mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-01-20 08:02:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,091 Commits 43 Branches 633 Tags
Commit Graph

119 Commits

Author SHA1 Message Date
Sören Tempel
f715fbc7a7 main/bind: clear depends for libs subpackage 
Otherwise the dev and tools subpackages install dns-root-hints (since
both depend on the libs subpackage) even though they shouldn't need it.

Discussion: Unfortunately, abuild doesn't have a depends_libs variable
thus we need to define a custom libs function to clear the dependency.
This approach is also used by other abuilds, e.g. testing/boinc.

See also: 4badc1aa803f5dd0f67d2df3004acc3f990ba23f
 2019-04-09 18:21:10 +02:00
Henrik Riomar
62bda4345a main/bind: fix slow start 
named-checkconf needs entropy to start, or else it will take
up to a minute to start at boot.
 2019-04-08 17:24:49 +00:00
tcely
9be9f906a4 main/bind: remove unrecognized configure flag 2019-04-08 17:24:49 +00:00
tcely
6a7a502048 main/bind: security upgrade to 9.12.3-P4 
- CVE-2019-6465
- CVE-2018-5745
- CVE-2018-5744
 2019-04-08 17:24:49 +00:00
tcely
86587d7b8f main/bind: add and use -dnssec-root subpackage 2019-04-08 17:24:49 +00:00
tcely
4badc1aa80 main/bind: use dns-root-hints 2019-04-08 17:24:49 +00:00
tcely
8b82b5d5fc main/bind: named.ca cleanup white-space warnings 2019-02-06 10:05:59 +00:00
tcely
ad413784a2 main/bind: upgrade named.ca to 2018111402 2019-02-06 10:05:59 +00:00
tcely
621d11e236 main/bind: upgrade to 9.12.3-P1 
https://kb.isc.org/docs/dnssec-key-deletion-may-create-broken-nsec-and-nsec3-chains-and-unnecessary-rrsigs
 2019-02-06 10:05:59 +00:00
Taner Tas
51978afa8a main/bind: Upgrade to 9.12.3 
* Add "--disable-isc-spnego" to use gss-spnego instead.

fixes #9462
 2018-11-29 14:47:56 +00:00
Natanael Copa
67599e100e main/bind: rebuild against openssl 1.1 2018-11-07 16:46:08 +00:00
tcely
5b89784c2f main/bind: add secfixes comment 2018-08-28 13:57:56 +00:00
Taner Tas
68d39a1b32 main/bind: Upgrade to 9.12.2-P1, enable DLZ and kerberos 
* Enable DLZ (Dynamically Loadable Zones) support with file system, ldap, stub backends
* Enable GSSAPI/Kerberos support
* Re-arrange configure options
 2018-08-16 11:52:22 +00:00
Jakub Jirutka
f676af6ec9 main/bind: security upgrade to 9.12.1_p2 2018-05-22 00:25:04 +02:00
Natanael Copa
6128fdbb8f main/[various]: properly rebuild against json-c-0.13 2018-04-19 15:03:59 +00:00
Natanael Copa
4613de7cea main/bind: rebuild against json-c-0.13 2018-04-19 10:12:15 +00:00
Natanael Copa
786e56cd1d main/bind: rebuild against libressl-2.7 2018-04-06 05:19:20 +00:00
tcely
c38ff6c4c1 main/bind: upgrade to 9.12.0 and modernize abuild 2018-03-02 17:17:26 +01:00
A. Wilcox
c0b2d6f20b main/bind: Split OpenRC scripts, disable check 2018-02-26 21:10:41 +00:00
tcely
b3fd1eb4e8 main/bind: Upgrade to 9.11.2-P1 2018-02-06 15:44:18 +00:00
Jared Szechy
443ccf28fc main/bind: enable json statistics 2017-12-15 13:52:22 +00:00
Natanael Copa
1855b69402 main/bind: rebuild against libressl-2.6 2017-11-09 19:58:31 +00:00
Natanael Copa
e2dc706809 main/bind: upgrade to 9.11.2 2017-10-31 12:03:37 +00:00
Natanael Copa
52c03af91a main/bind: bump pkgrel 
bump pkgrel to avoid mismatch with caches
 2017-08-08 15:11:06 +00:00
Francesco Colista
01deed0941 Revert "main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496" 
This reverts commit 724d3ef9cc4c309dc09e750d37ca4cb86b32df85.
 2017-08-07 14:37:03 +00:00
Francesco Colista
724d3ef9cc main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496 2017-08-07 14:35:48 +00:00
Natanael Copa
8d37b00520 main/bind: upgrade to 9.11.1_p2 2017-07-06 17:01:04 +02:00
Natanael Copa
e04430798a main/bind: security upgrade to 9.11.1_p1 (CVE-2017-3140) 
fixes #7437
 2017-06-16 12:36:46 +00:00
Natanael Copa
7fff4bd5d6 main/bind: upgrade to 9.11.1 2017-06-14 18:22:43 +00:00
Natanael Copa
afa27b1663 main/bind: rebuild against libressl 2.5 2017-04-18 20:45:30 +00:00
Sergey Lukin
d3fda9ff84 main/bind: security upgrade to 9.11.0_p5 - fixes #7141 
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
 2017-04-14 14:12:39 +00:00
Natanael Copa
b8632ab306 main/bind: security upgrade to 9.11.0_p3 (CVE-2017-3135) 
fixes #6828
 2017-02-09 11:22:32 +01:00
Natanael Copa
1328c94d12 main/bind: dont create homedir for bind user 
We dont want copy the content of /etc/skel to /etc/bind
ref #6725
 2017-01-24 16:51:35 +00:00
Przemyslaw Pawelczyk
d18cfd6f7c main/bind: Upgrade to 9.11.0-P2. 
https://www.isc.org/downloads/bind/bind-9-11-new-features/
https://deepthought.isc.org/article/AA-01446/0/BIND-9.11.0-P2-Release-Notes.html
https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html

Release notes mention addressing issue described in:

CVE-2016-9778: An error handling certain queries using the
               nxdomain-redirect feature could cause a REQUIRE assertion
               failure in db.c

but it's not present in 9.10.x, so it's not a security upgrade.
 2017-01-17 13:47:04 +00:00
Sergei Lukin
859db39dd1 main/bind: security upgrade to 9.10.4_p5 - fixes #6675 
CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
 2017-01-13 08:59:28 +00:00
Natanael Copa
3fdf817269 main/bind: security upgrade to 9.10.4_p4 (CVE-2016-8864) 2016-11-02 05:48:56 +00:00
Natanael Copa
a5b591248a main/bind: rebuild against libressl 2016-10-10 12:04:04 +00:00
Natanael Copa
201cf7c3ba main/bind: security upgrade to 9.10.4_p3 (CVE-2016-2776) 
fixes #6223
 2016-09-28 09:22:42 +00:00
Natanael Copa
abed434a73 main/bind: security upgrade to 9.10.4_p2 (CVE-2016-2775) 
fixes #5951
 2016-07-25 13:47:52 +00:00
Francesco Colista
dd08b4220e main/bind: rebuild with libxml2. Fixes #5711 2016-06-27 14:54:12 +00:00
Natanael Copa
f5b6740ccd main/bind: upgrade to 9.10.4_p1 2016-05-27 15:56:29 +00:00
Natanael Copa
4e061d85be main/bind: upgrade to 9.10.4 2016-05-16 14:22:55 +00:00
Przemyslaw Pawelczyk
0f920d3abe main/[various]: bump pkgrel for pre-install fixes 2016-04-25 07:11:16 +00:00
Przemyslaw Pawelczyk
da4e96aace Reorder arguments passed to addgroup/adduser in scripts. 
Now all invocations have following order of arguments (if present):

    addgroup -S -g ... GROUP
    adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
 2016-04-25 06:56:47 +00:00
Przemyslaw Pawelczyk
a60b9f07de Improve consistency of scripts using adduser/addgroup. 
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.

Comments and line wrapping have been preserved.
 2016-04-25 06:55:43 +00:00
Przemyslaw Pawelczyk
a593d306c9 Add -g option (GECOS/comment) to adduser in scripts. 
This way we can avoid ugly default:

    Linux user,,,
 2016-04-25 06:54:18 +00:00
Przemyslaw Pawelczyk
ccc056dbf9 Add lacking -S option (system) to adduser/addgroup in scripts. 
Groups and users created by packages shouldn't use high ids by default
(unless explicitly requested), to distinguish them from groups and users
created by administrators for humans.

Following 41 files lacked -S next to addgroup:
- community/sword/sword.pre-install
- main/amavisd-new/amavisd-new.pre-install
- main/chrony/chrony.pre-install
- main/cvechecker/cvechecker.pre-install
- main/dnsmasq/dnsmasq.pre-install
- main/freeradius/freeradius.pre-install
- main/gdnsd/gdnsd.pre-install
- main/haproxy/haproxy.pre-install
- main/haproxy/haproxy.pre-upgrade
- main/kamailio/kamailio.pre-install
- main/logcheck/logcheck.pre-install
- main/mlmmj/mlmmj.pre-install
- main/nrpe/nrpe.pre-install
- main/open-vm-tools/open-vm-tools.pre-install
- main/postgrey/postgrey.pre-install
- main/privoxy/privoxy.pre-install
- main/redis/redis.pre-install
- main/samba/winbind.pre-install
- main/sircbot/sircbot.pre-install
- main/smokeping/smokeping.pre-install
- main/squark/squark.post-install
- main/squid/squid.pre-install
- main/squid/squid.pre-upgrade
- main/subversion/subversion.pre-install
- main/trac/trac.pre-install
- main/vsftpd/vsftpd.pre-install
- main/zabbix/zabbix-agent.pre-install
- testing/3proxy/3proxy.pre-install
- testing/cluster-glue/cluster-glue.pre-install
- testing/elasticsearch/elasticsearch.pre-install
- testing/emby/emby.pre-install
- testing/gdnsd/gdnsd.pre-install
- testing/icinga2/icinga2.pre-install
- testing/lusca/lusca.pre-install
- testing/lusca/lusca.pre-upgrade
- testing/mongodb/mongodb.pre-install
- testing/openxcap/openxcap.pre-install
- testing/prosody/prosody.pre-install
- testing/rancid/rancid.pre-install
- testing/rutorrent/rutorrent.pre-install
- testing/zabbix/zabbix-agent.pre-install

Following 60 files lacked -S next to adduser:
- community/caddy/caddy.pre-install
- community/domoticz/domoticz.pre-install
- community/minetest/minetest-server.pre-install
- community/oscam/oscam.pre-install
- community/seafile/seafile-server.pre-install
- community/syncthing/syncthing.pre-install
- main/apache2/apache2.pre-install
- main/aports-build/aports-build.pre-install
- main/atheme-iris/atheme-iris.pre-install
- main/bind/bind.pre-install
- main/clamav/clamav-db.pre-install
- main/clamsmtp/clamsmtp.pre-install
- main/clamsmtp/clamsmtp.pre-upgrade
- main/coova-chilli/coova-chilli.pre-install
- main/cvechecker/cvechecker.pre-install
- main/dhcp/dhcp.pre-install
- main/distcc/distcc.pre-install
- main/djbdns/dnscache.pre-install
- main/djbdns/tinydns.pre-install
- main/dovecot/dovecot.pre-install
- main/ez-ipupdate/ez-ipupdate.pre-install
- main/fetchmail/fetchmail.pre-install
- main/freeswitch/freeswitch.pre-install
- main/gitolite/gitolite.pre-install
- main/gnats/gnats.pre-install
- main/gross/gross.pre-install
- main/icecast/icecast.pre-install
- main/kamailio/kamailio.pre-install
- main/lighttpd/lighttpd.pre-install
- main/mariadb/mariadb.pre-install
- main/memcached/memcached.pre-install
- main/ngircd/ngircd.pre-install
- main/nrpe/nrpe.pre-install
- main/openntpd/openntpd.pre-install
- main/postgrey/postgrey.pre-install
- main/snort/snort.pre-install
- main/squid/squid.pre-install
- main/squid/squid.pre-upgrade
- main/subversion/subversion.pre-install
- main/trac/trac.pre-install
- main/transmission/transmission-daemon.pre-install
- main/ympd/ympd.pre-install
- main/znc/znc.pre-install
- testing/at/at.pre-install
- testing/buildbot-slave/buildbot-slave.pre-install
- testing/buildbot/buildbot.pre-install
- testing/clapf/clapf.pre-install
- testing/cluster-glue/cluster-glue.pre-install
- testing/dbmail/dbmail.pre-install
- testing/dspam/dspam.pre-install
- testing/ejabberd/ejabberd.pre-install
- testing/emby/emby.pre-install
- testing/mongodb/mongodb.pre-install
- testing/opensips/opensips.pre-install
- testing/pdns/pdns.pre-install
- testing/prosody/prosody.pre-install
- testing/qpage/qpage.pre-install
- testing/rrdbot/rrdbot.pre-install
- testing/wt/wt.pre-install
- unmaintained/ejabberd-git/ejabberd-git.pre-install
 2016-04-25 06:53:54 +00:00
Natanael Copa
c99a79bf99 main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285,CVE-2016-1286,CVE-2016-2088) 
fixes #5243
 2016-03-10 16:27:54 +00:00
Kaarle Ritvanen
13d11a508c main/bind: remove /var/log/named 
not used by default configuration
 2016-02-04 20:33:15 +02:00
Natanael Copa
dff85e5b60 main/bind: security upgrade to 9.10.3_p3 (CVE-2015-8704,CVE-2015-8705) 2016-01-20 16:33:25 +00:00