mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-30 12:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e6a20efa9dc7bbb516fa56b560289a307d2ca40
poky/meta/recipes-connectivity/bind/bind_9.18.24.bb
Soumya Sambu 9efcdbc0ae bind: Upgrade 9.18.21 -> 9.18.24 
Changelog:
=========
9.18.24:
	- Fix case insensitive setting for isc_ht hashtable.
	[GL #4568]

9.18.23:
	- Specific DNS answers could cause a denial-of-service
	condition due to DNS validation taking a long time.
	(CVE-2023-50387) [GL #4424]
	- Change 6315 inadvertently introduced regressions that
	could cause named to crash. [GL #4234]
	- Under some circumstances, the DoT code in client
	mode could process more than one message at a time when
	that was not expected. That has been fixed. [GL #4487]

9.18.22:
	- Limit isc_task_send() overhead for RBTDB tree pruning.
	[GL #4383]
	- Restore DNS64 state when handling a serve-stale timeout.
	(CVE-2023-5679) [GL #4334]
	- Specific queries could trigger an assertion check with
	nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
	- Speed up parsing of DNS messages with many different
	names. (CVE-2023-4408) [GL #4234]
	- Address race conditions in dns_tsigkey_find().
	[GL #4182]
	- Conversion from NSEC3 signed to NSEC signed could
	temporarily put the zone into a state where it was
	treated as unsigned until the NSEC chain was built.
	Additionally conversion from one set of NSEC3 parameters
	to another could also temporarily put the zone into a
	state where it was treated as unsigned until the new
	NSEC3 chain was built. [GL #1794] [GL #4495]
	- Memory leak in zone.c:sign_zone. When named signed a
	zone it could leak dst_keys due to a misplaced
	'continue'. [GL #4488]
	- Log more details about the cause of "not exact" errors.
	[GL #4500]
	- The wrong time was being used to determine what RRSIGs
	where to be generated when dnssec-policy was in use.
	[GL #4494]
	- The "trust-anchor-telemetry" statement is no longer
	marked as experimental. This silences a relevant log
	message that was emitted even when the feature was
	explicitly disabled. [GL #4497]
	- Fix statistics export to use full 64 bit signed numbers
	instead of truncating values to unsigned 32 bits.
	[GL #4467]
	- NetBSD has added 'hmac' to libc which collides with our
	use of 'hmac'. [GL #4478]

(From OE-Core rev: d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-02-24 16:10:23 +00:00

114 lines
4.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "ISC Internet Domain Name Server"
HOMEPAGE = "https://www.isc.org/bind/"
DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
SECTION = "console/network"
LICENSE = "MPL-2.0"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43"
DEPENDS = "openssl libcap zlib libuv"
SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://conf.patch \
file://named.service \
file://bind9 \
file://generate-rndc-key.sh \
file://make-etc-initd-bind-stop-work.patch \
file://init.d-add-support-for-read-only-rootfs.patch \
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
"
SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
# so the issue doesn't affect us.
CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore."
inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
# PACKAGECONFIGs readline and libedit should NOT be set at same time
PACKAGECONFIG ?= "readline"
PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
PACKAGECONFIG[readline] = "--with-readline=readline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
EXTRA_OECONF = " --disable-auto-validation \
--with-gssapi=no --with-lmdb=no --with-zlib \
--sysconfdir=${sysconfdir}/bind \
--with-openssl=${STAGING_DIR_HOST}${prefix} \
"
LDFLAGS:append = " -lz"
# dhcp needs .la so keep them
REMOVE_LIBTOOL_LA = "0"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
--user-group bind"
INITSCRIPT_NAME = "bind"
INITSCRIPT_PARAMS = "defaults"
SYSTEMD_SERVICE:${PN} = "named.service"
do_install:append() {
install -d -o bind "${D}${localstatedir}/cache/bind"
install -d "${D}${sysconfdir}/bind"
install -d "${D}${sysconfdir}/init.d"
install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
# Install systemd related files
install -d ${D}${sbindir}
install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
install -d ${D}${systemd_system_unitdir}
install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir}
sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
${D}${systemd_system_unitdir}/named.service
install -d ${D}${sysconfdir}/default
install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
fi
}
CONFFILES:${PN} = " \
${sysconfdir}/bind/named.conf \
${sysconfdir}/bind/named.conf.local \
${sysconfdir}/bind/named.conf.options \
${sysconfdir}/bind/db.0 \
${sysconfdir}/bind/db.127 \
${sysconfdir}/bind/db.empty \
${sysconfdir}/bind/db.local \
${sysconfdir}/bind/db.root \
"
ALTERNATIVE:${PN}-utils = "nslookup"
ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
ALTERNATIVE_PRIORITY = "100"
PACKAGE_BEFORE_PN += "${PN}-utils"
FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
FILES:${PN}-dev += "${bindir}/isc-config.h"
FILES:${PN} += "${sbindir}/generate-rndc-key.sh"
PACKAGE_BEFORE_PN += "${PN}-libs"
# special arrangement below due to
# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88
FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so"
FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so"
DEV_PKG_DEPENDENCY = ""
Reference in New Issue View Git Blame Copy Permalink