Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/bind/Makefile
Noah Meyerhans cf61f7f8ef bind: New upstream version 9.16.6 
Several security issures are addressed:

 - CVE-2020-8620 It was possible to trigger an assertion failure by sending
   a specially crafted large TCP DNS message.
 - CVE-2020-8621 named could crash after failing an assertion check in
   certain query resolution scenarios where QNAME minimization and
   forwarding were both enabled. To prevent such crashes, QNAME minimization is
   now always disabled for a given query resolution process, if forwarders are
   used at any point.
 - CVE-2020-8622 It was possible to trigger an assertion failure when
   verifying the response to a TSIG-signed request.
 - CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
   was possible to trigger an assertion failure in code determining the
   number of bits in the PKCS#11 RSA public key with a specially crafted
   packet.
 - CVE-2020-8624 update-policy rules of type subdomain were incorrectly
   treated as zonesub rules, which allowed keys used in subdomain rules to
   update names outside of the specified subdomains. The problem was fixed by
   making sure subdomain rules are again processed as described in the ARM.

Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2020-08-23 19:58:34 -07:00

260 lines
6.3 KiB
Makefile
Raw Blame History

#
# Copyright (C) 2006-2012 OpenWrt.org
# 2014-2020 Noah Meyerhans <frodo@morgul.net>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=bind
PKG_VERSION:=9.16.6
PKG_RELEASE:=1
USERID:=bind=57:bind=57
PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
PKG_LICENSE:=MPL-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:isc:bind
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:= \
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
PKG_HASH:=b567b0f3b47dd03b345a4848af7f2acdd3f5cea2bd804edd85d9ef50743571cb
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
PKG_INSTALL:=1
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1
PKG_CONFIG_DEPENDS := \
CONFIG_BIND_LIBJSON \
CONFIG_BIND_LIBXML2
PKG_BUILD_DEPENDS += BIND_LIBXML2:libxml2 BIND_LIBJSON:libjson-c
include $(INCLUDE_DIR)/package.mk
define Package/bind/Default
SECTION:=net
CATEGORY:=Network
DEPENDS:=+bind-libs +@OPENSSL_WITH_EC
TITLE:=bind
URL:=https://www.isc.org/software/bind
SUBMENU:=IP Addresses and Names
endef
define Package/bind-libs
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+libopenssl +zlib +libpthread +libatomic +libuv \
+BIND_LIBXML2:libxml2 +BIND_LIBJSON:libjson-c
TITLE:=bind shared libraries
URL:=https://www.isc.org/software/bind
endef
define Package/bind-server
$(call Package/bind/Default)
TITLE+= DNS server
endef
define Package/bind-server/config
source "$(SOURCE)/Config.in"
endef
define Package/bind-server-filter-aaaa
$(call Package/bind-server)
DEPENDS:=bind-server
TITLE+= filter AAAA plugin
endef
define Package/bind-client
$(call Package/bind/Default)
TITLE+= dynamic DNS client
endef
define Package/bind-tools
$(call Package/bind/Default)
TITLE+= administration tools (all)
DEPENDS:= \
+bind-check \
+bind-dig \
+bind-nslookup \
+bind-dnssec \
+bind-host \
+bind-rndc
endef
define Package/bind-rndc
$(call Package/bind/Default)
TITLE+= administration tools (rndc and rndc-confgen only)
endef
define Package/bind-check
$(call Package/bind/Default)
TITLE+= administration tools (named-checkconf and named-checkzone only)
endef
define Package/bind-dnssec
$(call Package/bind/Default)
TITLE+= administration tools (dnssec-keygen, dnssec-settime and dnssec-signzone only)
endef
define Package/bind-host
$(call Package/bind/Default)
TITLE+= simple DNS client
endef
define Package/bind-dig
$(call Package/bind/Default)
TITLE+= DNS excavation tool
endef
define Package/bind-nslookup
$(call Package/bind/Default)
TITLE+= nslookup utility
ALTERNATIVES:= \
200:/usr/bin/nslookup:/usr/libexec/nslookup-bind
endef
export BUILD_CC="$(TARGET_CC)"
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
CONFIGURE_ARGS += \
--disable-linux-caps \
--with-openssl="$(STAGING_DIR)/usr" \
--with-libtool \
--without-lmdb \
--enable-epoll \
--without-gssapi \
--without-readline \
--without-python \
--sysconfdir=/etc/bind
ifdef CONFIG_BIND_LIBJSON
TARGET_CFLAGS += -DHAVE_JSON_C -UHAVE_JSON
CONFIGURE_ARGS += \
--with-json-c=yes
else
CONFIGURE_ARGS += \
--with-json-c=no
endif
ifdef CONFIG_BIND_LIBXML2
CONFIGURE_ARGS += \
--with-libxml2=yes
else
CONFIGURE_ARGS += \
--with-libxml2=no
endif
CONFIGURE_VARS += \
BUILD_CC="$(TARGET_CC)" \
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR)/lib/dns \
BUILD_CC="$(HOSTCC)" \
CC="$(HOSTCC)" \
CFLAGS="-O2" \
LIBS="" \
gen
$(call Build/Compile/Default)
endef
define Package/bind-libs/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib
endef
define Package/bind-server/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/named $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/bind
$(CP) \
./files/bind/db.0 \
./files/bind/db.127 \
./files/bind/db.255 \
./files/bind/db.local \
./files/bind/db.root \
./files/bind/bind.keys \
$(1)/etc/bind/
$(CP) ./files/bind/named.conf.example $(1)/etc/bind/named.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/named.init $(1)/etc/init.d/named
find $(1)/etc/bind/ -name ".svn" | xargs rm -rf
endef
define Package/bind-server/conffiles
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.local
/etc/bind/db.root
/etc/bind/named.conf
endef
define Package/bind-server-filter-aaaa/install
$(INSTALL_DIR) $(1)/usr/lib/named
$(CP) $(PKG_INSTALL_DIR)/usr/lib/named/filter-aaaa.so $(1)/usr/lib/named
endef
define Package/bind-client/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nsupdate $(1)/usr/bin/
endef
define Package/bind-tools/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/delv $(1)/usr/bin/
endef
define Package/bind-rndc/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rndc $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rndc-confgen $(1)/usr/sbin/
endef
define Package/bind-check/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/named-checkconf $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/named-checkzone $(1)/usr/sbin/
endef
define Package/bind-dnssec/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dnssec-keygen $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dnssec-settime $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dnssec-signzone $(1)/usr/sbin/
endef
define Package/bind-host/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/host $(1)/usr/bin/
endef
define Package/bind-dig/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/dig $(1)/usr/bin/
endef
define Package/bind-nslookup/install
$(INSTALL_DIR) $(1)/usr/libexec
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nslookup $(1)/usr/libexec/nslookup-bind
endef
$(eval $(call BuildPackage,bind-libs))
$(eval $(call BuildPackage,bind-server))
$(eval $(call BuildPackage,bind-server-filter-aaaa))
$(eval $(call BuildPackage,bind-client))
$(eval $(call BuildPackage,bind-tools))
$(eval $(call BuildPackage,bind-rndc))
$(eval $(call BuildPackage,bind-check))
$(eval $(call BuildPackage,bind-dnssec))
$(eval $(call BuildPackage,bind-host))
$(eval $(call BuildPackage,bind-dig))
$(eval $(call BuildPackage,bind-nslookup))
Reference in a new issue View git blame Copy permalink