diff options
| author | Siddharth Doshi <sdoshi@mvista.com> | 2023-06-27 12:02:00 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-06-28 07:56:33 +0100 |
| commit | 0745cb1cb3d480829ce81645f89d10b37e91e063 (patch) | |
| tree | 8f5ec2f5774298ec4e75f87c4e47538f56000816 | |
| parent | c14fb8602e1d29cef49a4a39e3946692378f55f6 (diff) | |
| download | poky-0745cb1cb3d480829ce81645f89d10b37e91e063.tar.gz | |
bind: Upgrade 9.18.15 -> 9.18.16
- Remove configure options no longer supported online.
Changelog:
=========
[security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
[security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
[performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
[bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
[func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
[bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
[cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
[func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
[bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
[bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
[test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
[bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
[bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
[bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
[bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
(From OE-Core rev: 77d2fa5ac1f394fba2b8e24f2b6ded6ea6b691b4)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/bind9 (renamed from meta/recipes-connectivity/bind/bind-9.18.15/bind9) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/conf.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.15/conf.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh (renamed from meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.16/named.service (renamed from meta/recipes-connectivity/bind/bind-9.18.15/named.service) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.16.bb (renamed from meta/recipes-connectivity/bind/bind_9.18.15.bb) | 4 |
10 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/bind9 b/meta/recipes-connectivity/bind/bind-9.18.16/bind9 index 968679ff7f..968679ff7f 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/bind9 +++ b/meta/recipes-connectivity/bind/bind-9.18.16/bind9 | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch index aa3642acec..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/named.service b/meta/recipes-connectivity/bind/bind-9.18.16/named.service index cda56ef015..cda56ef015 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.15/named.service +++ b/meta/recipes-connectivity/bind/bind-9.18.16/named.service | |||
diff --git a/meta/recipes-connectivity/bind/bind_9.18.15.bb b/meta/recipes-connectivity/bind/bind_9.18.16.bb index 80164aad87..1b1649566a 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.15.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.16.bb | |||
| @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | |||
| 20 | file://0001-avoid-start-failure-with-bind-user.patch \ | 20 | file://0001-avoid-start-failure-with-bind-user.patch \ |
| 21 | " | 21 | " |
| 22 | 22 | ||
| 23 | SRC_URI[sha256sum] = "28ae8db14862801bc2bd4fd820db00667d3f1ff9ae9cc2d06a0ef7810fed7a4e" | 23 | SRC_URI[sha256sum] = "c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775" |
| 24 | 24 | ||
| 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" |
| 26 | # follow the ESV versions divisible by 2 | 26 | # follow the ESV versions divisible by 2 |
| @@ -39,7 +39,7 @@ PACKAGECONFIG[readline] = "--with-readline=readline,,readline" | |||
| 39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" | 39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" |
| 40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" | 40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" |
| 41 | 41 | ||
| 42 | EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \ | 42 | EXTRA_OECONF = " --disable-auto-validation \ |
| 43 | --with-gssapi=no --with-lmdb=no --with-zlib \ | 43 | --with-gssapi=no --with-lmdb=no --with-zlib \ |
| 44 | --sysconfdir=${sysconfdir}/bind \ | 44 | --sysconfdir=${sysconfdir}/bind \ |
| 45 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ | 45 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ |