webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
6eb9d445bc2f7bbe6ee38bceb954032ebcb44a1c
bpfire/lfs/bind
Matthias Fischer be1bf24bb0 bind: Update to 9.11.32 
For details see:
https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.32.html

"Notes for BIND 9.11.32
Feature Changes

    DNSSEC responses containing NSEC3 records with iteration counts
    greater than 150 are now treated as insecure. [GL #2445]

    The maximum supported number of NSEC3 iterations that can be
    configured for a zone has been reduced to 150. [GL #2642]

    The implementation of the ZONEMD RR type has been updated to match
    RFC 8976. [GL #2658]

Notes for BIND 9.11.31
Security Fixes

    A malformed incoming IXFR transfer could trigger an assertion
    failure in named, causing it to quit abnormally. (CVE-2021-25214)

    ISC would like to thank Greg Kuechle of SaskTel for bringing this
    vulnerability to our attention. [GL #2467]

    named crashed when a DNAME record placed in the ANSWER section
    during DNAME chasing turned out to be the final answer to a client
    query. (CVE-2021-25215)

    ISC would like to thank Siva Kakarla for bringing this vulnerability
    to our attention. [GL #2540]

    When a server's configuration set the tkey-gssapi-keytab
    or tkey-gssapi-credential option, a specially crafted GSS-TSIG query
    could cause a buffer overflow in the ISC implementation of SPNEGO
    (a protocol enabling negotiation of the security mechanism used for
    GSSAPI authentication). This flaw could be exploited to crash named
    binaries compiled for 64-bit platforms, and could enable remote code
    execution when named was compiled for 32-bit platforms.
    (CVE-2021-25216)

    This vulnerability was reported to us as ZDI-CAN-13347 by Trend
    Micro Zero Day Initiative. [GL #2604]

Feature Changes

    The ISC implementation of SPNEGO was removed from BIND 9 source
    code. Instead, BIND 9 now always uses the SPNEGO implementation
    provided by the system GSSAPI library when it is built with GSSAPI
    support. All major contemporary Kerberos/GSSAPI libraries contain
    an implementation of the SPNEGO mechanism. [GL #2607]

Notes for BIND 9.11.30

The BIND 9.11.30 release was withdrawn after a backporting bug was
discovered during pre-release testing. ISC would like to acknowledge the
assistance of Natan Segal of Bluecat Networks.2"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-05-25 09:46:28 +00:00

110 lines
4.0 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 9.11.32
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
export CPPFLAGS = -DDIG_SIGCHASE
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 0d029dd06ca60c6739c3189c999ef757
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && STD_CDEFINES="$(CPPFLAGS)" \
./configure \
--prefix=/usr \
--enable-threads \
--with-libtool \
--without-python \
--disable-static
# Build everything
cd $(DIR_APP) && make -C lib/isc $(MAKETUNING)
cd $(DIR_APP) && make -C lib/dns $(MAKETUNING)
cd $(DIR_APP) && make -C lib/isccc $(MAKETUNING)
cd $(DIR_APP) && make -C lib/isccfg $(MAKETUNING)
cd $(DIR_APP) && make -C lib/bind9 $(MAKETUNING)
cd $(DIR_APP) && make -C lib/lwres $(MAKETUNING)
cd $(DIR_APP) && make -C bin/dig $(MAKETUNING)
cd $(DIR_APP) && make -C bin/nsupdate $(MAKETUNING)
# Install everything
cd $(DIR_APP) && make -C lib/isc install
cd $(DIR_APP) && make -C lib/dns install
cd $(DIR_APP) && make -C lib/isccc install
cd $(DIR_APP) && make -C lib/isccfg install
cd $(DIR_APP) && make -C lib/bind9 install
cd $(DIR_APP) && make -C lib/lwres install
cd $(DIR_APP) && make -C bin/dig install
cd $(DIR_APP) && make -C bin/nsupdate install
install -v -m 644 $(DIR_SRC)/config/bind/trusted-key.key \
/etc/trusted-key.key
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink