mirror of
https://github.com/openwrt/openwrt.git
synced 2025-02-07 03:29:36 +00:00
58d60bd283
CVE-2017-15107 An interesting problem has turned up in DNSSEC validation. It turns out that NSEC records expanded from wildcards are allowed, so a domain can include an NSEC record for *.example.org and an actual query reply could expand that to anything in example.org and still have it signed by the signature for the wildcard. So, for example !.example.org NSEC zz.example.org is fine. The problem is that most implementers (your author included, but also the Google public DNS people, powerdns and Unbound) then took that record to prove the nothing exists between !.example.org and zz.example.org, whereas in fact it only provides that proof between *.example.org and zz.example.org. This gives an attacker a way to prove that anything between !.example.org and *.example.org doesn't exists, when it may well do so. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This is the buildsystem for the LEDE Linux distribution. Please use "make menuconfig" to choose your preferred configuration for the toolchain and firmware. You need to have installed gcc, binutils, bzip2, flex, python, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers. Run "./scripts/feeds update -a" to get all the latest package definitions defined in feeds.conf / feeds.conf.default respectively and "./scripts/feeds install -a" to install symlinks of all of them into package/feeds/. Use "make menuconfig" to configure your image. Simply running "make" will build your firmware. It will download all sources, build the cross-compile toolchain, the kernel and all choosen applications. To build your own firmware you need to have access to a Linux, BSD or MacOSX system (case-sensitive filesystem required). Cygwin will not be supported because of the lack of case sensitiveness in the file system. Sunshine! Your LEDE Community http://www.lede-project.org