diff options
author | Soumya Sambu <soumya.sambu@windriver.com> | 2024-03-11 16:39:52 +0800 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-03-16 08:33:21 -1000 |
commit | 92b6805f619f6c171d76188bdec901224b74e606 (patch) | |
tree | a4691789a3ab72e009ff5f5972b9ab7741598671 | |
parent | ed0ae8e15bcbf189ea55c07ce092f91dd5e109ad (diff) | |
download | poky-92b6805f619f6c171d76188bdec901224b74e606.tar.gz |
bind: Upgrade 9.18.21 -> 9.18.24
Changelog:
=========
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
- Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
- Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
9.18.22:
- Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
- Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
- Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
- Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
- Address race conditions in dns_tsigkey_find().
[GL #4182]
- Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
- Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
- Log more details about the cause of "not exact" errors.
[GL #4500]
- The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
- The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
- Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
- NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
(cherry-pick from Oe-Core rev d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)
(From OE-Core rev: 61fa2f52045b7a1553249c33263b5fd32444a305)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.24.bb (renamed from meta/recipes-connectivity/bind/bind_9.18.21.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.18.21.bb b/meta/recipes-connectivity/bind/bind_9.18.24.bb index f5fb4bd1e5..2874990320 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.21.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb | |||
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | |||
20 | file://0001-avoid-start-failure-with-bind-user.patch \ | 20 | file://0001-avoid-start-failure-with-bind-user.patch \ |
21 | " | 21 | " |
22 | 22 | ||
23 | SRC_URI[sha256sum] = "a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5" | 23 | SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66" |
24 | 24 | ||
25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" |
26 | # follow the ESV versions divisible by 2 | 26 | # follow the ESV versions divisible by 2 |