mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-29 00:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
95bdd2e6f83aec40febda1ff6fed6b899ef103fe
poky/meta/recipes-connectivity/bind/bind_9.11.36.bb
Ralph Siemsen b41d4e46d3 bind: update to 9.11.36 
Security Fixes

The lame-ttl option controls how long named caches certain types of
broken responses from authoritative servers (see the security advisory
for details). This caching mechanism could be abused by an attacker to
significantly degrade resolver performance. The vulnerability has been
mitigated by changing the default value of lame-ttl to 0 and overriding
any explicitly set value with 0, effectively disabling this mechanism
altogether. ISC's testing has determined that doing that has a
negligible impact on resolver performance while also preventing abuse.
Administrators may observe more traffic towards servers issuing certain
types of broken responses than in previous BIND 9 releases, depending on
client query patterns. (CVE-2021-25219)

ISC would like to thank Kishore Kumar Kothapalli of Infoblox for
bringing this vulnerability to our attention. [GL #2899]

(From OE-Core rev: 8906aa9ec0a80b0f8998fb793f4e9491b3179179)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-11 23:44:42 +00:00

142 lines
5.5 KiB
BlitzBasic
Raw Blame History

SUMMARY = "ISC Internet Domain Name Server"
HOMEPAGE = "https://www.isc.org/bind/"
DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
SECTION = "console/network"
LICENSE = "ISC & BSD"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
DEPENDS = "openssl libcap zlib"
SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://conf.patch \
file://named.service \
file://bind9 \
file://generate-rndc-key.sh \
file://make-etc-initd-bind-stop-work.patch \
file://init.d-add-support-for-read-only-rootfs.patch \
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
"
SRC_URI[sha256sum] = "c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
UPSTREAM_CHECK_REGEX = "(?P<pver>9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/"
# BIND >= 9.11.2 need dhcpd >= 4.4.0,
# don't report it here since dhcpd is already recent enough.
CVE_CHECK_WHITELIST += "CVE-2019-6470"
inherit autotools update-rc.d systemd useradd pkgconfig multilib_script multilib_header
MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh"
# PACKAGECONFIGs readline and libedit should NOT be set at same time
PACKAGECONFIG ?= "readline"
PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
--disable-devpoll --enable-epoll --with-gost=no \
--with-gssapi=no --with-ecdsa=yes --with-eddsa=no \
--with-lmdb=no \
--sysconfdir=${sysconfdir}/bind \
--with-openssl=${STAGING_DIR_HOST}${prefix} \
"
inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)}
# dhcp needs .la so keep them
REMOVE_LIBTOOL_LA = "0"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
--user-group bind"
INITSCRIPT_NAME = "bind"
INITSCRIPT_PARAMS = "defaults"
SYSTEMD_SERVICE_${PN} = "named.service"
do_install_prepend() {
# clean host path in isc-config.sh before the hardlink created
# by "make install":
# bind9-config -> isc-config.sh
sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh
}
do_install_append() {
rmdir "${D}${localstatedir}/run"
rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
install -d -o bind "${D}${localstatedir}/cache/bind"
install -d "${D}${sysconfdir}/bind"
install -d "${D}${sysconfdir}/init.d"
install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then
sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \
${D}${sbindir}/dnssec-coverage \
${D}${sbindir}/dnssec-checkds \
${D}${sbindir}/dnssec-keymgr
fi
# Install systemd related files
install -d ${D}${sbindir}
install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
${D}${systemd_unitdir}/system/named.service
install -d ${D}${sysconfdir}/default
install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
fi
oe_multilib_header isc/platform.h
}
CONFFILES_${PN} = " \
${sysconfdir}/bind/named.conf \
${sysconfdir}/bind/named.conf.local \
${sysconfdir}/bind/named.conf.options \
${sysconfdir}/bind/db.0 \
${sysconfdir}/bind/db.127 \
${sysconfdir}/bind/db.empty \
${sysconfdir}/bind/db.local \
${sysconfdir}/bind/db.root \
"
ALTERNATIVE_${PN}-utils = "nslookup"
ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
ALTERNATIVE_PRIORITY = "100"
PACKAGE_BEFORE_PN += "${PN}-utils"
FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
FILES_${PN}-dev += "${bindir}/isc-config.h"
FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
PACKAGE_BEFORE_PN += "${PN}-libs"
FILES_${PN}-libs = "${libdir}/*.so*"
FILES_${PN}-staticdev += "${libdir}/*.la"
PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}"
FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
RDEPENDS_${PN}-dev = ""
RDEPENDS_python3-bind = "python3-core python3-ply"
Reference in New Issue View Git Blame Copy Permalink