openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-22 06:04:31 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
f4f665c7dbfb6b3310366a4fa9682eb1758cc282
packages/net/bind/Config.in
Noah Meyerhans 037f1def7d bind: Update to version 9.11.3 and optionally support eddsa for dnssec 
EdDSA support is optional and currently defaults to being disabled.

The following security issues are addressed with this update:

  * An error in TSIG handling could permit unauthorized zone transfers
    or zone updates. These flaws are disclosed in CVE-2017-3142 and
    CVE-2017-3143.
  * The BIND installer on Windows used an unquoted service path, which
    can enable privilege escalation. This flaw is disclosed in
    CVE-2017-3141.
  * With certain RPZ configurations, a response with TTL 0 could cause
    named to go into an infinite query loop. This flaw is disclosed in
    CVE-2017-3140.
  * Addresses could be referenced after being freed during resolver
    processing, causing an assertion failure. The chances of this
    happening were remote, but the introduction of a delay in
    resolution increased them. This bug is disclosed in CVE-2017-3145.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2018-06-13 21:46:03 -07:00

48 lines
1.5 KiB
Plaintext
Raw Blame History

if PACKAGE_bind-server
config BIND_ENABLE_FILTER_AAAA
bool
default y
prompt "Enable filtering of AAAA records returned to the client"
help
BIND 9 has an option to filter AAAA (IPv6 address) records
returned to the client based on the transport used for the
query, and other filtering conditions. This filtering does
not affect the recursive queries made by the server (if
any) as a result of the client request.
Additional details are available at
https://kb.isc.org/article/AA-00576/0/Filter-AAAA-option-in-BIND-9-.html
config BIND_LIBJSON
bool
default n
prompt "Include libjson support in bind-server"
help
BIND 9 supports reporting statistics about usage. libjson
is required to report server statistics in JSON format.
Building with libjson support will require the libjson-c
package to be installed as well.
config BIND_LIBXML2
bool
default n
prompt "Include libxml2 support in bind-server"
help
BIND 9 supports reporting statistics about usage.
libxml2 is required to report server statistics in XML
format. Building with libjson support will require the
libxml2 package to be installed as well.
config BIND_ENABLE_EDDSA
bool
default n
prompt "Include Edwards Curve DNSSEC signature support"
help
Enable BIND support for Edwards Curve DNSSEC signing algorithms
described in RFC 8080.
Note that this requires OpenSSL 1.1, which is not currently
the available in OpenWRT, so it is disabled by default.
endif
Reference in New Issue View Git Blame Copy Permalink