diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-03-17 19:46:28 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-03-18 13:29:58 +0100 |
| commit | fcc29dbb4067b730b772bc4a050bd066c0a0c9cf (patch) | |
| tree | fe50e1ce0a222feac046ed805d54e42e7dba3c77 /patches/source/bind/caching-example | |
| parent | 44c9fcd8776c083b8de52d292b23aca6b99a59d4 (diff) | |
| download | current-fcc29dbb4067b730b772bc4a050bd066c0a0c9cf.tar.gz current-fcc29dbb4067b730b772bc4a050bd066c0a0c9cf.tar.xz | |
Thu Mar 17 19:46:28 UTC 202220220317194628_15.0
patches/packages/bind-9.18.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
An assertion could occur in resume_dslookup() if the fetch had been shut
down earlier.
Lookups involving a DNAME could trigger an INSIST when "synth-from-dnssec"
was enabled.
A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
to be called recursively, which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when out-of-order processing was
disabled.
The rules for acceptance of records into the cache have been tightened to
prevent the possibility of poisoning if forwarders send records outside
the configured bailiwick.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
(* Security fix *)
patches/packages/bluez-5.64-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release:
Fix issue with handling A2DP discover procedure.
Fix issue with media endpoint replies and SetConfiguration.
Fix issue with HoG queuing events before report map is read.
Fix issue with HoG and read order of GATT attributes.
Fix issue with HoG and not using UHID_CREATE2 interface.
Fix issue with failed scanning for 5 minutes after reboot.
patches/packages/openssl-1.1.1n-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a high severity security issue:
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli.
For more information, see:
https://www.openssl.org/news/secadv/20220315.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
(* Security fix *)
patches/packages/openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/qt5-5.15.3_20220312_33a3f16f-x86_64-1_slack15.0.txz: Upgraded.
Thanks to Heinz Wiesinger for updating the fetch_sources.sh script to make
sure that the QtWebEngine version matches the rest of Qt, which got the
latest git pull compiling again.
If a 32-bit userspace is detected, then:
export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
This works around crashes occuring with 32-bit QtWebEngine applications.
Thanks to alienBOB.
Diffstat (limited to 'patches/source/bind/caching-example')
| -rw-r--r-- | patches/source/bind/caching-example/localhost.zone | 11 | ||||
| -rw-r--r-- | patches/source/bind/caching-example/named.conf | 31 | ||||
| -rw-r--r-- | patches/source/bind/caching-example/named.local | 10 | ||||
| -rw-r--r-- | patches/source/bind/caching-example/named.root | 92 |
4 files changed, 144 insertions, 0 deletions
diff --git a/patches/source/bind/caching-example/localhost.zone b/patches/source/bind/caching-example/localhost.zone new file mode 100644 index 000000000..c47baf5f1 --- /dev/null +++ b/patches/source/bind/caching-example/localhost.zone @@ -0,0 +1,11 @@ +$TTL 86400 +$ORIGIN localhost. +@ 1D IN SOA @ root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + 1D IN NS @ + 1D IN A 127.0.0.1 diff --git a/patches/source/bind/caching-example/named.conf b/patches/source/bind/caching-example/named.conf new file mode 100644 index 000000000..a8ee2795f --- /dev/null +++ b/patches/source/bind/caching-example/named.conf @@ -0,0 +1,31 @@ +options { + directory "/var/named"; + /* + * If there is a firewall between you and nameservers you want + * to talk to, you might need to uncomment the query-source + * directive below. Previous versions of BIND always asked + * questions using port 53, but BIND 8.1 uses an unprivileged + * port by default. + */ + // query-source address * port 53; +}; + +// +// a caching only nameserver config +// +zone "." IN { + type hint; + file "caching-example/named.root"; +}; + +zone "localhost" IN { + type master; + file "caching-example/localhost.zone"; + allow-update { none; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "caching-example/named.local"; + allow-update { none; }; +}; diff --git a/patches/source/bind/caching-example/named.local b/patches/source/bind/caching-example/named.local new file mode 100644 index 000000000..8f40bcf36 --- /dev/null +++ b/patches/source/bind/caching-example/named.local @@ -0,0 +1,10 @@ +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 2011032500 ; Serial + 28800 ; Refresh + 14400 ; Retry + 3600000 ; Expire + 86400 ) ; Minimum + IN NS localhost. + +1 IN PTR localhost. diff --git a/patches/source/bind/caching-example/named.root b/patches/source/bind/caching-example/named.root new file mode 100644 index 000000000..dba9ed9ea --- /dev/null +++ b/patches/source/bind/caching-example/named.root @@ -0,0 +1,92 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: July 30, 2019 +; related version of root zone: 2019073000 +; +; FORMERLY NS.INTERNIC.NET +; +. 3600000 NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file
\ No newline at end of file |