade - main/kamailio/kamailio.pre-install - main/logcheck/logcheck.pre-install - main/mlmmj/mlmmj.pre-install - main/nrpe/nrpe.pre-install - main/open-vm-tools/open-vm-tools.pre-install - main/postgrey/postgrey.pre-install - main/privoxy/privoxy.pre-install - main/redis/redis.pre-install - main/samba/winbind.pre-install - main/sircbot/sircbot.pre-install - main/smokeping/smokeping.pre-install - main/squark/squark.post-install - main/squid/squid.pre-install - main/squid/squid.pre-upgrade - main/subversion/subversion.pre-install - main/trac/trac.pre-install - main/vsftpd/vsftpd.pre-install - main/zabbix/zabbix-agent.pre-install - testing/3proxy/3proxy.pre-install - testing/cluster-glue/cluster-glue.pre-install - testing/elasticsearch/elasticsearch.pre-install - testing/emby/emby.pre-install - testing/gdnsd/gdnsd.pre-install - testing/icinga2/icinga2.pre-install - testing/lusca/lusca.pre-install - testing/lusca/lusca.pre-upgrade - testing/mongodb/mongodb.pre-install - testing/openxcap/openxcap.pre-install - testing/prosody/prosody.pre-install - testing/rancid/rancid.pre-install - testing/rutorrent/rutorrent.pre-install - testing/zabbix/zabbix-agent.pre-install Following 60 files lacked -S next to adduser: - community/caddy/caddy.pre-install - community/domoticz/domoticz.pre-install - community/minetest/minetest-server.pre-install - community/oscam/oscam.pre-install - community/seafile/seafile-server.pre-install - community/syncthing/syncthing.pre-install - main/apache2/apache2.pre-install - main/aports-build/aports-build.pre-install - main/atheme-iris/atheme-iris.pre-install - main/bind/bind.pre-install - main/clamav/clamav-db.pre-install - main/clamsmtp/clamsmtp.pre-install - main/clamsmtp/clamsmtp.pre-upgrade - main/coova-chilli/coova-chilli.pre-install - main/cvechecker/cvechecker.pre-install - main/dhcp/dhcp.pre-install - main/distcc/distcc.pre-install - main/djbdns/dnscache.pre-install - main/djbdns/tinydns.pre-install - main/dovecot/dovecot.pre-install - main/ez-ipupdate/ez-ipupdate.pre-install - main/fetchmail/fetchmail.pre-install - main/freeswitch/freeswitch.pre-install - main/gitolite/gitolite.pre-install - main/gnats/gnats.pre-install - main/gross/gross.pre-install - main/icecast/icecast.pre-install - main/kamailio/kamailio.pre-install - main/lighttpd/lighttpd.pre-install - main/mariadb/mariadb.pre-install - main/memcached/memcached.pre-install - main/ngircd/ngircd.pre-install - main/nrpe/nrpe.pre-install - main/openntpd/openntpd.pre-install - main/postgrey/postgrey.pre-install - main/snort/snort.pre-install - main/squid/squid.pre-install - main/squid/squid.pre-upgrade - main/subversion/subversion.pre-install - main/trac/trac.pre-install - main/transmission/transmission-daemon.pre-install - main/ympd/ympd.pre-install - main/znc/znc.pre-install - testing/at/at.pre-install - testing/buildbot-slave/buildbot-slave.pre-install - testing/buildbot/buildbot.pre-install - testing/clapf/clapf.pre-install - testing/cluster-glue/cluster-glue.pre-install - testing/dbmail/dbmail.pre-install - testing/dspam/dspam.pre-install - testing/ejabberd/ejabberd.pre-install - testing/emby/emby.pre-install - testing/mongodb/mongodb.pre-install - testing/opensips/opensips.pre-install - testing/pdns/pdns.pre-install - testing/prosody/prosody.pre-install - testing/qpage/qpage.pre-install - testing/rrdbot/rrdbot.pre-install - testing/wt/wt.pre-install - unmaintained/ejabberd-git/ejabberd-git.pre-install
* main/bind: security upgrade to 9.10.3_p4 ↵Natanael Copa2016-03-101-5/+5
| | | | | | (CVE-2016-1285,CVE-2016-1286,CVE-2016-2088) fixes #5243
* main/bind: remove /var/log/namedKaarle Ritvanen2016-02-041-2/+1
| | | | not used by default configuration
* main/bind: security upgrade to 9.10.3_p3 (CVE-2015-8704,CVE-2015-8705)Natanael Copa2016-01-201-4/+4
|
* main/bind: security upgrade to 9.10.3_p2 (CVE-2015-8461,CVE-2015-8000)Natanael Copa2015-12-161-5/+5
| | | | fixes #4956
* main/bind: move dnssec to -tools subpackageSören Tempel2015-11-161-7/+21
|
* main/bind: upgrade to 9.10.3Natanael Copa2015-09-171-4/+4
|
* Do not delete *.la files manuallyBartłomiej Piotrowski2015-09-101-1/+0
| | | | | Since abuild v2.22.0, these are removed automatically unless 'libtool' option has been specified.
* main/bind: upgrade to 9.10.2_p4Natanael Copa2015-09-071-5/+5
|
* main/bind: user libcap for capabilitiesNatanael Copa2015-08-131-2/+2
|
* main/bind: upgrade to 9.10.2_p3Natanael Copa2015-07-291-4/+4
|
* main/bind: security upgrade to 9.10.2_p2 (CVE-2015-4620)Natanael Copa2015-07-081-5/+5
|
* main/bind: enable capsNatanael Copa2015-06-231-2/+2
| | | | | | | | | Neeed for -u option with multithread: named: -u with Linux threads not supported: no capabilities support or capabilities disabled at build time ref #4281
* main/bind: upgrade to 9.10.2_p1Natanael Copa2015-06-121-5/+5
|
* main/*: replace all sbin/runscript with sbin/openrc-runNatanael Copa2015-04-282-5/+5
|
* main/bind: upgrade to 9.10.2Natanael Copa2015-03-111-5/+5
|
* main/bind: enable threadsNatanael Copa2015-03-111-2/+2
|
* main/bind: enable filter AAAANatanael Copa2015-03-111-1/+2
| | | | ref #3955
* main/bind: upgrade to 9.10.1_p2Carlo Landmeter2015-02-231-5/+5
|
* main/bind: upgrade to 9.10.1_p1Natanael Copa2014-12-091-5/+5
|
* main/bind: rebuild against krb5-1.13Natanael Copa2014-11-101-1/+1
|
* bind: Modify default config to be more secureHugo Landau2014-10-165-64/+177
| | | | | | | | | | | | | | | | | | | | | By default BIND will happily serve as both an authoritative nameserver and recursive resolver, but this is no longer a recommended or desirable configuration. The previous default configuration did not draw attention to this fact and the issues involved. Users are now made to rename one of two sample configuration files, named.conf.authoritative or named.conf.recursive. Comments inside either file advise DNS administrators of the most prevalent security issues. This ensures that users setting up an authoritative nameserver do not unwittingly also operate a resolver. In the previous default configuration, BIND would happily perform recursive resolution for localhost, which means that the local machine may receive non-authoritative data from what is supposed to be an authoritative nameserver. Both default configurations disable zone transfers by default, as BIND defaults to enabling them for any host (!).
* main/bind: upgrade to 9.10.1Natanael Copa2014-09-231-5/+5
|
* main/bind: remove duplicate depend functionNatanael Copa2014-06-192-11/+4
|
* main/bind: upgrade to 9.10.0_p2Natanael Copa2014-06-121-4/+4
|
* main/bind: upgrade to 9.10.0_p1Natanael Copa2014-05-221-4/+4
|
* main/bind: upgrade to 9.10.0Natanael Copa2014-05-011-4/+4
|