diff options
author | Soumya Sambu <soumya.sambu@windriver.com> | 2024-02-23 06:19:12 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-02-24 16:10:23 +0000 |
commit | 9efcdbc0ae86750795e61c55e017563aee9dc6ef (patch) | |
tree | b1dceb83dd18cb0d332407463c4357543a113203 /meta/recipes-connectivity/bind/bind_9.18.24.bb | |
parent | ee014ca524642c02295af505f6d02f538769ebc1 (diff) | |
download | poky-9efcdbc0ae86750795e61c55e017563aee9dc6ef.tar.gz |
bind: Upgrade 9.18.21 -> 9.18.24
Changelog:
=========
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
- Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
- Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
9.18.22:
- Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
- Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
- Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
- Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
- Address race conditions in dns_tsigkey_find().
[GL #4182]
- Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
- Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
- Log more details about the cause of "not exact" errors.
[GL #4500]
- The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
- The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
- Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
- NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
(From OE-Core rev: d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind_9.18.24.bb')
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.24.bb | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.18.24.bb b/meta/recipes-connectivity/bind/bind_9.18.24.bb new file mode 100644 index 0000000000..2874990320 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb | |||
@@ -0,0 +1,113 @@ | |||
1 | SUMMARY = "ISC Internet Domain Name Server" | ||
2 | HOMEPAGE = "https://www.isc.org/bind/" | ||
3 | DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" | ||
4 | SECTION = "console/network" | ||
5 | |||
6 | LICENSE = "MPL-2.0" | ||
7 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" | ||
8 | |||
9 | DEPENDS = "openssl libcap zlib libuv" | ||
10 | |||
11 | SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | ||
12 | file://conf.patch \ | ||
13 | file://named.service \ | ||
14 | file://bind9 \ | ||
15 | file://generate-rndc-key.sh \ | ||
16 | file://make-etc-initd-bind-stop-work.patch \ | ||
17 | file://init.d-add-support-for-read-only-rootfs.patch \ | ||
18 | file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ | ||
19 | file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ | ||
20 | file://0001-avoid-start-failure-with-bind-user.patch \ | ||
21 | " | ||
22 | |||
23 | SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66" | ||
24 | |||
25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | ||
26 | # follow the ESV versions divisible by 2 | ||
27 | UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" | ||
28 | |||
29 | # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore | ||
30 | # so the issue doesn't affect us. | ||
31 | CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." | ||
32 | |||
33 | inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives | ||
34 | |||
35 | # PACKAGECONFIGs readline and libedit should NOT be set at same time | ||
36 | PACKAGECONFIG ?= "readline" | ||
37 | PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" | ||
38 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline" | ||
39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" | ||
40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" | ||
41 | |||
42 | EXTRA_OECONF = " --disable-auto-validation \ | ||
43 | --with-gssapi=no --with-lmdb=no --with-zlib \ | ||
44 | --sysconfdir=${sysconfdir}/bind \ | ||
45 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ | ||
46 | " | ||
47 | LDFLAGS:append = " -lz" | ||
48 | |||
49 | # dhcp needs .la so keep them | ||
50 | REMOVE_LIBTOOL_LA = "0" | ||
51 | |||
52 | USERADD_PACKAGES = "${PN}" | ||
53 | USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ | ||
54 | --user-group bind" | ||
55 | |||
56 | INITSCRIPT_NAME = "bind" | ||
57 | INITSCRIPT_PARAMS = "defaults" | ||
58 | |||
59 | SYSTEMD_SERVICE:${PN} = "named.service" | ||
60 | |||
61 | do_install:append() { | ||
62 | |||
63 | install -d -o bind "${D}${localstatedir}/cache/bind" | ||
64 | install -d "${D}${sysconfdir}/bind" | ||
65 | install -d "${D}${sysconfdir}/init.d" | ||
66 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" | ||
67 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" | ||
68 | |||
69 | # Install systemd related files | ||
70 | install -d ${D}${sbindir} | ||
71 | install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} | ||
72 | install -d ${D}${systemd_system_unitdir} | ||
73 | install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} | ||
74 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
75 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
76 | ${D}${systemd_system_unitdir}/named.service | ||
77 | |||
78 | install -d ${D}${sysconfdir}/default | ||
79 | install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default | ||
80 | |||
81 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
82 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
83 | echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf | ||
84 | fi | ||
85 | } | ||
86 | |||
87 | CONFFILES:${PN} = " \ | ||
88 | ${sysconfdir}/bind/named.conf \ | ||
89 | ${sysconfdir}/bind/named.conf.local \ | ||
90 | ${sysconfdir}/bind/named.conf.options \ | ||
91 | ${sysconfdir}/bind/db.0 \ | ||
92 | ${sysconfdir}/bind/db.127 \ | ||
93 | ${sysconfdir}/bind/db.empty \ | ||
94 | ${sysconfdir}/bind/db.local \ | ||
95 | ${sysconfdir}/bind/db.root \ | ||
96 | " | ||
97 | |||
98 | ALTERNATIVE:${PN}-utils = "nslookup" | ||
99 | ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" | ||
100 | ALTERNATIVE_PRIORITY = "100" | ||
101 | |||
102 | PACKAGE_BEFORE_PN += "${PN}-utils" | ||
103 | FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" | ||
104 | FILES:${PN}-dev += "${bindir}/isc-config.h" | ||
105 | FILES:${PN} += "${sbindir}/generate-rndc-key.sh" | ||
106 | |||
107 | PACKAGE_BEFORE_PN += "${PN}-libs" | ||
108 | # special arrangement below due to | ||
109 | # https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 | ||
110 | FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" | ||
111 | FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" | ||
112 | |||
113 | DEV_PKG_DEPENDENCY = "" | ||