LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

bind: Update to version 9.11.3 and optionally support eddsa for dnssec 

EdDSA support is optional and currently defaults to being disabled.

The following security issues are addressed with this update:

  * An error in TSIG handling could permit unauthorized zone transfers
    or zone updates. These flaws are disclosed in CVE-2017-3142 and
    CVE-2017-3143.
  * The BIND installer on Windows used an unquoted service path, which
    can enable privilege escalation. This flaw is disclosed in
    CVE-2017-3141.
  * With certain RPZ configurations, a response with TTL 0 could cause
    named to go into an infinite query loop. This flaw is disclosed in
    CVE-2017-3140.
  * Addresses could be referenced after being freed during resolver
    processing, causing an assertion failure. The chances of this
    happening were remote, but the introduction of a delay in
    resolution increased them. This bug is disclosed in CVE-2017-3145.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
lilik-openwrt-22.03
Noah Meyerhans 7 years ago
parent
996773d366
commit
037f1def7d
2 changed files with 13 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +10
    -0
      net/bind/Config.in
  2. +3
    -2
      net/bind/Makefile

+ 10
- 0
net/bind/Config.in View File

@ -34,4 +34,14 @@ config BIND_LIBXML2
format. Building with libjson support will require the
libxml2 package to be installed as well.
config BIND_ENABLE_EDDSA
bool
default n
prompt "Include Edwards Curve DNSSEC signature support"
help
Enable BIND support for Edwards Curve DNSSEC signing algorithms
described in RFC 8080.
Note that this requires OpenSSL 1.1, which is not currently
the available in OpenWRT, so it is disabled by default.
endif

+ 3
- 2
net/bind/Makefile View File

@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=bind
PKG_VERSION:=9.11.2-P1
PKG_VERSION:=9.11.3
PKG_RELEASE:=1
USERID:=bind=57:bind=57
@ -20,7 +20,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
http://ftp.isc.org/isc/bind9/$(PKG_VERSION)
PKG_HASH:=cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212
PKG_HASH:=0d9dde14b2ec7f9cdc3b69f19540c7a2e4eee7b6c727965dfae48810965876f5
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
@ -125,6 +125,7 @@ CONFIGURE_ARGS += \
--with-gost=no \
--with-gssapi=no \
--with-ecdsa=$(if $(CONFIG_OPENSSL_WITH_EC),yes,no) \
--with-eddsa=$(if $(CONFIG_BIND_ENABLE_EDDSA),yes,no) \
--with-readline=no \
--sysconfdir=/etc/bind


Write Preview
Loading…
Cancel
Save