| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
* Add "--disable-isc-spnego" to use gss-spnego instead.
fixes #9462
|
| |
|
| |
|
|
|
|
|
|
| |
* Enable DLZ (Dynamically Loadable Zones) support with file system, ldap, stub backends
* Enable GSSAPI/Kerberos support
* Re-arrange configure options
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
bump pkgrel to avoid mismatch with caches
|
|
|
|
| |
This reverts commit 724d3ef9cc4c309dc09e750d37ca4cb86b32df85.
|
| |
|
| |
|
|
|
|
| |
fixes #7437
|
| |
|
| |
|
|
|
|
|
|
| |
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
|
|
|
|
| |
fixes #6828
|
|
|
|
|
| |
We dont want copy the content of /etc/skel to /etc/bind
ref #6725
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.isc.org/downloads/bind/bind-9-11-new-features/
https://deepthought.isc.org/article/AA-01446/0/BIND-9.11.0-P2-Release-Notes.html
https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html
Release notes mention addressing issue described in:
CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion
failure in db.c
but it's not present in 9.10.x, so it's not a security upgrade.
|
|
|
|
|
|
| |
CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
|
| |
|
| |
|
|
|
|
| |
fixes #6223
|
|
|
|
| |
fixes #5951
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Now all invocations have following order of arguments (if present):
addgroup -S -g ... GROUP
adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
|
|
|
|
|
|
| |
This way we can avoid ugly default:
Linux user,,,
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Groups and users created by packages shouldn't use high ids by default
(unless explicitly requested), to distinguish them from groups and users
created by administrators for humans.
Following 41 files lacked -S next to addgroup:
- community/sword/sword.pre-install
- main/amavisd-new/amavisd-new.pre-install
- main/chrony/chrony.pre-install
- main/cvechecker/cvechecker.pre-install
- main/dnsmasq/dnsmasq.pre-install
- main/freeradius/freeradius.pre-install
- main/gdnsd/gdnsd.pre-install
- main/haproxy/haproxy.pre-install
- main/haproxy/haproxy.pre-upgrade
- main/kamailio/kamailio.pre-install
- main/logcheck/logcheck.pre-install
- main/mlmmj/mlmmj.pre-install
- main/nrpe/nrpe.pre-install
- main/open-vm-tools/open-vm-tools.pre-install
- main/postgrey/postgrey.pre-install
- main/privoxy/privoxy.pre-install
- main/redis/redis.pre-install
- main/samba/winbind.pre-install
- main/sircbot/sircbot.pre-install
- main/smokeping/smokeping.pre-install
- main/squark/squark.post-install
- main/squid/squid.pre-install
- main/squid/squid.pre-upgrade
- main/subversion/subversion.pre-install
- main/trac/trac.pre-install
- main/vsftpd/vsftpd.pre-install
- main/zabbix/zabbix-agent.pre-install
- testing/3proxy/3proxy.pre-install
- testing/cluster-glue/cluster-glue.pre-install
- testing/elasticsearch/elasticsearch.pre-install
- testing/emby/emby.pre-install
- testing/gdnsd/gdnsd.pre-install
- testing/icinga2/icinga2.pre-install
- testing/lusca/lusca.pre-install
- testing/lusca/lusca.pre-upgrade
- testing/mongodb/mongodb.pre-install
- testing/openxcap/openxcap.pre-install
- testing/prosody/prosody.pre-install
- testing/rancid/rancid.pre-install
- testing/rutorrent/rutorrent.pre-install
- testing/zabbix/zabbix-agent.pre-install
Following 60 files lacked -S next to adduser:
- community/caddy/caddy.pre-install
- community/domoticz/domoticz.pre-install
- community/minetest/minetest-server.pre-install
- community/oscam/oscam.pre-install
- community/seafile/seafile-server.pre-install
- community/syncthing/syncthing.pre-install
- main/apache2/apache2.pre-install
- main/aports-build/aports-build.pre-install
- main/atheme-iris/atheme-iris.pre-install
- main/bind/bind.pre-install
- main/clamav/clamav-db.pre-install
- main/clamsmtp/clamsmtp.pre-install
- main/clamsmtp/clamsmtp.pre-upgrade
- main/coova-chilli/coova-chilli.pre-install
- main/cvechecker/cvechecker.pre-install
- main/dhcp/dhcp.pre-install
- main/distcc/distcc.pre-install
- main/djbdns/dnscache.pre-install
- main/djbdns/tinydns.pre-install
- main/dovecot/dovecot.pre-install
- main/ez-ipupdate/ez-ipupdate.pre-install
- main/fetchmail/fetchmail.pre-install
- main/freeswitch/freeswitch.pre-install
- main/gitolite/gitolite.pre-install
- main/gnats/gnats.pre-install
- main/gross/gross.pre-install
- main/icecast/icecast.pre-install
- main/kamailio/kamailio.pre-install
- main/lighttpd/lighttpd.pre-install
- main/mariadb/mariadb.pre-install
- main/memcached/memcached.pre-install
- main/ngircd/ngircd.pre-install
- main/nrpe/nrpe.pre-install
- main/openntpd/openntpd.pre-install
- main/postgrey/postgrey.pre-install
- main/snort/snort.pre-install
- main/squid/squid.pre-install
- main/squid/squid.pre-upgrade
- main/subversion/subversion.pre-install
- main/trac/trac.pre-install
- main/transmission/transmission-daemon.pre-install
- main/ympd/ympd.pre-install
- main/znc/znc.pre-install
- testing/at/at.pre-install
- testing/buildbot-slave/buildbot-slave.pre-install
- testing/buildbot/buildbot.pre-install
- testing/clapf/clapf.pre-install
- testing/cluster-glue/cluster-glue.pre-install
- testing/dbmail/dbmail.pre-install
- testing/dspam/dspam.pre-install
- testing/ejabberd/ejabberd.pre-install
- testing/emby/emby.pre-install
- testing/mongodb/mongodb.pre-install
- testing/opensips/opensips.pre-install
- testing/pdns/pdns.pre-install
- testing/prosody/prosody.pre-install
- testing/qpage/qpage.pre-install
- testing/rrdbot/rrdbot.pre-install
- testing/wt/wt.pre-install
- unmaintained/ejabberd-git/ejabberd-git.pre-install
|
|
|
|
|
|
| |
(CVE-2016-1285,CVE-2016-1286,CVE-2016-2088)
fixes #5243
|
|
|
|
| |
not used by default configuration
|
| |
|
|
|
|
| |
fixes #4956
|
| |
|
| |
|
|
|
|
|
| |
Since abuild v2.22.0, these are removed automatically unless 'libtool'
option has been specified.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Neeed for -u option with multithread:
named: -u with Linux threads not supported: no capabilities support or
capabilities disabled at build time
ref #4281
|