summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind
Commit message (Collapse)AuthorAgeFilesLines
* meta: fix some unresponsive homepages and bugtracker linksMaxime Roussin-Bélanger2020-10-301-1/+1
| | | | | | | | | remove some extra whitespaces (From OE-Core rev: 32ce3716761165b9df12306249418645724122cc) Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade 9.16.5 -> 9.16.7zangrc2020-09-3010-1/+1
| | | | | | | (From OE-Core rev: 129e1f748685368f45a5022218cd83872e22ab61) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: remove -r option for rndc-confgenMingli Yu2020-09-212-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The named service fail to start as below: # systemctl status named.service named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2020-09-16 06:07:49 UTC; 9s ago Process: 134206 ExecStartPre=/usr/sbin/generate-rndc-key.sh (code=exited, status=1/FAILURE) Sep 16 06:07:49 intel-x86-64 systemd[1]: Starting Berkeley Internet Name Domain (DNS)... Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134206]: Generating /etc/bind/rndc.key: Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134207]: rndc-confgen: The -r option has been deprecated. Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134208]: chown: cannot access '/etc/bind/rndc.key': No such file or directory Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134209]: chmod: cannot access '/etc/bind/rndc.key': No such file or directory Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Failed with result 'exit-code'. Sep 16 06:07:49 intel-x86-64 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). It is because fail to execute "/usr/sbin/generate-rndc-key.sh" as -r is deprecated since bind 9.13.x and the random function changes in [1], so remove -r option to fix the above issue. DNSSEC validation is now active by default after bind upgrade to 9.16.x, but it is not in 9.11.x. So disable DNSSEC validation explicitly to silence below message. Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out [1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/3a4f820d625c214cfb21f5e6d18ce9160d2a193b (From OE-Core rev: 884cc4196c75b5107082a188cf5f7a4dee4fc5c3) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Inherit update-alternativesKhem Raj2020-09-151-1/+1
| | | | | | | | | | | We are setting u-a for nslookup and it won't work unless we inherit this class (From OE-Core rev: 0cccb2ae6508c0b3d4a5362e61b24ee314c2fb02) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Andrey Zhizhikin <andrey.z@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: 9.11 removeakuster2020-09-0211-747/+0
| | | | | | | (From OE-Core rev: 29949cd7cf3a660fb3bcf251f5127a4cdb2804ec) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Add 9.16.xakuster2020-09-0210-0/+701
| | | | | | | | | | | | | | | | | | | | | | Removed obsolete packageconfig options License change to MPL-2.0 https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE Refreshed: bind-ensure-searching-for-json-headers-searches-sysr.patch 0001-named-lwresd-V-and-start-log-hide-build-options.patch bind-ensure-searching-for-json-headers-searches-sysr.patch Drop obsolete patch: 0001-configure.in-remove-useless-L-use_openssl-lib.patch RP: Dropped the multilib scripts handling as those scripts are no longer present in this version. (From OE-Core rev: d7cc84de47fad1dfbae68c32bb2165c708bec66b) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.22 ESVArmin Kuster2020-08-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Source: isc.org MR: 105232, 105246, 105260 Type: Security Fix Disposition: Backport from https://www.isc.org/bind/ ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366 Description: Bug fix only update Three CVE fixes CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf (From OE-Core rev: 1c85f26b1bd3475699d54f18c6b5b4924bcd8eb2) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade 9.11.19 -> 9.11.21Yi Zhao2020-07-221-1/+1
| | | | | | | (From OE-Core rev: c6749532f94f435e6771d66d3fa225e676753478) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.19akuster2020-06-163-240/+2
| | | | | | | | | | | | | | | | Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES (From OE-Core rev: a6ba66cf5e754cdcd41f01d233fbef7b94a10225) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2020-8616/7Lee Chee Yang2020-05-303-0/+237
| | | | | | | | | fix CVE-2020-8616 and CVE-2020-8617 (From OE-Core rev: d0df831830e4c5f8df2343a45ea75c2ab4f57058) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: add mulitlib_header for platform.hJeremy A. Puhlman2020-02-151-1/+3
| | | | | | | (From OE-Core rev: cfaaeedcb634b68d0b20a05130fd582df660fef6) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update 9.11.5-P4 -> 9.11.13Alexander Kanavin2019-12-0413-2799/+20
| | | | | | | | | | | | | | Drop backports. Drop 0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch and 0001-lib-dns-gen.c-fix-too-long-error.patch as problem is fixed upstream. (From OE-Core rev: 6965ec5c491e71d5951dfb58fc060bd0b717e33d) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Whitelist CVE-2019-6470Adrian Bunk2019-11-211-0/+4
| | | | | | | (From OE-Core rev: ad4318b6501b3d724365bf95015850022441518e) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2019-6471 and CVE-2018-5743Kai Kang2019-10-289-0/+2723
| | | | | | | | | | | | Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind. CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the other 6 patches are for CVE-2018-5743. And backport one more patch to fix compile error on arm caused by these 6 commits. (From OE-Core rev: 3c39d4158677b97253df63f23b74c3a9dd5539f6) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: do not RDEPEND on bashAlexander Kanavin2019-10-151-2/+0
| | | | | | | | | Nothing in the target installation actually needs it. (From OE-Core rev: 0357b2d2cdcbcef89a346126969ec3e1856bda95) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix build with python3 PACKAGECONFIG enabledChen Qi2019-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | If the PACKAGECONFIG item, python3, is enabled, we get the following QA issue when multilib is enabled. ERROR: bind-9.11.5-P4-r0 do_package: QA Issue: bind: Files/directories were installed but not shipped in any package: /usr/lib /usr/lib/python3.7 /usr/lib/python3.7/site-packages /usr/lib/python3.7/site-packages/isc-2.0-py3.7.egg-info /usr/lib/python3.7/site-packages/isc /usr/lib/python3.7/site-packages/isc/policy.py [snip] The thing is, when --with-python is specified with a path instead of 'yes', the --with-python-install-dir is in fact ignored. Fix this issue by specifying the correct arguments. (From OE-Core rev: 2c36b3e5c7caae07ffe0cfb816d37fad52d69fc9) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Remove RECIPE_NO_UPDATE_REASON and follow the ESV releasesAdrian Bunk2019-07-311-2/+2
| | | | | | | (From OE-Core rev: c03eb46c292990c6639f8fa80c9bde263b8dfb8c) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade 9.11.5 -> 9.11.5-P4Adrian Bunk2019-04-101-3/+3
| | | | | | | | | | | Bugfix-only compared to 9.11.5, mostly CVE fixes. COPYRIGHT checksum changed due to 2018 -> 2019. (From OE-Core rev: 5d286da0fbe1a7ded2f84eec990e49d221bdeab4) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind-utils: Install nslookupAdrian Bunk2019-03-061-3/+5
| | | | | | | | | | nslookup was undeprecated 15 years ago, and installing bind-utils should replace the busybox version. (From OE-Core rev: 6d594e2a466a75f88fe8ab454e58ae20e3bdee05) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Move nsupdate to bind-utilsAdrian Bunk2019-02-151-1/+1
| | | | | | | | | | This is a client tool that is usually not used one the same machine as the DNS server. (From OE-Core rev: 3f114fb51ca315db0f7cb73b450a508a0477ab88) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: drop lost patchRuslan Bilovol2019-01-271-54/+0
| | | | | | | | | | | | | Commit "c37207d0aca5 bind: update to ESV version 9.11.3" dropped 0001-build-use-pkg-config-to-find-libxml2.patch from recipe, but left the patch itself in source tree. Remove this patch since nobody uses it. Cc: Armin Kuster <akuster808@gmail.com> (From OE-Core rev: 6d624b57397fce4ac98b98e8f47cd95336e44122) Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to latest LTS 9.11.5Armin Kuster2018-11-142-75/+3
| | | | | | | | | | | | | | | | includes: CVE-2018-5738 drop patch for CVE-2018-5740 now included in update see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html Add RECIPE_NO_UPDATE_REASON for lts (From OE-Core rev: bf1be2e0b1484ca8a91eabbd8b89663eacccf4a9) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix startup failure in sysvinitChen Qi2018-10-162-0/+28
| | | | | | | | | | | | The generated key file should try to have bind group so that if the named daemon is started via '-u bind' option, which is the default in OE core, we will not get startup failure because of 'permission denied' error. (From OE-Core rev: fc4c4f40dbcf558a48058d944eef21e588d64aa0) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix multilib install file conflictsKai Kang2018-10-011-1/+3
| | | | | | | | | | | | | It adds ${libdir} to linker options in scripts bind9-config and isc-config.sh. And then causes install file conflicts when install bind andl ib32-bind both. Inherit multilib_script.bbclass to fix this issue. (From OE-Core rev: d3baeaf09d5d3e7548e5b2ea1b565880ea6ce994) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: patch for CVE-2018-5740Changqing Li2018-09-112-0/+73
| | | | | | | | (From OE-Core rev: bf81b4e5327134e131e3198adad68c74afb5e259) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: improve reproducibilityHongxu Jia2018-08-293-0/+68
| | | | | | | | | | | | | - Tweak var-DST_OPENSSL_LIBS assignment in configure.in, it is helpful to fix build path issue in isc-config.sh - `named/lwresd -V' and start log hide build options which expose build path directories. (From OE-Core rev: 037d741c94dd7f8518b3499ee0beb91a343ffa6a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.4Armin Kuster2018-07-261-2/+2
| | | | | | | | | | | include: CVE-2018-5738 (From OE-Core rev: fcf45459bc32d833740e3bb237ea0b8f8845f308) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Disable lmdb supportKhem Raj2018-07-051-0/+1
| | | | | | | | | | | | | | with bind 9.11.2+ when the build host has lmdb installed, bind configure looks into host headers and wrongly interprets that it should be enabling lmdb disable lmdb to fix | configure: error: found lmdb include but not library. (From OE-Core rev: 8c00b32211f25e38c1601ec8de47e6d4729dd49e) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to ESV version 9.11.3Armin Kuster2018-07-037-162/+59
| | | | | | | | | | | | | | | | | | | | | LIC_FILES_CHKSUM changed do to updated year removed: dont-test-on-host.patch, no longer implemented drop use-python3-and-fix-install-lib-path.patch, they added the ability to pass in lib dir loctions drop bind-confgen-build-unix.o-once.patch, fix included in update Refresh other patches: add python3 flag for PACKAGECONFIG to pull in python add new config option --with-eddsa=no (needs openssl support not released) Python support is disaled by default now. Acked-by: Martin Hundebøll <mnhu@prevas.dk> (From OE-Core rev: c37207d0aca5ad1ec2b45813274931be458ee7ed) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix openSSL detection when using multiarchKoen Kooi2018-05-041-1/+1
| | | | | | | | | | | | In multiarch /usr/include and /usr/lib/<tuple/ are not on the same level anymore. This change will pass a correct includedir, but a wrong libdir, but the linker picks it up anyway. Tested on multiarch and regular build. (From OE-Core rev: 9a02cd981eee8b1cd488373659a8a610962309e3) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: move libraries to own packageandreas.kling@peiker-cee.de2017-11-081-0/+3
| | | | | | | | (From OE-Core rev: d74ebc91388941295a2321a295cdb06ee87fc38b) Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Convert from ftp to https urlsRichard Purdie2017-11-071-2/+2
| | | | | | | | | The ftp protocol is dated and problematic. Since https is available, lets use that instead, making new users chances of successful builds higher. (From OE-Core rev: f24a29fcba98ceff08c13b0f029be93995f1deed) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.10.6Armin Kuster2017-11-071-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes * An error in TSIG handling could permit unauthorized zone transfers or zone updates. These flaws are disclosed in CVE-2017-3142 and CVE-2017-3143. [RT #45383] * The BIND installer on Windows used an unquoted service path, which can enable privilege escalation. This flaw is disclosed in CVE-2017-3141. [RT #45229] * With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop. This flaw is disclosed in CVE-2017-3140. [RT #45181] End of Life The end of life for BIND 9.10 is yet to be determined but will not be before BIND 9.12.0 has been released for 6 months. https://www.isc.org/downloads/software-support-policy/ more info see https://lists.isc.org/pipermail/bind-announce/2017-July/001063.html (From OE-Core rev: 96e9adb60320b2e2f0bb7a04d9ed49ddc53649bb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Use correct python interpreter pathRichard Purdie2017-08-181-1/+1
| | | | | | | | | The scripts currently reference "python33", fix this so they reference python3. The move the python3 likely broke these. (From OE-Core rev: 1a734f037da37d14f780970a9532d1e2e3683bf8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: 9.10.3-P3 -> 9.10.5-P3Kai Kang2017-07-1713-2443/+61
| | | | | | | | | | | | | | | Upgrade bind from 9.10.3-P3 to 9.10.5-P3 * Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT * Remvoe mips1-not-support-opcode.diff which has been merged * Remove CVE patches that there are backported from upstream * Use python3 for build and make sure install .py files to right directory (From OE-Core rev: 9ee6a0a6599d081767b63382a576e67aed12cf4d) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: build with threads and update configure optionsKai Kang2017-05-292-2/+9
| | | | | | | | | | | | | | | | | | | | | | | Build without threads for bind is inherited from legacy openembedded. All libc's support proper threading on Linux now, so enable threads support for bind. It is also need to disable static library build which cause package dhcp fail to build after enable bind threads support. Options devpoll and epoll are configured to choose most preferable multiplex method for unix socket. The priorities are: epoll > poll > select. When set '--enable-epoll', it just defines a var and include header file that is available for cross compile. So use epoll for bind. Add PACKAGECONFIG 'urandom' that could use /dev/urandom as random device. Update file/directory ownerships to fix daemon start failure. (From OE-Core rev: 598e5da5a2af2bd93ad890687dd32009e348fc85) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix upstream version checkAlexander Kanavin2017-05-181-0/+3
| | | | | | | | (From OE-Core rev: 82a47a2748869a20e992b72bcc104ae2ab81a3cc) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-6170Yi Zhao2017-04-292-0/+1091
| | | | | | | | | | | | | | | | | | | | | | CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-6170 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f (From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-8864Yi Zhao2017-04-292-0/+220
| | | | | | | | | | | | | | | | | | | | CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-8864 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8 (From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix two CVEsZheng Ruoqin2016-10-153-0/+215
| | | | | | | | | | | | | | Add two CVE patches from upstream git: https://www.isc.org/git/ 1.CVE-2016-2775.patch 2.CVE-2016-2776.patch (From OE-Core rev: 5f4588d675e400f13bb6001df04790c867a95230) Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: update patch metadataRoss Burton2016-07-082-1/+4
| | | | | | | | | Enforce the correct tag names across all of oe-core for consistency. (From OE-Core rev: 606a43dc38a00cc243f933722db657aea4129f8e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: switch Python dependency to Python 3.xAlexander Kanavin2016-06-031-2/+2
| | | | | | | (From OE-Core rev: a10fd8722fb7c5f2c5a206203d0c7f4237a86466) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2016-2088Jussi Kukkonen2016-04-182-0/+248
| | | | | | | | | | | | | | | | | Duplicate EDNS COOKIE options in a response could trigger an assertion failure: Fix with a backport. bind as built with the oe-core recipe is not at risk: Only servers which are built with DNS cookie support (--enable-sit) are vulnerable to denial of service. Fixes [YOCTO #9438] (From OE-Core rev: da38a9840b32e80464e2938395db5c9167729f7e) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2016-1285 CVE-2016-1286Sona Sarmadi2016-04-144-0/+550
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes following vulnerabilities: CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: =========================================================== CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=70037e040e587329cec82123e12b9f4f7c945f67 CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=7602be276a73a6eb5431c5acd9718e68a55e8b61 (From OE-Core rev: 080d1a313e4982dd05846b375ebf936c46934d80) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: /var/cache/bindJoe Slater2016-03-251-3/+2
| | | | | | | | | | Change the ownership of /var/cache/bind to bind rather than root. (From OE-Core rev: 6c76c9e5bb4f4bf6adfac7ccece03d7dcdea7f3d) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.10.3-P3Derek Straka2016-01-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | Addresses CVE-2015-8704 and CVE-2015-8705 CVE-2015-8704 Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record CVE-2015-8705: When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option [YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 (From OE-Core rev: 58d47cdf91076cf055046ce9ec5f3e2e21dae1c0) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: 9.10.2-P4 -> 9.10.3-P2Kai Kang2015-12-282-9/+20
| | | | | | | | | | | | | | Upgrade bind from 9.10.2-P4 to 9.10.3-P2. * update context of 0001-build-use-pkg-config-to-find-libxml2.patch * add PACKAGECONFIGs readline and libedit. They provide same library, so should not be set at same time. (From OE-Core rev: b49751e7febd262b754043e4e523e6690bfbbfaa) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix too long error from genRobert Yang2015-09-232-0/+35
| | | | | | | | | | | gen.c uses 512 as the path length which is a little short when build in deep dir, and cause "too long" error, use PATH_MAX if defined. (From OE-Core rev: 10e017fd3de3ff1ab0c1b32ac7a9610a04f8ff13) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix Upstream-Status statementsRoss Burton2015-09-121-1/+1
| | | | | | | | | | Fix a variety of problems such as typos, bad punctuations, or incorrect Upstream-Status values. (From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix compile failure when building path is longChen Qi2015-09-122-0/+26
| | | | | | | | | | | | | | | | Fix the building path is long, when building bind, we would meet the following error. ".../long/path/to/bind/9.10.2-P3-r0/bind-9.10.2-P3/lib/dns" too long This is because the in gen.c, DIRNAMESIZE is limited to 256. But in OE, the path length limit is more than 400. So we change it to 512. (From OE-Core rev: 2f22eb1ce8083afb929cce432b8dda84682520e8) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>