EdDSA support is optional and currently defaults to being disabled.
The following security issues are addressed with this update:
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143.
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141.
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140.
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. This bug is disclosed in CVE-2017-3145.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
New packages:
* erlang-tools: This Erlang/OTP package provides support for misc tools.
* erlang-reltool: This Erlang/OTP package provides support for release management.
* erlang-erl-interface: This Erlang/OTP package provides support for erlang interoperability with other languages.
* erlang-os_mon: This Erlang/OTP package provides the following services:
- cpu_sup CPU load and utilization supervision
- disksup Disk supervision
- memsup Memory supervision
* erlang-xmerl: This Erlang/OTP package provides functions for exporting XML data to an external format
Signed-off-by: Arnaud Sautaux <arnaud.sautaux@infoteam.ch>
When UCI local zone is private and static, Unbound covered private
addresses with defaults. Optional delegated global IP6 prefix
protection lacked a static zone, but it was prevented from appearing
in global DNS responses. Domain names router-as-TLD, "lan." and
"local." were static, but they lacked default SOA or NS such as
Unbound had assinged to private addresses. Clean up these local
zones UCI evaluation and block global DNS inclusion.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
A few bug fixes but importantly fix a deadlock on
AXFR configuration when notify occurs (auth-zone:)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The internal nameservers and the DHCP default domain should be
squirted into /tmp/resolv.conf.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
By default bluez allows the printing subsystem to communicate
via dbus. This refers to the group lp which isn't available
on OpenWrt and makes dbus fail to start.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
crconf hasn't released any new version since 2012 or so.
And there are quite a few updates in the repo, including newer kernel
support.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>