EdDSA support is optional and currently defaults to being disabled.
The following security issues are addressed with this update:
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143.
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141.
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140.
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. This bug is disclosed in CVE-2017-3145.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Here was the first error I got:
xstrtol-error.c:84:26: error: invalid use of undefined type 'struct
rpl_option'
More information on this error here:
https://www.mail-archive.com/clfs-support@lists.clfs.org/msg00297.html
I'm not sure if this is an issue in my build environment, but I believe
this is the proper fix because gzip and zile use the same option:
./utils/gzip/Makefile: gl_cv_func_getopt_gnu=yes \
./utils/zile/Makefile: gl_cv_func_getopt_gnu=yes \
This commit is mostly a reformat/sign-off of previous work by Dirk
Morris <dmorris@untangle.com>
Signed-off-by: Sébastien Delafond <sdelafond@gmail.com>
New packages:
* erlang-tools: This Erlang/OTP package provides support for misc tools.
* erlang-reltool: This Erlang/OTP package provides support for release management.
* erlang-erl-interface: This Erlang/OTP package provides support for erlang interoperability with other languages.
* erlang-os_mon: This Erlang/OTP package provides the following services:
- cpu_sup CPU load and utilization supervision
- disksup Disk supervision
- memsup Memory supervision
* erlang-xmerl: This Erlang/OTP package provides functions for exporting XML data to an external format
Signed-off-by: Arnaud Sautaux <arnaud.sautaux@infoteam.ch>
When UCI local zone is private and static, Unbound covered private
addresses with defaults. Optional delegated global IP6 prefix
protection lacked a static zone, but it was prevented from appearing
in global DNS responses. Domain names router-as-TLD, "lan." and
"local." were static, but they lacked default SOA or NS such as
Unbound had assinged to private addresses. Clean up these local
zones UCI evaluation and block global DNS inclusion.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
A few bug fixes but importantly fix a deadlock on
AXFR configuration when notify occurs (auth-zone:)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The internal nameservers and the DHCP default domain should be
squirted into /tmp/resolv.conf.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
By default bluez allows the printing subsystem to communicate
via dbus. This refers to the group lp which isn't available
on OpenWrt and makes dbus fail to start.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
crconf hasn't released any new version since 2012 or so.
And there are quite a few updates in the repo, including newer kernel
support.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
It's been quite a long time since there was a release, and this one
includes quite a bit of fixes/updates.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Jianhui Zhao
Noah Meyerhans
Rosen Penev
Eneas U de Queiroz
Hannu Nyman
Sébastien Delafond
Arnaud Sautaux
Marko Ratkaj
Eric Luehrsen
Philip Prindeville
Thomas Heil
Yousong Zhou
Daniel Engberg
Ansuel Smith
Ted Hess
Alexandru Ardelean