diff options
author | Wang Mingyu <wangmy@fujitsu.com> | 2024-04-24 16:41:55 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-04-25 10:06:02 +0100 |
commit | 0dbf873a5c07a4a702e113ba714c78ca9b924910 (patch) | |
tree | 07116f95f24e250ebffcb5ce6b5eb58cb0552f2e /meta/recipes-connectivity/bind/bind_9.18.26.bb | |
parent | ecaf4e14b36550dbd2113f63d7975e8ea2a85892 (diff) | |
download | poky-0dbf873a5c07a4a702e113ba714c78ca9b924910.tar.gz |
bind: upgrade 9.18.25 -> 9.18.26
Changelog:
============
- Add RESOLVER.ARPA to the built in empty zones.
- dig/mdig +ednsflags=<non-zero-value> did not re-enable
EDNS if it had been disabled.
- Some invalid ISO 8601 durations were accepted
erroneously.
- Don't return static-stub synthesised NS RRset.
- Fix bug in Depends (keymgr_dep) function.
- Support for the RESINFO record type has been added.
- Cleaned up several minor bugs in the RBTDB dbiterator
implementation.
- Added missing dns_rdataset_disassociate calls in
validator.c:findnsec3proofs.
- Fix incorrectly reported errors when running tests
with `make test` on platforms with older pytest.
- Optimize slabheader placement, so the infrastructure
records are put in the beginning of the slabheader
linked list.
- Improve ARM parental-agents definition.
- Fix the DNS_GETDB_STALEFIRST flag, which was defined
incorrectly in lib/ns/query.c.
- Update ZSK minimum lifetime documentation in ARM, also
depends on signing delay.
- Add workaround to enforce dynamic linker to pull
jemalloc earlier than libc to ensure all memory
allocations are done via jemalloc.
- Changes to "listen-on" statements were ignored on
reconfiguration unless the port or interface address was
changed, making it impossible to change a related
listener transport type. Thanks to Thomas Amgarten.
- Expose the TCP client count in statistics channel.
- Fix a possible crash in 'dig +nssearch +nofail' and
'host -C' commands when one of the name servers returns
SERVFAIL.
- When dnssec-policy is in effect the DNSKEY's TTLs in
the zone where not being updated to match the policy.
This lead to failures when DNSKEYs where updated as the
TTLs mismatched.
(From OE-Core rev: 9dc097f240c5ab7703179f480f538be8e21defce)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind_9.18.26.bb')
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.26.bb | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.18.26.bb b/meta/recipes-connectivity/bind/bind_9.18.26.bb new file mode 100644 index 0000000000..2784f3bdd9 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.18.26.bb | |||
@@ -0,0 +1,113 @@ | |||
1 | SUMMARY = "ISC Internet Domain Name Server" | ||
2 | HOMEPAGE = "https://www.isc.org/bind/" | ||
3 | DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" | ||
4 | SECTION = "console/network" | ||
5 | |||
6 | LICENSE = "MPL-2.0" | ||
7 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" | ||
8 | |||
9 | DEPENDS = "openssl libcap zlib libuv" | ||
10 | |||
11 | SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | ||
12 | file://conf.patch \ | ||
13 | file://named.service \ | ||
14 | file://bind9 \ | ||
15 | file://generate-rndc-key.sh \ | ||
16 | file://make-etc-initd-bind-stop-work.patch \ | ||
17 | file://init.d-add-support-for-read-only-rootfs.patch \ | ||
18 | file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ | ||
19 | file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ | ||
20 | file://0001-avoid-start-failure-with-bind-user.patch \ | ||
21 | " | ||
22 | |||
23 | SRC_URI[sha256sum] = "75ffee52731e9604c849b658df29e927f1c4f01d5a71ea3ebcbeb63702cb6651" | ||
24 | |||
25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | ||
26 | # follow the ESV versions divisible by 2 | ||
27 | UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" | ||
28 | |||
29 | # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore | ||
30 | # so the issue doesn't affect us. | ||
31 | CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." | ||
32 | |||
33 | inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives | ||
34 | |||
35 | # PACKAGECONFIGs readline and libedit should NOT be set at same time | ||
36 | PACKAGECONFIG ?= "readline" | ||
37 | PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" | ||
38 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline" | ||
39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" | ||
40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" | ||
41 | |||
42 | EXTRA_OECONF = " --disable-auto-validation \ | ||
43 | --with-gssapi=no --with-lmdb=no --with-zlib \ | ||
44 | --sysconfdir=${sysconfdir}/bind \ | ||
45 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ | ||
46 | " | ||
47 | LDFLAGS:append = " -lz" | ||
48 | |||
49 | # dhcp needs .la so keep them | ||
50 | REMOVE_LIBTOOL_LA = "0" | ||
51 | |||
52 | USERADD_PACKAGES = "${PN}" | ||
53 | USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ | ||
54 | --user-group bind" | ||
55 | |||
56 | INITSCRIPT_NAME = "bind" | ||
57 | INITSCRIPT_PARAMS = "defaults" | ||
58 | |||
59 | SYSTEMD_SERVICE:${PN} = "named.service" | ||
60 | |||
61 | do_install:append() { | ||
62 | |||
63 | install -d -o bind "${D}${localstatedir}/cache/bind" | ||
64 | install -d "${D}${sysconfdir}/bind" | ||
65 | install -d "${D}${sysconfdir}/init.d" | ||
66 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" | ||
67 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" | ||
68 | |||
69 | # Install systemd related files | ||
70 | install -d ${D}${sbindir} | ||
71 | install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} | ||
72 | install -d ${D}${systemd_system_unitdir} | ||
73 | install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} | ||
74 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
75 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
76 | ${D}${systemd_system_unitdir}/named.service | ||
77 | |||
78 | install -d ${D}${sysconfdir}/default | ||
79 | install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default | ||
80 | |||
81 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
82 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
83 | echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf | ||
84 | fi | ||
85 | } | ||
86 | |||
87 | CONFFILES:${PN} = " \ | ||
88 | ${sysconfdir}/bind/named.conf \ | ||
89 | ${sysconfdir}/bind/named.conf.local \ | ||
90 | ${sysconfdir}/bind/named.conf.options \ | ||
91 | ${sysconfdir}/bind/db.0 \ | ||
92 | ${sysconfdir}/bind/db.127 \ | ||
93 | ${sysconfdir}/bind/db.empty \ | ||
94 | ${sysconfdir}/bind/db.local \ | ||
95 | ${sysconfdir}/bind/db.root \ | ||
96 | " | ||
97 | |||
98 | ALTERNATIVE:${PN}-utils = "nslookup" | ||
99 | ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" | ||
100 | ALTERNATIVE_PRIORITY = "100" | ||
101 | |||
102 | PACKAGE_BEFORE_PN += "${PN}-utils" | ||
103 | FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" | ||
104 | FILES:${PN}-dev += "${bindir}/isc-config.h" | ||
105 | FILES:${PN} += "${sbindir}/generate-rndc-key.sh" | ||
106 | |||
107 | PACKAGE_BEFORE_PN += "${PN}-libs" | ||
108 | # special arrangement below due to | ||
109 | # https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 | ||
110 | FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" | ||
111 | FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" | ||
112 | |||
113 | DEV_PKG_DEPENDENCY = "" | ||