webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
eae0cb549aaafbf34f61c3b1778c99ca0dd4ad77
bpfire/lfs/bind
Matthias Fischer abb32f5e60 bind: Update to 9.16.33 
For details see:
https://downloads.isc.org/isc/bind9/9.16.33/doc/arm/html/notes.html#notes-for-bind-9-16-33

"Security Fixes

    Previously, there was no limit to the number of database lookups
    performed while processing large delegations, which could be abused to
    severely impact the performance of named running as a recursive
    resolver. This has been fixed. (CVE-2022-2795)

    ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat
    Bremler-Barr & Shani Stajnrod from Reichman University for bringing
    this vulnerability to our attention. [GL #3394]

    named running as a resolver with the stale-answer-client-timeout option
    set to 0 could crash with an assertion failure, when there was a stale
    CNAME in the cache for the incoming query. This has been fixed.
    (CVE-2022-3080) [GL #3517]

    A memory leak was fixed that could be externally triggered in the
    DNSSEC verification code for the ECDSA algorithm. (CVE-2022-38177) [GL
    #3487]

    Memory leaks were fixed that could be externally triggered in the
    DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) [GL
    #3487]

Feature Changes

    Response Rate Limiting (RRL) code now treats all QNAMEs that are
    subject to wildcard processing within a given zone as the same name, to
    prevent circumventing the limits enforced by RRL. [GL #3459]

    Zones using dnssec-policy now require dynamic DNS or inline-signing to
    be configured explicitly. [GL #3381]

    A backward-compatible approach was implemented for encoding
    internationalized domain names (IDN) in dig and converting the domain
    to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. [GL
    #3485]

Bug Fixes

    A serve-stale bug was fixed, where BIND would try to return stale data
    from cache for lookups that received duplicate queries or queries that
    would be dropped. This bug resulted in premature SERVFAIL responses,
    and has now been resolved. [GL #2982]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
2022-09-23 10:41:10 +00:00

113 lines
4.2 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 9.16.33
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
export CPPFLAGS = -DDIG_SIGCHASE
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 4246b61ce91af3d494ace4b8065b4c0043b2cfaf28c6de326691a969837e7d1cfbc0dac6b1e1a5182fc32af68048abcfa1202d00022951f3caa13afb03ebeb69
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && STD_CDEFINES="$(CPPFLAGS)" \
./configure \
--prefix=/usr \
--enable-threads \
--with-libtool \
--without-python \
--disable-linux-caps \
--disable-static
# Build required libraries
cd $(DIR_APP) && make -C lib/isc $(MAKETUNING)
cd $(DIR_APP) && make -C lib/isccc $(MAKETUNING)
cd $(DIR_APP) && make -C lib/dns $(MAKETUNING)
cd $(DIR_APP) && make -C lib/ns $(MAKETUNING)
cd $(DIR_APP) && make -C lib/isccfg $(MAKETUNING)
cd $(DIR_APP) && make -C lib/bind9 $(MAKETUNING)
cd $(DIR_APP) && make -C lib/irs $(MAKETUNING)
cd $(DIR_APP) && make -C bin/dig $(MAKETUNING)
cd $(DIR_APP) && make -C bin/nsupdate $(MAKETUNING)
# Install utility programs
cd $(DIR_APP) && make -C lib/isc install
cd $(DIR_APP) && make -C lib/isccc install
cd $(DIR_APP) && make -C lib/dns install
cd $(DIR_APP) && make -C lib/ns install
cd $(DIR_APP) && make -C lib/isccfg install
cd $(DIR_APP) && make -C lib/bind9 install
cd $(DIR_APP) && make -C lib/irs install
cd $(DIR_APP) && make -C bin/dig install
cd $(DIR_APP) && make -C bin/nsupdate install
install -v -m 644 $(DIR_SRC)/config/bind/trusted-key.key \
/etc/trusted-key.key
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink