cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 07:28:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

bind: Update to version 9.11.3 and optionally support eddsa for dnssec

Browse Source 
EdDSA support is optional and currently defaults to being disabled.

The following security issues are addressed with this update:

  * An error in TSIG handling could permit unauthorized zone transfers
    or zone updates. These flaws are disclosed in CVE-2017-3142 and
    CVE-2017-3143.
  * The BIND installer on Windows used an unquoted service path, which
    can enable privilege escalation. This flaw is disclosed in
    CVE-2017-3141.
  * With certain RPZ configurations, a response with TTL 0 could cause
    named to go into an infinite query loop. This flaw is disclosed in
    CVE-2017-3140.
  * Addresses could be referenced after being freed during resolver
    processing, causing an assertion failure. The chances of this
    happening were remote, but the introduction of a delay in
    resolution increased them. This bug is disclosed in CVE-2017-3145.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This commit is contained in:
Noah Meyerhans
2018-06-13 17:25:38 -07:00
parent 996773d366
commit 037f1def7d
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/bind/Config.in
+10
View File
@@ -34,4 +34,14 @@ config BIND_LIBXML2
format. Building with libjson support will require the
libxml2 package to be installed as well.
config BIND_ENABLE_EDDSA
bool
default n
prompt "Include Edwards Curve DNSSEC signature support"
help
Enable BIND support for Edwards Curve DNSSEC signing algorithms
described in RFC 8080.
Note that this requires OpenSSL 1.1, which is not currently
the available in OpenWRT, so it is disabled by default.
endif