Mirror of packages feed https://git.openwrt.org/feed/packages/atom?h=master 2026-03-31T11:42:09Z 2026-03-31T11:42:09Z Noah Meyerhans 2026-03-28T15:31:50Z urn:sha1:d6d7d2325aac8ed2680470e3b56b2dca830efb53 Fixes several security issues: - CVE-2026-1519 Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. - CVE-2026-3104 Fix memory leaks in code preparing DNSSEC proofs of non-existence. - CVE-2026-3119 Prevent a crash in code processing queries containing a TKEY record. - CVE-2026-3591 Fix a stack use-after-return flaw in SIG(0) handling code. Signed-off-by: Noah Meyerhans <frodo@morgul.net> 2026-02-01T14:01:50Z Philip Prindeville 2025-12-10T21:50:48Z urn:sha1:505ca0a0d4b6949f4ebedf0b0c31c18eeebf521c The RFC-1918 zones are automatically synthesized locally by bind to avoid forwarding queries about them to root nameservers. As a result, we can't easily replace them with rndc addzone on the fly. We need this for DHCP integration. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> 2021-04-29T19:39:46Z Noah Meyerhans 2021-04-29T16:05:26Z urn:sha1:ccb1e8923e6e0269e2443c37362b2b27c121d956 Fixes the following security issues: * CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. * CVE-2021-25214 - Insufficient IXFR checks could result in named serving a zone without an SOA record at the apex, leading to a RUNTIME_CHECK assertion failure when the zone was subsequently refreshed. This has been fixed by adding an owner name check for all SOA records which are included in a zone transfer. Signed-off-by: Noah Meyerhans <frodo@morgul.net> 2021-03-22T03:38:25Z Rosen Penev 2021-03-20T22:21:51Z urn:sha1:dd64cb713bc3d08b94b544d95dd22151f0e71394 Backport upstream OpenSSL deprecated API patch. Signed-off-by: Rosen Penev <rosenp@gmail.com> 2021-01-29T17:10:31Z Noah Meyerhans 2021-01-25T05:23:10Z urn:sha1:437e131fe0814a98415592b6275677c7e5b5d255 Drop obsolete patches - 001-no-tests.patch - 002-fix-cross-compilation.patch Move several user-executable binaries from /usr/sbin to /usr/bin per upstream. Signed-off-by: Noah Meyerhans <frodo@morgul.net> 2020-10-31T13:39:05Z Josef Schlehofer 2020-10-31T12:50:16Z urn:sha1:d442033941b9aa7c9086305099ed6111b86a2bcf - DNS Flag Day 2020 (default EDNS buffer size changed from 4096 to 1232 bytes) -- Added patch, which should be part of the next release It fixes an issue while cross-compilation (I linked it in the commit message with issue link) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> 2019-06-26T23:25:44Z Deng Qingfang 2019-06-26T10:14:19Z urn:sha1:868f29d4ee61205e65994f67f23a02198a9dea33 Fixed CVE-2019-6471 ChangeLog: https://ftp.isc.org/isc/bind9/9.14.3/CHANGES Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> 2019-05-18T16:16:41Z Deng Qingfang 2019-05-16T15:43:51Z urn:sha1:cc66a24a4e1010439254751e415cc42566fed01a BIND now requires POSIX thread and IPv6 support to build Add filter-AAAA plugin Remove unrecognized options Remove patch that no longer needed - 002-autoconf-ar-fix.patch Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> 2019-02-03T20:25:52Z Deng Qingfang 2019-01-23T16:21:10Z urn:sha1:4f41588c299a358f969660425908c946e92b15ee Refresh patches Remove --enable-static and --enable-dynamic because they're enabled by default Enable parallel compilation Fix compile without IPv6 Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> 2018-10-29T15:36:37Z Noah Meyerhans 2018-10-28T22:39:38Z urn:sha1:f9fbc75557131a50d9558e7b9e89f35b48bbccca This includes the fix for CVE-2018-5738: When recursion is enabled but the allow-recursion and allow-query-cache ACLs are not specified, they should be limited to local networks, but they were inadvertently set to match the default allow-query, thus allowing remote queries. Signed-off-by: Noah Meyerhans <frodo@morgul.net>