mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-01-16 22:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,108 Commits 43 Branches 633 Tags
Commit Graph

123 Commits

Author SHA1 Message Date
Natanael Copa
91fb4f69e2 main/bind: split dnssec-tools and py3-bind 
move python modules and dnssec-tools to separate subpackages so we avoid
install python3 by default.

py3-bind may be useful separately for python scripts so lets separate
out that as well.
 2019-05-02 11:18:56 +00:00
tcely
40322d1605 main/bind: become maintainer 2019-04-30 12:38:37 +00:00
tcely
4a3cd5e69c main/bind: security upgrade to 9.14.1 
- CVE-2019-6467
- CVE-2018-5743

fixes #10367
 2019-04-30 12:38:37 +00:00
tcely
36c06fdc08 main/bind: upgrade to 9.14.0 2019-04-30 12:38:37 +00:00
Sören Tempel
f715fbc7a7 main/bind: clear depends for libs subpackage 
Otherwise the dev and tools subpackages install dns-root-hints (since
both depend on the libs subpackage) even though they shouldn't need it.

Discussion: Unfortunately, abuild doesn't have a depends_libs variable
thus we need to define a custom libs function to clear the dependency.
This approach is also used by other abuilds, e.g. testing/boinc.

See also: 4badc1aa803f5dd0f67d2df3004acc3f990ba23f
 2019-04-09 18:21:10 +02:00
Henrik Riomar
62bda4345a main/bind: fix slow start 
named-checkconf needs entropy to start, or else it will take
up to a minute to start at boot.
 2019-04-08 17:24:49 +00:00
tcely
9be9f906a4 main/bind: remove unrecognized configure flag 2019-04-08 17:24:49 +00:00
tcely
6a7a502048 main/bind: security upgrade to 9.12.3-P4 
- CVE-2019-6465
- CVE-2018-5745
- CVE-2018-5744
 2019-04-08 17:24:49 +00:00
tcely
86587d7b8f main/bind: add and use -dnssec-root subpackage 2019-04-08 17:24:49 +00:00
tcely
4badc1aa80 main/bind: use dns-root-hints 2019-04-08 17:24:49 +00:00
tcely
8b82b5d5fc main/bind: named.ca cleanup white-space warnings 2019-02-06 10:05:59 +00:00
tcely
ad413784a2 main/bind: upgrade named.ca to 2018111402 2019-02-06 10:05:59 +00:00
tcely
621d11e236 main/bind: upgrade to 9.12.3-P1 
https://kb.isc.org/docs/dnssec-key-deletion-may-create-broken-nsec-and-nsec3-chains-and-unnecessary-rrsigs
 2019-02-06 10:05:59 +00:00
Taner Tas
51978afa8a main/bind: Upgrade to 9.12.3 
* Add "--disable-isc-spnego" to use gss-spnego instead.

fixes #9462
 2018-11-29 14:47:56 +00:00
Natanael Copa
67599e100e main/bind: rebuild against openssl 1.1 2018-11-07 16:46:08 +00:00
tcely
5b89784c2f main/bind: add secfixes comment 2018-08-28 13:57:56 +00:00
Taner Tas
68d39a1b32 main/bind: Upgrade to 9.12.2-P1, enable DLZ and kerberos 
* Enable DLZ (Dynamically Loadable Zones) support with file system, ldap, stub backends
* Enable GSSAPI/Kerberos support
* Re-arrange configure options
 2018-08-16 11:52:22 +00:00
Jakub Jirutka
f676af6ec9 main/bind: security upgrade to 9.12.1_p2 2018-05-22 00:25:04 +02:00
Natanael Copa
6128fdbb8f main/[various]: properly rebuild against json-c-0.13 2018-04-19 15:03:59 +00:00
Natanael Copa
4613de7cea main/bind: rebuild against json-c-0.13 2018-04-19 10:12:15 +00:00
Natanael Copa
786e56cd1d main/bind: rebuild against libressl-2.7 2018-04-06 05:19:20 +00:00
tcely
c38ff6c4c1 main/bind: upgrade to 9.12.0 and modernize abuild 2018-03-02 17:17:26 +01:00
A. Wilcox
c0b2d6f20b main/bind: Split OpenRC scripts, disable check 2018-02-26 21:10:41 +00:00
tcely
b3fd1eb4e8 main/bind: Upgrade to 9.11.2-P1 2018-02-06 15:44:18 +00:00
Jared Szechy
443ccf28fc main/bind: enable json statistics 2017-12-15 13:52:22 +00:00
Natanael Copa
1855b69402 main/bind: rebuild against libressl-2.6 2017-11-09 19:58:31 +00:00
Natanael Copa
e2dc706809 main/bind: upgrade to 9.11.2 2017-10-31 12:03:37 +00:00
Natanael Copa
52c03af91a main/bind: bump pkgrel 
bump pkgrel to avoid mismatch with caches
 2017-08-08 15:11:06 +00:00
Francesco Colista
01deed0941 Revert "main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496" 
This reverts commit 724d3ef9cc4c309dc09e750d37ca4cb86b32df85.
 2017-08-07 14:37:03 +00:00
Francesco Colista
724d3ef9cc main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7496 2017-08-07 14:35:48 +00:00
Natanael Copa
8d37b00520 main/bind: upgrade to 9.11.1_p2 2017-07-06 17:01:04 +02:00
Natanael Copa
e04430798a main/bind: security upgrade to 9.11.1_p1 (CVE-2017-3140) 
fixes #7437
 2017-06-16 12:36:46 +00:00
Natanael Copa
7fff4bd5d6 main/bind: upgrade to 9.11.1 2017-06-14 18:22:43 +00:00
Natanael Copa
afa27b1663 main/bind: rebuild against libressl 2.5 2017-04-18 20:45:30 +00:00
Sergey Lukin
d3fda9ff84 main/bind: security upgrade to 9.11.0_p5 - fixes #7141 
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
 2017-04-14 14:12:39 +00:00
Natanael Copa
b8632ab306 main/bind: security upgrade to 9.11.0_p3 (CVE-2017-3135) 
fixes #6828
 2017-02-09 11:22:32 +01:00
Natanael Copa
1328c94d12 main/bind: dont create homedir for bind user 
We dont want copy the content of /etc/skel to /etc/bind
ref #6725
 2017-01-24 16:51:35 +00:00
Przemyslaw Pawelczyk
d18cfd6f7c main/bind: Upgrade to 9.11.0-P2. 
https://www.isc.org/downloads/bind/bind-9-11-new-features/
https://deepthought.isc.org/article/AA-01446/0/BIND-9.11.0-P2-Release-Notes.html
https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html

Release notes mention addressing issue described in:

CVE-2016-9778: An error handling certain queries using the
               nxdomain-redirect feature could cause a REQUIRE assertion
               failure in db.c

but it's not present in 9.10.x, so it's not a security upgrade.
 2017-01-17 13:47:04 +00:00
Sergei Lukin
859db39dd1 main/bind: security upgrade to 9.10.4_p5 - fixes #6675 
CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
 2017-01-13 08:59:28 +00:00
Natanael Copa
3fdf817269 main/bind: security upgrade to 9.10.4_p4 (CVE-2016-8864) 2016-11-02 05:48:56 +00:00
Natanael Copa
a5b591248a main/bind: rebuild against libressl 2016-10-10 12:04:04 +00:00
Natanael Copa
201cf7c3ba main/bind: security upgrade to 9.10.4_p3 (CVE-2016-2776) 
fixes #6223
 2016-09-28 09:22:42 +00:00
Natanael Copa
abed434a73 main/bind: security upgrade to 9.10.4_p2 (CVE-2016-2775) 
fixes #5951
 2016-07-25 13:47:52 +00:00
Francesco Colista
dd08b4220e main/bind: rebuild with libxml2. Fixes #5711 2016-06-27 14:54:12 +00:00
Natanael Copa
f5b6740ccd main/bind: upgrade to 9.10.4_p1 2016-05-27 15:56:29 +00:00
Natanael Copa
4e061d85be main/bind: upgrade to 9.10.4 2016-05-16 14:22:55 +00:00
Przemyslaw Pawelczyk
0f920d3abe main/[various]: bump pkgrel for pre-install fixes 2016-04-25 07:11:16 +00:00
Przemyslaw Pawelczyk
da4e96aace Reorder arguments passed to addgroup/adduser in scripts. 
Now all invocations have following order of arguments (if present):

    addgroup -S -g ... GROUP
    adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
 2016-04-25 06:56:47 +00:00
Przemyslaw Pawelczyk
a60b9f07de Improve consistency of scripts using adduser/addgroup. 
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.

Comments and line wrapping have been preserved.
 2016-04-25 06:55:43 +00:00
Przemyslaw Pawelczyk
a593d306c9 Add -g option (GECOS/comment) to adduser in scripts. 
This way we can avoid ugly default:

    Linux user,,,
 2016-04-25 06:54:18 +00:00