diff options
author | Mike Westerhof <mwester@dls.net> | 2008-07-14 03:10:14 +0000 |
---|---|---|
committer | Mike Westerhof <mwester@dls.net> | 2008-07-14 03:10:14 +0000 |
commit | 8d5f83863769892c6bb9e9cadd570ab596e8dd07 (patch) | |
tree | a012b3e7aabeaea6ba832fbe3007d279b8a16163 | |
parent | 9e850f378107c3b96ebb3ac2018f38d2c04045c5 (diff) |
bind - upgrade to 9.3.5-P1 in response to security vulnerabilities.
-rw-r--r-- | packages/bind/bind-9.3.5-P1/.mtn2git_empty | 0 | ||||
-rw-r--r-- | packages/bind/bind-9.3.5-P1/conf.patch | 301 | ||||
-rw-r--r-- | packages/bind/bind-9.3.5-P1/configure.in.patch | 14 | ||||
-rw-r--r-- | packages/bind/bind-9.3.5-P1/so_bsdcompat.patch | 32 | ||||
-rw-r--r-- | packages/bind/bind_9.3.5-P1.bb | 38 |
5 files changed, 385 insertions, 0 deletions
diff --git a/packages/bind/bind-9.3.5-P1/.mtn2git_empty b/packages/bind/bind-9.3.5-P1/.mtn2git_empty new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/packages/bind/bind-9.3.5-P1/.mtn2git_empty diff --git a/packages/bind/bind-9.3.5-P1/conf.patch b/packages/bind/bind-9.3.5-P1/conf.patch new file mode 100644 index 0000000000..202c5319e1 --- /dev/null +++ b/packages/bind/bind-9.3.5-P1/conf.patch @@ -0,0 +1,301 @@ +diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 +--- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,12 @@ ++; ++; BIND reverse data file for broadcast zone ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 +--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND reverse data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++1.0.0 IN PTR localhost. +diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty +--- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,14 @@ ++; BIND reverse data file for empty rfc1918 zone ++; ++; DO NOT EDIT THIS FILE - it is used for multiple zones. ++; Instead, copy it, edit named.conf, and use that copy. ++; ++$TTL 86400 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 86400 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local +--- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++@ IN A 127.0.0.1 +diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root +--- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,45 @@ ++ ++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. ++;; global options: printcmd ++;; Got answer: ++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 ++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ++ ++;; QUESTION SECTION: ++;. IN NS ++ ++;; ANSWER SECTION: ++. 518400 IN NS A.ROOT-SERVERS.NET. ++. 518400 IN NS B.ROOT-SERVERS.NET. ++. 518400 IN NS C.ROOT-SERVERS.NET. ++. 518400 IN NS D.ROOT-SERVERS.NET. ++. 518400 IN NS E.ROOT-SERVERS.NET. ++. 518400 IN NS F.ROOT-SERVERS.NET. ++. 518400 IN NS G.ROOT-SERVERS.NET. ++. 518400 IN NS H.ROOT-SERVERS.NET. ++. 518400 IN NS I.ROOT-SERVERS.NET. ++. 518400 IN NS J.ROOT-SERVERS.NET. ++. 518400 IN NS K.ROOT-SERVERS.NET. ++. 518400 IN NS L.ROOT-SERVERS.NET. ++. 518400 IN NS M.ROOT-SERVERS.NET. ++ ++;; ADDITIONAL SECTION: ++A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 ++B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 ++C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 ++D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 ++E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 ++F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 ++G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 ++H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 ++I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 ++J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 ++K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 ++L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 ++M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 ++ ++;; Query time: 81 msec ++;; SERVER: 198.41.0.4#53(a.root-servers.net.) ++;; WHEN: Sun Feb 1 11:27:14 2004 ++;; MSG SIZE rcvd: 436 ++ +diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf +--- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 +@@ -0,0 +1,49 @@ ++// This is the primary configuration file for the BIND DNS server named. ++// ++// If you are just adding zones, please do that in /etc/bind/named.conf.local ++ ++include "/etc/bind/named.conf.options"; ++ ++// prime the server with knowledge of the root servers ++zone "." { ++ type hint; ++ file "/etc/bind/db.root"; ++}; ++ ++// be authoritative for the localhost forward and reverse zones, and for ++// broadcast zones as per RFC 1912 ++ ++zone "localhost" { ++ type master; ++ file "/etc/bind/db.local"; ++}; ++ ++zone "127.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.127"; ++}; ++ ++zone "0.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.0"; ++}; ++ ++zone "255.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.255"; ++}; ++ ++// zone "com" { type delegation-only; }; ++// zone "net" { type delegation-only; }; ++ ++// From the release notes: ++// Because many of our users are uncomfortable receiving undelegated answers ++// from root or top level domains, other than a few for whom that behaviour ++// has been trusted and expected for quite some length of time, we have now ++// introduced the "root-delegations-only" feature which applies delegation-only ++// logic to all top level domains, and to the root domain. An exception list ++// should be specified, including "MUSEUM" and "DE", and any other top level ++// domains from whom undelegated responses are expected and trusted. ++// root-delegation-only exclude { "DE"; "MUSEUM"; }; ++ ++include "/etc/bind/named.conf.local"; +diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local +--- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,8 @@ ++// ++// Do any local configuration here ++// ++ ++// Consider adding the 1918 zones here, if they are not used in your ++// organization ++//include "/etc/bind/zones.rfc1918"; ++ +diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options +--- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,24 @@ ++options { ++ directory "/var/cache/bind"; ++ ++ // If there is a firewall between you and nameservers you want ++ // to talk to, you might need to uncomment the query-source ++ // directive below. Previous versions of BIND always asked ++ // questions using port 53, but BIND 8.1 and later use an unprivileged ++ // port by default. ++ ++ // query-source address * port 53; ++ ++ // If your ISP provided one or more IP addresses for stable ++ // nameservers, you probably want to use them as forwarders. ++ // Uncomment the following block, and insert the addresses replacing ++ // the all-0's placeholder. ++ ++ // forwarders { ++ // 0.0.0.0; ++ // }; ++ ++ auth-nxdomain no; # conform to RFC1035 ++ ++}; ++ +diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 +--- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 +@@ -0,0 +1,20 @@ ++zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d +--- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 +@@ -0,0 +1,63 @@ ++#!/bin/sh ++ ++PATH=/sbin:/bin:/usr/sbin:/usr/bin ++ ++# for a chrooted server: "-u bind -t /var/lib/named" ++# Don't modify this line, change or create /etc/default/bind9. ++OPTIONS="" ++ ++test -f /etc/default/bind9 && . /etc/default/bind9 ++ ++test -x /usr/sbin/rndc || exit 0 ++ ++case "$1" in ++ start) ++ echo -n "Starting domain name service: named" ++ ++ modprobe capability >/dev/null 2>&1 || true ++ ++ # dirs under /var/run can go away on reboots. ++ mkdir -p /var/run/bind/run ++ mkdir -p /var/cache/bind ++ chmod 775 /var/run/bind/run ++ chown root:bind /var/run/bind/run >/dev/null 2>&1 || true ++ ++ if [ ! -x /usr/sbin/named ]; then ++ echo "named binary missing - not starting" ++ exit 1 ++ fi ++ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ ++ --pidfile /var/run/bind/run/named.pid -- $OPTIONS; then ++ if [ -x /sbin/resolvconf ] ; then ++ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo ++ fi ++ fi ++ echo "." ++ ;; ++ ++ stop) ++ echo -n "Stopping domain name service: named" ++ if [ -x /sbin/resolvconf ]; then ++ /sbin/resolvconf -d lo ++ fi ++ /usr/sbin/rndc stop ++ echo "." ++ ;; ++ ++ reload) ++ /usr/sbin/rndc reload ++ ;; ++ ++ restart|force-reload) ++ $0 stop ++ sleep 2 ++ $0 start ++ ;; ++ ++ *) ++ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 diff --git a/packages/bind/bind-9.3.5-P1/configure.in.patch b/packages/bind/bind-9.3.5-P1/configure.in.patch new file mode 100644 index 0000000000..78ae9271c6 --- /dev/null +++ b/packages/bind/bind-9.3.5-P1/configure.in.patch @@ -0,0 +1,14 @@ +--- bind-9.3.1/configure.in.orig 2005-07-10 21:21:18.000000000 +0200 ++++ bind-9.3.1/configure.in 2005-07-10 21:24:31.000000000 +0200 +@@ -1414,7 +1414,10 @@ + [AC_MSG_RESULT(no) + ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O" + ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c" +- ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"]) ++ ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"], ++ ++ [AC_MSG_RESULT(assuming target platform has working inet_ntop) ++ ISC_PLATFORM_NEEDNTOP="#undef ISC_PLATFORM_NEEDNTOP"]) + + + # On NetBSD 1.4.2 and maybe others, inet_pton() incorrectly accepts diff --git a/packages/bind/bind-9.3.5-P1/so_bsdcompat.patch b/packages/bind/bind-9.3.5-P1/so_bsdcompat.patch new file mode 100644 index 0000000000..03e34bf6a5 --- /dev/null +++ b/packages/bind/bind-9.3.5-P1/so_bsdcompat.patch @@ -0,0 +1,32 @@ +--- bind-9.3.5-P1/lib/isc/unix/socket.c.orig 2008-07-13 21:53:24.000000000 -0500 ++++ bind-9.3.5-P1/lib/isc/unix/socket.c 2008-07-13 21:57:06.000000000 -0500 +@@ -1423,7 +1423,7 @@ + { + isc_socket_t *sock = NULL; + isc_result_t ret; +-#if defined(USE_CMSG) || defined(SO_BSDCOMPAT) ++#if defined(USE_CMSG) + int on = 1; + #endif + char strbuf[ISC_STRERRORSIZE]; +@@ -1514,7 +1514,7 @@ + return (ISC_R_UNEXPECTED); + } + +-#ifdef SO_BSDCOMPAT ++/* #ifdef SO_BSDCOMPAT + RUNTIME_CHECK(isc_once_do(&bsdcompat_once, + clear_bsdcompat) == ISC_R_SUCCESS); + if (bsdcompat && setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT, +@@ -1526,9 +1526,9 @@ + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + strbuf); +- /* Press on... */ ++ + } +-#endif ++#endif */ + + #ifdef SO_NOSIGPIPE + if (setsockopt(sock->fd, SOL_SOCKET, SO_NOSIGPIPE, diff --git a/packages/bind/bind_9.3.5-P1.bb b/packages/bind/bind_9.3.5-P1.bb new file mode 100644 index 0000000000..a1dff5ceaf --- /dev/null +++ b/packages/bind/bind_9.3.5-P1.bb @@ -0,0 +1,38 @@ +DESCRIPTION = "ISC Internet Domain Name Server" +SECTION = "console/network" +HOMEPAGE = "http://www.isc.org/sw/bind/" +LICENSE = "BSD" +PR = "r0" + +DEPENDS = "openssl" + +SRC_URI = "ftp://ftp.isc.org/isc/bind9/9.3.5-P1/bind-9.3.5-P1.tar.gz \ + file://conf.patch;patch=1 \ + file://configure.in.patch;patch=1 \ + file://so_bsdcompat.patch;patch=1 \ + " + +EXTRA_OECONF = " --enable-ipv6=no --with-randomdev=/dev/random --disable-threads --sysconfdir=/etc/bind --localstatedir=/var --prefix=/usr" +inherit autotools update-rc.d + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +do_install_append() { + rm "${D}/usr/bin/nslookup" + install -d "${D}/etc/bind" + install -d "${D}/etc/init.d" + install -m 644 ${S}/conf/* "${D}/etc/bind" + install -m 755 "${S}/init.d" "${D}/etc/init.d/bind" +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " |