diff options
| author | Wang Mingyu <wangmy@fujitsu.com> | 2022-11-03 13:30:44 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-24 15:30:06 +0000 |
| commit | 90246ed04bdf7568c161e2f5698f954e0ac78191 (patch) | |
| tree | 4f429b64baaa0204cc348295e51dfdc7c4ce5e49 | |
| parent | 52d6688d37862c4a5805cc0dc6d93747888c6bad (diff) | |
| download | poky-90246ed04bdf7568c161e2f5698f954e0ac78191.tar.gz | |
bind: upgrade 9.18.7 -> 9.18.8
Changelog:
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18_8/CHANGES
--- 9.18.7 released ---
5962. [security] Fix memory leak in EdDSA verify processing.
(CVE-2022-38178) [GL #3487]
5960. [security] Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query.
(CVE-2022-3080) [GL #3517]
5959. [security] Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected. (CVE-2022-2906) [GL #3491]
5958. [security] When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer. (CVE-2022-2881) [GL #3493]
5957. [security] Prevent excessive resource use while processing large
delegations. (CVE-2022-2795) [GL #3394]
5956. [func] Make RRL code treat all QNAMEs that are subject to
wildcard processing within a given zone as the same
name. [GL #3459]
5955. [port] The libxml2 library has deprecated the usage of
xmlInitThreads() and xmlCleanupThreads() functions. Use
xmlInitParser() and xmlCleanupParser() instead.
[GL #3518]
5954. [func] Fallback to IDNA2003 processing in dig when IDNA2008
conversion fails. [GL #3485]
5953. [bug] Fix a crash on shutdown in delete_trace_entry(). Add
mctx attach/detach pair to make sure that the memory
context used by a memory pool is not destroyed before
the memory pool itself. [GL #3515]
5952. [bug] Use quotes around address strings in YAML output.
[GL #3511]
5951. [bug] In some cases, the dnstap query_message field was
erroneously set when logging response messages.
[GL #3501]
5948. [bug] Fix nsec3.c:dns_nsec3_activex() function, add a missing
dns_db_detachnode() call. [GL #3500]
5947. [func] Change dnssec-policy to allow graceful transition from
an NSEC only zone to NSEC3. [GL #3486]
5946. [bug] Fix statistics channel's handling of multiple HTTP
requests in a single connection which have non-empty
request bodies. [GL #3463]
5945. [bug] If parsing /etc/bind.key failed, delv could assert
when trying to parse the built in trust anchors as
the parser hadn't been reset. [GL !6468]
5944. [bug] Fix +http-plain-get and +http-plain-post options
support in dig. Thanks to Marco Davids at SIDN for
reporting the problem. [GL !6672]
5942. [bug] Fix tkey.c:buildquery() function's error handling by
adding the missing cleanup code. [GL #3492]
5941. [func] Zones with dnssec-policy now require dynamic DNS or
inline-siging to be configured explicitly. [GL #3381]
5938. [bug] An integer type overflow could cause an assertion
failure when freeing memory. [GL #3483]
5936. [bug] Don't enable serve-stale for lookups that error because
it is a duplicate query or a query that would be
dropped. [GL #2982]
5935. [bug] Fix DiG lookup reference counting bug, which could
be observed in NSSEARCH mode. [GL #3478]
(From OE-Core rev: 14b6bcb46a5e81027ec823aa7315c0e519cfece6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1d87d2652f7f6640dda85e037c580c83f99a8ba8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/0001-avoid-start-failure-with-bind-user.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/0001-named-lwresd-V-and-start-log-hide-build-options.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/bind-ensure-searching-for-json-headers-searches-sysr.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/bind9 (renamed from meta/recipes-connectivity/bind/bind-9.18.7/bind9) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/conf.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.7/conf.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/generate-rndc-key.sh (renamed from meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/init.d-add-support-for-read-only-rootfs.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/make-etc-initd-bind-stop-work.patch (renamed from meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind-9.18.8/named.service (renamed from meta/recipes-connectivity/bind/bind-9.18.7/named.service) | 0 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.8.bb (renamed from meta/recipes-connectivity/bind/bind_9.18.7.bb) | 2 |
10 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.8/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.8/0001-avoid-start-failure-with-bind-user.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.8/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.8/0001-named-lwresd-V-and-start-log-hide-build-options.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.8/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.8/bind-ensure-searching-for-json-headers-searches-sysr.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/bind9 b/meta/recipes-connectivity/bind/bind-9.18.8/bind9 index 968679ff7f..968679ff7f 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/bind9 +++ b/meta/recipes-connectivity/bind/bind-9.18.8/bind9 | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.8/conf.patch index aa3642acec..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.8/conf.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.8/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind-9.18.8/generate-rndc-key.sh | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.8/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.8/init.d-add-support-for-read-only-rootfs.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.8/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch +++ b/meta/recipes-connectivity/bind/bind-9.18.8/make-etc-initd-bind-stop-work.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.18.7/named.service b/meta/recipes-connectivity/bind/bind-9.18.8/named.service index cda56ef015..cda56ef015 100644 --- a/meta/recipes-connectivity/bind/bind-9.18.7/named.service +++ b/meta/recipes-connectivity/bind/bind-9.18.8/named.service | |||
diff --git a/meta/recipes-connectivity/bind/bind_9.18.7.bb b/meta/recipes-connectivity/bind/bind_9.18.8.bb index 4ab11486bf..4925c092c7 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.7.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.8.bb | |||
| @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | |||
| 20 | file://0001-avoid-start-failure-with-bind-user.patch \ | 20 | file://0001-avoid-start-failure-with-bind-user.patch \ |
| 21 | " | 21 | " |
| 22 | 22 | ||
| 23 | SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981" | 23 | SRC_URI[sha256sum] = "0e3c3ab9378db84ba0f37073d67ba125ae4f2ff8daf366c9db287e3f1b2c35f0" |
| 24 | 24 | ||
| 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" |
| 26 | # follow the ESV versions divisible by 2 | 26 | # follow the ESV versions divisible by 2 |