bind: Upgrade 9.18.15 -> 9.18.16

- Remove configure options no longer supported online.

Changelog:
=========
[security]	A query that prioritizes stale data over lookup
		triggers a fetch to refresh the stale data in cache.
		If the fetch is aborted for exceeding the recursion
		quota, it was possible for 'named' to enter an infinite
		callback loop and crash due to stack overflow. This has
		been fixed. (CVE-2023-2911) [GL #4089]

[security]	Improve the overmem cleaning process to prevent the
		cache going over the configured limit. (CVE-2023-2828)
		[GL #4055]

[performance]	Reduce memory consumption by allocating properly
		sized send buffers for stream-based transports.
		[GL #4038]

[bug]		Fix a 'clients-per-query' miscalculation bug. When the
		'stale-answer-enable' options was enabled and the
		'stale-answer-client-timeout' option was enabled and
		larger than 0, named was taking two places from the
		'clients-per-query' limit for each client and was
		failing to gradually auto-tune its value, as configured.
		[GL #4074]

[func]		Add "ClientQuota" statistics channel counter, which
		indicates the number of the resolver's spilled queries
		due to reaching the clients per query quota. [GL !7978]

[bug]		Fix a serve-stale bug where a delegation from cache
		could be returned to the client. [GL #3950]

[cleanup]	Remove configure checks for epoll, kqueue and
		/dev/poll. [GL #4098]

[func]		The "tkey-dhkey" option has been deprecated; a
		warning will be logged when it is used. In a future
		release, Diffie-Hellman TKEY mode will be removed.
		[GL #3905]

[bug]		The session key object could be incorrectly added
		to multiple different views' keyrings. [GL #4079]

[bug]		Fix an interfacemgr use-after-free error in
		zoneconf.c:isself(). [GL #3765]

[test]		Add support for using pytest & pytest-xdist to
		execute the system test suite. [GL #3978]

[bug]		BIND could get stuck on reconfiguration when a
		'listen' statement for HTTP is removed from the
		configuration. That has been fixed. [GL #4071]

[bug]		Properly process extra "nameserver" lines in
		resolv.conf otherwise the next line is not properly
		processed. [GL #4066]

[bug]		named could crash when deleting inline-signing zones
		with "rndc delzone". [GL #4054]

[bug]		Fix a logic error in dighost.c which could call the
		dighost_shutdown() callback twice and cause problems
		if the callback function was not idempotent. [GL #4039]

(From OE-Core rev: 77d2fa5ac1f394fba2b8e24f2b6ded6ea6b691b4)

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 113 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/bind/bind_9.18.16.bb b/meta/recipes-connectivity/bind/bind_9.18.16.bb
new file mode 100644
index 0000000000..1b1649566a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind_9.18.16.bb
@@ -0,0 +1,113 @@
+SUMMARY = "ISC Internet Domain Name Server"
+HOMEPAGE = "https://www.isc.org/bind/"
+DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
+SECTION = "console/network"
+
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d8cf7bd9c4fd5471a588e7e66e672408"
+
+DEPENDS = "openssl libcap zlib libuv"
+
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
+           file://conf.patch \
+           file://named.service \
+           file://bind9 \
+           file://generate-rndc-key.sh \
+           file://make-etc-initd-bind-stop-work.patch \
+           file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
+           file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
+           file://0001-avoid-start-failure-with-bind-user.patch \
+           "
+
+SRC_URI[sha256sum] = "c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775"
+
+UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
+# follow the ESV versions divisible by 2
+UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
+
+# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
+# so the issue doesn't affect us.
+CVE_CHECK_IGNORE += "CVE-2019-6470"
+
+inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
+
+# PACKAGECONFIGs readline and libedit should NOT be set at same time
+PACKAGECONFIG ?= "readline"
+PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
+PACKAGECONFIG[readline] = "--with-readline=readline,,readline"
+PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
+PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
+
+EXTRA_OECONF = " --disable-auto-validation \
+                 --with-gssapi=no --with-lmdb=no --with-zlib \
+                 --sysconfdir=${sysconfdir}/bind \
+                 --with-openssl=${STAGING_DIR_HOST}${prefix} \
+               "
+LDFLAGS:append = " -lz"
+
+# dhcp needs .la so keep them
+REMOVE_LIBTOOL_LA = "0"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
+                       --user-group bind"
+
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE:${PN} = "named.service"
+
+do_install:append() {
+
+        install -d -o bind "${D}${localstatedir}/cache/bind"
+        install -d "${D}${sysconfdir}/bind"
+        install -d "${D}${sysconfdir}/init.d"
+        install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
+        install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+
+        # Install systemd related files
+        install -d ${D}${sbindir}
+        install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
+        install -d ${D}${systemd_system_unitdir}
+        install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir}
+        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+               -e 's,@SBINDIR@,${sbindir},g' \
+               ${D}${systemd_system_unitdir}/named.service
+
+        install -d ${D}${sysconfdir}/default
+        install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/tmpfiles.d
+                echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
+        fi
+}
+
+CONFFILES:${PN} = " \
+        ${sysconfdir}/bind/named.conf \
+        ${sysconfdir}/bind/named.conf.local \
+        ${sysconfdir}/bind/named.conf.options \
+        ${sysconfdir}/bind/db.0 \
+        ${sysconfdir}/bind/db.127 \
+        ${sysconfdir}/bind/db.empty \
+        ${sysconfdir}/bind/db.local \
+        ${sysconfdir}/bind/db.root \
+        "
+
+ALTERNATIVE:${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
+PACKAGE_BEFORE_PN += "${PN}-utils"
+FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
+FILES:${PN}-dev += "${bindir}/isc-config.h"
+FILES:${PN} += "${sbindir}/generate-rndc-key.sh"
+
+PACKAGE_BEFORE_PN += "${PN}-libs"
+# special arrangement below due to
+# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88
+FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so"
+FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so"
+
+DEV_PKG_DEPENDENCY = ""