| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a denial of service in BIND.
An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.
[YOCTO #8838]
References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581
(From OE-Core rev: c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
three security fixes.
(From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272
(From OE-Core rev: 18a01db3f2430095a4e6966aed5afd738dbc112e)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: a6ee74222b43d0bb7fe9ef0072ede78f82a5e446)
(From OE-Core rev: 43cf6cd3b282226ce379a03a0d1fd5670c303648)
Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce]
[YOCTO #7098]
External References:
===================
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
(From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96)
(From OE-Core rev: 10128cd331af0c4378cac4fbac80a7cd11869bd3)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use /etc/default/bind9 as the environment file in named.service.
(From OE-Core rev: 0ee1fa68a4d749585c43fc706c8da6e849d10857)
(From OE-Core rev: 3de15ae4cc8a561859e6761ab6e6b8c45eaad646)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We refer what ubuntu/redhat did, gave bind a user/group
Here is the example in ubuntu 14.04:
$ ps -eo user,group,cmd | grep "named"
...
bind bind /usr/sbin/named -u bind
...
$vim bind9_1%3a9.9.5.dfsg-3_amd64.deb/postinst
...
# lets give them a bind user/group in all cases.
getent group bind >/dev/null 2>&1 || addgroup --system bind
getent passwd bind >/dev/null 2>&1 ||
adduser --system --home /var/cache/bind --no-create-home \
--disabled-password --ingroup bind bind
...
(From OE-Core rev: e37841faf746895f41627130623196c0bebe0740)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: ea438b58c9a90e4c3147f99d63a9afc66963c5a1)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for read-only rootfs to the bind service.
Basically it just bind mounts several directories so that the bind
service could start correctly without reporting any error.
(From OE-Core rev: 99cc96eaee28bfde89096689b1296d28937ead88)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Add systemd support for bind.
(From OE-Core rev: 812f69fee5fceef853c42960f3d90491bda8378a)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove CVE patches that are in bind
Updated COPYRIGHT includes date changes the NetBSD Copyright
Modifies the Base BSD License to 3-Clause (removes advertising clause)w
Add patch to disable running tests on host
Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python
(From OE-Core rev: 041576d6d63ad807ca405dcea9eeecf1c9ccd7fe)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|