diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-11-03 12:54:48 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-07 13:25:31 +0000 |
commit | f5aa5aaa32ae14780ec35ecb13a2bbb244c5c207 (patch) | |
tree | d2b01e2455dcc2f51121e8bc1f86eb4de698bf49 /meta/recipes-connectivity/bind/bind_9.10.6.bb | |
parent | 92f46eaa44450ce48f4cd20a52a9f5118b40fabe (diff) | |
download | poky-f5aa5aaa32ae14780ec35ecb13a2bbb244c5c207.tar.gz |
bind: update to 9.10.6
Security Fixes
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143. [RT #45383]
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141. [RT #45229]
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140. [RT #45181]
End of Life
The end of life for BIND 9.10 is yet to be determined but will not be
before BIND 9.12.0 has been released for 6 months.
https://www.isc.org/downloads/software-support-policy/
more info see https://lists.isc.org/pipermail/bind-announce/2017-July/001063.html
(From OE-Core rev: 96e9adb60320b2e2f0bb7a04d9ed49ddc53649bb)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind_9.10.6.bb')
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.10.6.bb | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.10.6.bb b/meta/recipes-connectivity/bind/bind_9.10.6.bb new file mode 100644 index 0000000000..7a35390a63 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.10.6.bb | |||
@@ -0,0 +1,120 @@ | |||
1 | SUMMARY = "ISC Internet Domain Name Server" | ||
2 | HOMEPAGE = "http://www.isc.org/sw/bind/" | ||
3 | SECTION = "console/network" | ||
4 | |||
5 | LICENSE = "ISC & BSD" | ||
6 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43" | ||
7 | |||
8 | DEPENDS = "openssl libcap" | ||
9 | |||
10 | SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ | ||
11 | file://conf.patch \ | ||
12 | file://make-etc-initd-bind-stop-work.patch \ | ||
13 | file://dont-test-on-host.patch \ | ||
14 | file://generate-rndc-key.sh \ | ||
15 | file://named.service \ | ||
16 | file://bind9 \ | ||
17 | file://init.d-add-support-for-read-only-rootfs.patch \ | ||
18 | file://bind-confgen-build-unix.o-once.patch \ | ||
19 | file://0001-build-use-pkg-config-to-find-libxml2.patch \ | ||
20 | file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ | ||
21 | file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ | ||
22 | file://0001-lib-dns-gen.c-fix-too-long-error.patch \ | ||
23 | file://use-python3-and-fix-install-lib-path.patch \ | ||
24 | " | ||
25 | |||
26 | SRC_URI[md5sum] = "84e663284b17aee0df1ce6f248b137d7" | ||
27 | SRC_URI[sha256sum] = "17bbcd2bd7b1d32f5ba4b30d5dbe8a39bce200079048073d1e0d050fdf47e69d" | ||
28 | |||
29 | UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/bind9/" | ||
30 | UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/" | ||
31 | |||
32 | |||
33 | ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" | ||
34 | EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ | ||
35 | --disable-devpoll --enable-epoll --with-gost=no \ | ||
36 | --with-gssapi=no --with-ecdsa=yes \ | ||
37 | --sysconfdir=${sysconfdir}/bind \ | ||
38 | --with-openssl=${STAGING_LIBDIR}/.. \ | ||
39 | " | ||
40 | |||
41 | inherit autotools update-rc.d systemd useradd pkgconfig python3-dir | ||
42 | |||
43 | export PYTHON_SITEPACKAGES_DIR | ||
44 | |||
45 | # PACKAGECONFIGs readline and libedit should NOT be set at same time | ||
46 | PACKAGECONFIG ?= "readline" | ||
47 | PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" | ||
48 | PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" | ||
49 | PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" | ||
50 | PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," | ||
51 | |||
52 | USERADD_PACKAGES = "${PN}" | ||
53 | USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ | ||
54 | --user-group bind" | ||
55 | |||
56 | INITSCRIPT_NAME = "bind" | ||
57 | INITSCRIPT_PARAMS = "defaults" | ||
58 | |||
59 | SYSTEMD_SERVICE_${PN} = "named.service" | ||
60 | |||
61 | PARALLEL_MAKE = "" | ||
62 | |||
63 | RDEPENDS_${PN} = "python3-core" | ||
64 | RDEPENDS_${PN}-dev = "" | ||
65 | |||
66 | PACKAGE_BEFORE_PN += "${PN}-utils" | ||
67 | FILES_${PN}-utils = "${bindir}/host ${bindir}/dig" | ||
68 | FILES_${PN}-dev += "${bindir}/isc-config.h" | ||
69 | FILES_${PN} += "${sbindir}/generate-rndc-key.sh ${PYTHON_SITEPACKAGES_DIR}" | ||
70 | |||
71 | do_install_prepend() { | ||
72 | # clean host path in isc-config.sh before the hardlink created | ||
73 | # by "make install": | ||
74 | # bind9-config -> isc-config.sh | ||
75 | sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh | ||
76 | } | ||
77 | |||
78 | do_install_append() { | ||
79 | rm "${D}${bindir}/nslookup" | ||
80 | rm "${D}${mandir}/man1/nslookup.1" | ||
81 | rmdir "${D}${localstatedir}/run" | ||
82 | rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" | ||
83 | install -d -o bind "${D}${localstatedir}/cache/bind" | ||
84 | install -d "${D}${sysconfdir}/bind" | ||
85 | install -d "${D}${sysconfdir}/init.d" | ||
86 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" | ||
87 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" | ||
88 | sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds | ||
89 | |||
90 | # Install systemd related files | ||
91 | install -d ${D}${sbindir} | ||
92 | install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} | ||
93 | install -d ${D}${systemd_unitdir}/system | ||
94 | install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system | ||
95 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
96 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
97 | ${D}${systemd_unitdir}/system/named.service | ||
98 | |||
99 | install -d ${D}${sysconfdir}/default | ||
100 | install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default | ||
101 | |||
102 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
103 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
104 | echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf | ||
105 | fi | ||
106 | |||
107 | rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/isc/*.pyc | ||
108 | } | ||
109 | |||
110 | CONFFILES_${PN} = " \ | ||
111 | ${sysconfdir}/bind/named.conf \ | ||
112 | ${sysconfdir}/bind/named.conf.local \ | ||
113 | ${sysconfdir}/bind/named.conf.options \ | ||
114 | ${sysconfdir}/bind/db.0 \ | ||
115 | ${sysconfdir}/bind/db.127 \ | ||
116 | ${sysconfdir}/bind/db.empty \ | ||
117 | ${sysconfdir}/bind/db.local \ | ||
118 | ${sysconfdir}/bind/db.root \ | ||
119 | " | ||
120 | |||