summaryrefslogtreecommitdiff
path: root/packages
diff options
context:
space:
mode:
authorMike Westerhof <mwester@dls.net>2008-07-14 03:10:14 +0000
committerMike Westerhof <mwester@dls.net>2008-07-14 03:10:14 +0000
commit8d5f83863769892c6bb9e9cadd570ab596e8dd07 (patch)
treea012b3e7aabeaea6ba832fbe3007d279b8a16163 /packages
parent9e850f378107c3b96ebb3ac2018f38d2c04045c5 (diff)
bind - upgrade to 9.3.5-P1 in response to security vulnerabilities.
Diffstat (limited to 'packages')
-rw-r--r--packages/bind/bind-9.3.5-P1/.mtn2git_empty0
-rw-r--r--packages/bind/bind-9.3.5-P1/conf.patch301
-rw-r--r--packages/bind/bind-9.3.5-P1/configure.in.patch14
-rw-r--r--packages/bind/bind-9.3.5-P1/so_bsdcompat.patch32
-rw-r--r--packages/bind/bind_9.3.5-P1.bb38
5 files changed, 385 insertions, 0 deletions
diff --git a/packages/bind/bind-9.3.5-P1/.mtn2git_empty b/packages/bind/bind-9.3.5-P1/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/packages/bind/bind-9.3.5-P1/.mtn2git_empty
diff --git a/packages/bind/bind-9.3.5-P1/conf.patch b/packages/bind/bind-9.3.5-P1/conf.patch
new file mode 100644
index 0000000000..202c5319e1
--- /dev/null
+++ b/packages/bind/bind-9.3.5-P1/conf.patch
@@ -0,0 +1,301 @@
+diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0
+--- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
++;
++; BIND reverse data file for broadcast zone
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
+diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127
+--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
++;
++; BIND reverse data file for local loopback interface
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
++1.0.0 IN PTR localhost.
+diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty
+--- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,14 @@
++; BIND reverse data file for empty rfc1918 zone
++;
++; DO NOT EDIT THIS FILE - it is used for multiple zones.
++; Instead, copy it, edit named.conf, and use that copy.
++;
++$TTL 86400
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 86400 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
+diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local
+--- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
++;
++; BIND data file for local loopback interface
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
++@ IN A 127.0.0.1
+diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root
+--- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,45 @@
++
++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
++;; global options: printcmd
++;; Got answer:
++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
++
++;; QUESTION SECTION:
++;. IN NS
++
++;; ANSWER SECTION:
++. 518400 IN NS A.ROOT-SERVERS.NET.
++. 518400 IN NS B.ROOT-SERVERS.NET.
++. 518400 IN NS C.ROOT-SERVERS.NET.
++. 518400 IN NS D.ROOT-SERVERS.NET.
++. 518400 IN NS E.ROOT-SERVERS.NET.
++. 518400 IN NS F.ROOT-SERVERS.NET.
++. 518400 IN NS G.ROOT-SERVERS.NET.
++. 518400 IN NS H.ROOT-SERVERS.NET.
++. 518400 IN NS I.ROOT-SERVERS.NET.
++. 518400 IN NS J.ROOT-SERVERS.NET.
++. 518400 IN NS K.ROOT-SERVERS.NET.
++. 518400 IN NS L.ROOT-SERVERS.NET.
++. 518400 IN NS M.ROOT-SERVERS.NET.
++
++;; ADDITIONAL SECTION:
++A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
++B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
++C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
++D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
++E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
++F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
++G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
++H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
++I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
++J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
++K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
++L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
++M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
++
++;; Query time: 81 msec
++;; SERVER: 198.41.0.4#53(a.root-servers.net.)
++;; WHEN: Sun Feb 1 11:27:14 2004
++;; MSG SIZE rcvd: 436
++
+diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf
+--- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200
+@@ -0,0 +1,49 @@
++// This is the primary configuration file for the BIND DNS server named.
++//
++// If you are just adding zones, please do that in /etc/bind/named.conf.local
++
++include "/etc/bind/named.conf.options";
++
++// prime the server with knowledge of the root servers
++zone "." {
++ type hint;
++ file "/etc/bind/db.root";
++};
++
++// be authoritative for the localhost forward and reverse zones, and for
++// broadcast zones as per RFC 1912
++
++zone "localhost" {
++ type master;
++ file "/etc/bind/db.local";
++};
++
++zone "127.in-addr.arpa" {
++ type master;
++ file "/etc/bind/db.127";
++};
++
++zone "0.in-addr.arpa" {
++ type master;
++ file "/etc/bind/db.0";
++};
++
++zone "255.in-addr.arpa" {
++ type master;
++ file "/etc/bind/db.255";
++};
++
++// zone "com" { type delegation-only; };
++// zone "net" { type delegation-only; };
++
++// From the release notes:
++// Because many of our users are uncomfortable receiving undelegated answers
++// from root or top level domains, other than a few for whom that behaviour
++// has been trusted and expected for quite some length of time, we have now
++// introduced the "root-delegations-only" feature which applies delegation-only
++// logic to all top level domains, and to the root domain. An exception list
++// should be specified, including "MUSEUM" and "DE", and any other top level
++// domains from whom undelegated responses are expected and trusted.
++// root-delegation-only exclude { "DE"; "MUSEUM"; };
++
++include "/etc/bind/named.conf.local";
+diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local
+--- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,8 @@
++//
++// Do any local configuration here
++//
++
++// Consider adding the 1918 zones here, if they are not used in your
++// organization
++//include "/etc/bind/zones.rfc1918";
++
+diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options
+--- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,24 @@
++options {
++ directory "/var/cache/bind";
++
++ // If there is a firewall between you and nameservers you want
++ // to talk to, you might need to uncomment the query-source
++ // directive below. Previous versions of BIND always asked
++ // questions using port 53, but BIND 8.1 and later use an unprivileged
++ // port by default.
++
++ // query-source address * port 53;
++
++ // If your ISP provided one or more IP addresses for stable
++ // nameservers, you probably want to use them as forwarders.
++ // Uncomment the following block, and insert the addresses replacing
++ // the all-0's placeholder.
++
++ // forwarders {
++ // 0.0.0.0;
++ // };
++
++ auth-nxdomain no; # conform to RFC1035
++
++};
++
+diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918
+--- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200
+@@ -0,0 +1,20 @@
++zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++
++zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++
++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
+--- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200
+@@ -0,0 +1,63 @@
++#!/bin/sh
++
++PATH=/sbin:/bin:/usr/sbin:/usr/bin
++
++# for a chrooted server: "-u bind -t /var/lib/named"
++# Don't modify this line, change or create /etc/default/bind9.
++OPTIONS=""
++
++test -f /etc/default/bind9 && . /etc/default/bind9
++
++test -x /usr/sbin/rndc || exit 0
++
++case "$1" in
++ start)
++ echo -n "Starting domain name service: named"
++
++ modprobe capability >/dev/null 2>&1 || true
++
++ # dirs under /var/run can go away on reboots.
++ mkdir -p /var/run/bind/run
++ mkdir -p /var/cache/bind
++ chmod 775 /var/run/bind/run
++ chown root:bind /var/run/bind/run >/dev/null 2>&1 || true
++
++ if [ ! -x /usr/sbin/named ]; then
++ echo "named binary missing - not starting"
++ exit 1
++ fi
++ if start-stop-daemon --start --quiet --exec /usr/sbin/named \
++ --pidfile /var/run/bind/run/named.pid -- $OPTIONS; then
++ if [ -x /sbin/resolvconf ] ; then
++ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo
++ fi
++ fi
++ echo "."
++ ;;
++
++ stop)
++ echo -n "Stopping domain name service: named"
++ if [ -x /sbin/resolvconf ]; then
++ /sbin/resolvconf -d lo
++ fi
++ /usr/sbin/rndc stop
++ echo "."
++ ;;
++
++ reload)
++ /usr/sbin/rndc reload
++ ;;
++
++ restart|force-reload)
++ $0 stop
++ sleep 2
++ $0 start
++ ;;
++
++ *)
++ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
++ exit 1
++ ;;
++esac
++
++exit 0
diff --git a/packages/bind/bind-9.3.5-P1/configure.in.patch b/packages/bind/bind-9.3.5-P1/configure.in.patch
new file mode 100644
index 0000000000..78ae9271c6
--- /dev/null
+++ b/packages/bind/bind-9.3.5-P1/configure.in.patch
@@ -0,0 +1,14 @@
+--- bind-9.3.1/configure.in.orig 2005-07-10 21:21:18.000000000 +0200
++++ bind-9.3.1/configure.in 2005-07-10 21:24:31.000000000 +0200
+@@ -1414,7 +1414,10 @@
+ [AC_MSG_RESULT(no)
+ ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O"
+ ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c"
+- ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"])
++ ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"],
++
++ [AC_MSG_RESULT(assuming target platform has working inet_ntop)
++ ISC_PLATFORM_NEEDNTOP="#undef ISC_PLATFORM_NEEDNTOP"])
+
+
+ # On NetBSD 1.4.2 and maybe others, inet_pton() incorrectly accepts
diff --git a/packages/bind/bind-9.3.5-P1/so_bsdcompat.patch b/packages/bind/bind-9.3.5-P1/so_bsdcompat.patch
new file mode 100644
index 0000000000..03e34bf6a5
--- /dev/null
+++ b/packages/bind/bind-9.3.5-P1/so_bsdcompat.patch
@@ -0,0 +1,32 @@
+--- bind-9.3.5-P1/lib/isc/unix/socket.c.orig 2008-07-13 21:53:24.000000000 -0500
++++ bind-9.3.5-P1/lib/isc/unix/socket.c 2008-07-13 21:57:06.000000000 -0500
+@@ -1423,7 +1423,7 @@
+ {
+ isc_socket_t *sock = NULL;
+ isc_result_t ret;
+-#if defined(USE_CMSG) || defined(SO_BSDCOMPAT)
++#if defined(USE_CMSG)
+ int on = 1;
+ #endif
+ char strbuf[ISC_STRERRORSIZE];
+@@ -1514,7 +1514,7 @@
+ return (ISC_R_UNEXPECTED);
+ }
+
+-#ifdef SO_BSDCOMPAT
++/* #ifdef SO_BSDCOMPAT
+ RUNTIME_CHECK(isc_once_do(&bsdcompat_once,
+ clear_bsdcompat) == ISC_R_SUCCESS);
+ if (bsdcompat && setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT,
+@@ -1526,9 +1526,9 @@
+ isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
+ ISC_MSG_FAILED, "failed"),
+ strbuf);
+- /* Press on... */
++
+ }
+-#endif
++#endif */
+
+ #ifdef SO_NOSIGPIPE
+ if (setsockopt(sock->fd, SOL_SOCKET, SO_NOSIGPIPE,
diff --git a/packages/bind/bind_9.3.5-P1.bb b/packages/bind/bind_9.3.5-P1.bb
new file mode 100644
index 0000000000..a1dff5ceaf
--- /dev/null
+++ b/packages/bind/bind_9.3.5-P1.bb
@@ -0,0 +1,38 @@
+DESCRIPTION = "ISC Internet Domain Name Server"
+SECTION = "console/network"
+HOMEPAGE = "http://www.isc.org/sw/bind/"
+LICENSE = "BSD"
+PR = "r0"
+
+DEPENDS = "openssl"
+
+SRC_URI = "ftp://ftp.isc.org/isc/bind9/9.3.5-P1/bind-9.3.5-P1.tar.gz \
+ file://conf.patch;patch=1 \
+ file://configure.in.patch;patch=1 \
+ file://so_bsdcompat.patch;patch=1 \
+ "
+
+EXTRA_OECONF = " --enable-ipv6=no --with-randomdev=/dev/random --disable-threads --sysconfdir=/etc/bind --localstatedir=/var --prefix=/usr"
+inherit autotools update-rc.d
+
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+
+do_install_append() {
+ rm "${D}/usr/bin/nslookup"
+ install -d "${D}/etc/bind"
+ install -d "${D}/etc/init.d"
+ install -m 644 ${S}/conf/* "${D}/etc/bind"
+ install -m 755 "${S}/init.d" "${D}/etc/init.d/bind"
+}
+
+CONFFILES_${PN} = " \
+ ${sysconfdir}/bind/named.conf \
+ ${sysconfdir}/bind/named.conf.local \
+ ${sysconfdir}/bind/named.conf.options \
+ ${sysconfdir}/bind/db.0 \
+ ${sysconfdir}/bind/db.127 \
+ ${sysconfdir}/bind/db.empty \
+ ${sysconfdir}/bind/db.local \
+ ${sysconfdir}/bind/db.root \
+ "