| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
fixes #6828
|
|
|
|
|
| |
We dont want copy the content of /etc/skel to /etc/bind
ref #6725
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.isc.org/downloads/bind/bind-9-11-new-features/
https://deepthought.isc.org/article/AA-01446/0/BIND-9.11.0-P2-Release-Notes.html
https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html
Release notes mention addressing issue described in:
CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion
failure in db.c
but it's not present in 9.10.x, so it's not a security upgrade.
|
|
|
|
|
|
| |
CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
|
| |
|
| |
|
|
|
|
| |
fixes #6223
|
|
|
|
| |
fixes #5951
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Now all invocations have following order of arguments (if present):
addgroup -S -g ... GROUP
adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
|
|
|
|
|
|
| |
This way we can avoid ugly default:
Linux user,,,
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Groups and users created by packages shouldn't use high ids by default
(unless explicitly requested), to distinguish them from groups and users
created by administrators for humans.
Following 41 files lacked -S next to addgroup:
- community/sword/sword.pre-install
- main/amavisd-new/amavisd-new.pre-install
- main/chrony/chrony.pre-install
- main/cvechecker/cvechecker.pre-install
- main/dnsmasq/dnsmasq.pre-install
- main/freeradius/freeradius.pre-install
- main/gdnsd/gdnsd.pre-install
- main/haproxy/haproxy.pre-install
- main/haproxy/haproxy.pre-upgrade
- main/kamailio/kamailio.pre-install
- main/logcheck/logcheck.pre-install
- main/mlmmj/mlmmj.pre-install
- main/nrpe/nrpe.pre-install
- main/open-vm-tools/open-vm-tools.pre-install
- main/postgrey/postgrey.pre-install
- main/privoxy/privoxy.pre-install
- main/redis/redis.pre-install
- main/samba/winbind.pre-install
- main/sircbot/sircbot.pre-install
- main/smokeping/smokeping.pre-install
- main/squark/squark.post-install
- main/squid/squid.pre-install
- main/squid/squid.pre-upgrade
- main/subversion/subversion.pre-install
- main/trac/trac.pre-install
- main/vsftpd/vsftpd.pre-install
- main/zabbix/zabbix-agent.pre-install
- testing/3proxy/3proxy.pre-install
- testing/cluster-glue/cluster-glue.pre-install
- testing/elasticsearch/elasticsearch.pre-install
- testing/emby/emby.pre-install
- testing/gdnsd/gdnsd.pre-install
- testing/icinga2/icinga2.pre-install
- testing/lusca/lusca.pre-install
- testing/lusca/lusca.pre-upgrade
- testing/mongodb/mongodb.pre-install
- testing/openxcap/openxcap.pre-install
- testing/prosody/prosody.pre-install
- testing/rancid/rancid.pre-install
- testing/rutorrent/rutorrent.pre-install
- testing/zabbix/zabbix-agent.pre-install
Following 60 files lacked -S next to adduser:
- community/caddy/caddy.pre-install
- community/domoticz/domoticz.pre-install
- community/minetest/minetest-server.pre-install
- community/oscam/oscam.pre-install
- community/seafile/seafile-server.pre-install
- community/syncthing/syncthing.pre-install
- main/apache2/apache2.pre-install
- main/aports-build/aports-build.pre-install
- main/atheme-iris/atheme-iris.pre-install
- main/bind/bind.pre-install
- main/clamav/clamav-db.pre-install
- main/clamsmtp/clamsmtp.pre-install
- main/clamsmtp/clamsmtp.pre-upgrade
- main/coova-chilli/coova-chilli.pre-install
- main/cvechecker/cvechecker.pre-install
- main/dhcp/dhcp.pre-install
- main/distcc/distcc.pre-install
- main/djbdns/dnscache.pre-install
- main/djbdns/tinydns.pre-install
- main/dovecot/dovecot.pre-install
- main/ez-ipupdate/ez-ipupdate.pre-install
- main/fetchmail/fetchmail.pre-install
- main/freeswitch/freeswitch.pre-install
- main/gitolite/gitolite.pre-install
- main/gnats/gnats.pre-install
- main/gross/gross.pre-install
- main/icecast/icecast.pre-install
- main/kamailio/kamailio.pre-install
- main/lighttpd/lighttpd.pre-install
- main/mariadb/mariadb.pre-install
- main/memcached/memcached.pre-install
- main/ngircd/ngircd.pre-install
- main/nrpe/nrpe.pre-install
- main/openntpd/openntpd.pre-install
- main/postgrey/postgrey.pre-install
- main/snort/snort.pre-install
- main/squid/squid.pre-install
- main/squid/squid.pre-upgrade
- main/subversion/subversion.pre-install
- main/trac/trac.pre-install
- main/transmission/transmission-daemon.pre-install
- main/ympd/ympd.pre-install
- main/znc/znc.pre-install
- testing/at/at.pre-install
- testing/buildbot-slave/buildbot-slave.pre-install
- testing/buildbot/buildbot.pre-install
- testing/clapf/clapf.pre-install
- testing/cluster-glue/cluster-glue.pre-install
- testing/dbmail/dbmail.pre-install
- testing/dspam/dspam.pre-install
- testing/ejabberd/ejabberd.pre-install
- testing/emby/emby.pre-install
- testing/mongodb/mongodb.pre-install
- testing/opensips/opensips.pre-install
- testing/pdns/pdns.pre-install
- testing/prosody/prosody.pre-install
- testing/qpage/qpage.pre-install
- testing/rrdbot/rrdbot.pre-install
- testing/wt/wt.pre-install
- unmaintained/ejabberd-git/ejabberd-git.pre-install
|
|
|
|
|
|
| |
(CVE-2016-1285,CVE-2016-1286,CVE-2016-2088)
fixes #5243
|
|
|
|
| |
not used by default configuration
|
| |
|
|
|
|
| |
fixes #4956
|
| |
|
| |
|
|
|
|
|
| |
Since abuild v2.22.0, these are removed automatically unless 'libtool'
option has been specified.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Neeed for -u option with multithread:
named: -u with Linux threads not supported: no capabilities support or
capabilities disabled at build time
ref #4281
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ref #3955
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default BIND will happily serve as both an authoritative nameserver
and recursive resolver, but this is no longer a recommended or desirable
configuration. The previous default configuration did not draw attention
to this fact and the issues involved.
Users are now made to rename one of two sample configuration files,
named.conf.authoritative or named.conf.recursive. Comments inside either
file advise DNS administrators of the most prevalent security issues.
This ensures that users setting up an authoritative nameserver do not
unwittingly also operate a resolver. In the previous default
configuration, BIND would happily perform recursive resolution for
localhost, which means that the local machine may receive
non-authoritative data from what is supposed to be an authoritative
nameserver.
Both default configurations disable zone transfers by default, as BIND
defaults to enabling them for any host (!).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ref #2604
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|