summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind
AgeCommit message (Collapse)Author
2020-12-09bind: upgrade 9.16.7 -> 9.16.9Alexander Kanavin
License-Update: http -> https Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-30meta: fix some unresponsive homepages and bugtracker linksMaxime Roussin-Bélanger
remove some extra whitespaces Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-30bind: upgrade 9.16.5 -> 9.16.7zangrc
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-21bind: remove -r option for rndc-confgenMingli Yu
The named service fail to start as below: # systemctl status named.service named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2020-09-16 06:07:49 UTC; 9s ago Process: 134206 ExecStartPre=/usr/sbin/generate-rndc-key.sh (code=exited, status=1/FAILURE) Sep 16 06:07:49 intel-x86-64 systemd[1]: Starting Berkeley Internet Name Domain (DNS)... Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134206]: Generating /etc/bind/rndc.key: Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134207]: rndc-confgen: The -r option has been deprecated. Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134208]: chown: cannot access '/etc/bind/rndc.key': No such file or directory Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134209]: chmod: cannot access '/etc/bind/rndc.key': No such file or directory Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Failed with result 'exit-code'. Sep 16 06:07:49 intel-x86-64 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). It is because fail to execute "/usr/sbin/generate-rndc-key.sh" as -r is deprecated since bind 9.13.x and the random function changes in [1], so remove -r option to fix the above issue. DNSSEC validation is now active by default after bind upgrade to 9.16.x, but it is not in 9.11.x. So disable DNSSEC validation explicitly to silence below message. Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out [1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/3a4f820d625c214cfb21f5e6d18ce9160d2a193b Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-14bind: Inherit update-alternativesKhem Raj
We are setting u-a for nslookup and it won't work unless we inherit this class Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Andrey Zhizhikin <andrey.z@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-02bind: 9.11 removeakuster
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-02bind: Add 9.16.xakuster
Removed obsolete packageconfig options License change to MPL-2.0 https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE Refreshed: bind-ensure-searching-for-json-headers-searches-sysr.patch 0001-named-lwresd-V-and-start-log-hide-build-options.patch bind-ensure-searching-for-json-headers-searches-sysr.patch Drop obsolete patch: 0001-configure.in-remove-useless-L-use_openssl-lib.patch RP: Dropped the multilib scripts handling as those scripts are no longer present in this version. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-25bind: update to 9.11.22 ESVArmin Kuster
Source: isc.org MR: 105232, 105246, 105260 Type: Security Fix Disposition: Backport from https://www.isc.org/bind/ ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366 Description: Bug fix only update Three CVE fixes CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-07-22bind: upgrade 9.11.19 -> 9.11.21Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-06-16bind: update to 9.11.19akuster
Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-05-27bind: fix CVE-2020-8616/7Lee Chee Yang
fix CVE-2020-8616 and CVE-2020-8617 Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-02-15bind: add mulitlib_header for platform.hJeremy A. Puhlman
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-04bind: update 9.11.5-P4 -> 9.11.13Alexander Kanavin
Drop backports. Drop 0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch and 0001-lib-dns-gen.c-fix-too-long-error.patch as problem is fixed upstream. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-11-21bind: Whitelist CVE-2019-6470Adrian Bunk
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-24bind: fix CVE-2019-6471 and CVE-2018-5743Kai Kang
Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind. CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the other 6 patches are for CVE-2018-5743. And backport one more patch to fix compile error on arm caused by these 6 commits. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-10bind: do not RDEPEND on bashAlexander Kanavin
Nothing in the target installation actually needs it. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-08-30bind: fix build with python3 PACKAGECONFIG enabledChen Qi
If the PACKAGECONFIG item, python3, is enabled, we get the following QA issue when multilib is enabled. ERROR: bind-9.11.5-P4-r0 do_package: QA Issue: bind: Files/directories were installed but not shipped in any package: /usr/lib /usr/lib/python3.7 /usr/lib/python3.7/site-packages /usr/lib/python3.7/site-packages/isc-2.0-py3.7.egg-info /usr/lib/python3.7/site-packages/isc /usr/lib/python3.7/site-packages/isc/policy.py [snip] The thing is, when --with-python is specified with a path instead of 'yes', the --with-python-install-dir is in fact ignored. Fix this issue by specifying the correct arguments. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-29bind: Remove RECIPE_NO_UPDATE_REASON and follow the ESV releasesAdrian Bunk
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-04-10bind: upgrade 9.11.5 -> 9.11.5-P4Adrian Bunk
Bugfix-only compared to 9.11.5, mostly CVE fixes. COPYRIGHT checksum changed due to 2018 -> 2019. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-06bind-utils: Install nslookupAdrian Bunk
nslookup was undeprecated 15 years ago, and installing bind-utils should replace the busybox version. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-15bind: Move nsupdate to bind-utilsAdrian Bunk
This is a client tool that is usually not used one the same machine as the DNS server. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-01-26bind: drop lost patchRuslan Bilovol
Commit "c37207d0aca5 bind: update to ESV version 9.11.3" dropped 0001-build-use-pkg-config-to-find-libxml2.patch from recipe, but left the patch itself in source tree. Remove this patch since nobody uses it. Cc: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-09bind: update to latest LTS 9.11.5Armin Kuster
includes: CVE-2018-5738 drop patch for CVE-2018-5740 now included in update see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html Add RECIPE_NO_UPDATE_REASON for lts Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-15bind: fix startup failure in sysvinitChen Qi
The generated key file should try to have bind group so that if the named daemon is started via '-u bind' option, which is the default in OE core, we will not get startup failure because of 'permission denied' error. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-29bind: fix multilib install file conflictsKai Kang
It adds ${libdir} to linker options in scripts bind9-config and isc-config.sh. And then causes install file conflicts when install bind andl ib32-bind both. Inherit multilib_script.bbclass to fix this issue. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-11bind: patch for CVE-2018-5740Changqing Li
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-08-29bind: improve reproducibilityHongxu Jia
- Tweak var-DST_OPENSSL_LIBS assignment in configure.in, it is helpful to fix build path issue in isc-config.sh - `named/lwresd -V' and start log hide build options which expose build path directories. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-26bind: update to 9.11.4Armin Kuster
include: CVE-2018-5738 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-07-05bind: Disable lmdb supportKhem Raj
with bind 9.11.2+ when the build host has lmdb installed, bind configure looks into host headers and wrongly interprets that it should be enabling lmdb disable lmdb to fix | configure: error: found lmdb include but not library. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-04bind: update to ESV version 9.11.3Armin Kuster
LIC_FILES_CHKSUM changed do to updated year removed: dont-test-on-host.patch, no longer implemented drop use-python3-and-fix-install-lib-path.patch, they added the ability to pass in lib dir loctions drop bind-confgen-build-unix.o-once.patch, fix included in update Refresh other patches: add python3 flag for PACKAGECONFIG to pull in python add new config option --with-eddsa=no (needs openssl support not released) Python support is disaled by default now. Acked-by: Martin Hundebøll <mnhu@prevas.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-05-04bind: fix openSSL detection when using multiarchKoen Kooi
In multiarch /usr/include and /usr/lib/<tuple/ are not on the same level anymore. This change will pass a correct includedir, but a wrong libdir, but the linker picks it up anyway. Tested on multiarch and regular build. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-11-08bind: move libraries to own packageandreas.kling@peiker-cee.de
Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-11-07bind: Convert from ftp to https urlsRichard Purdie
The ftp protocol is dated and problematic. Since https is available, lets use that instead, making new users chances of successful builds higher. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05bind: update to 9.10.6Armin Kuster
Security Fixes * An error in TSIG handling could permit unauthorized zone transfers or zone updates. These flaws are disclosed in CVE-2017-3142 and CVE-2017-3143. [RT #45383] * The BIND installer on Windows used an unquoted service path, which can enable privilege escalation. This flaw is disclosed in CVE-2017-3141. [RT #45229] * With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop. This flaw is disclosed in CVE-2017-3140. [RT #45181] End of Life The end of life for BIND 9.10 is yet to be determined but will not be before BIND 9.12.0 has been released for 6 months. https://www.isc.org/downloads/software-support-policy/ more info see https://lists.isc.org/pipermail/bind-announce/2017-July/001063.html Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-16bind: Use correct python interpreter pathRichard Purdie
The scripts currently reference "python33", fix this so they reference python3. The move the python3 likely broke these. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-07-17bind: 9.10.3-P3 -> 9.10.5-P3Kai Kang
Upgrade bind from 9.10.3-P3 to 9.10.5-P3 * Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT * Remvoe mips1-not-support-opcode.diff which has been merged * Remove CVE patches that there are backported from upstream * Use python3 for build and make sure install .py files to right directory Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-05-29bind: build with threads and update configure optionsKai Kang
Build without threads for bind is inherited from legacy openembedded. All libc's support proper threading on Linux now, so enable threads support for bind. It is also need to disable static library build which cause package dhcp fail to build after enable bind threads support. Options devpoll and epoll are configured to choose most preferable multiplex method for unix socket. The priorities are: epoll > poll > select. When set '--enable-epoll', it just defines a var and include header file that is available for cross compile. So use epoll for bind. Add PACKAGECONFIG 'urandom' that could use /dev/urandom as random device. Update file/directory ownerships to fix daemon start failure. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-05-18bind: fix upstream version checkAlexander Kanavin
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28bind: Security fix CVE-2016-6170Yi Zhao
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-6170 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28bind: Security fix CVE-2016-8864Yi Zhao
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-8864 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-10-15bind: fix two CVEsZheng Ruoqin
Add two CVE patches from upstream git: https://www.isc.org/git/ 1.CVE-2016-2775.patch 2.CVE-2016-2776.patch Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-08meta: update patch metadataRoss Burton
Enforce the correct tag names across all of oe-core for consistency. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-06-02bind: switch Python dependency to Python 3.xAlexander Kanavin
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-18bind: CVE-2016-2088Jussi Kukkonen
Duplicate EDNS COOKIE options in a response could trigger an assertion failure: Fix with a backport. bind as built with the oe-core recipe is not at risk: Only servers which are built with DNS cookie support (--enable-sit) are vulnerable to denial of service. Fixes [YOCTO #9438] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-14bind: CVE-2016-1285 CVE-2016-1286Sona Sarmadi
Fixes following vulnerabilities: CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: =========================================================== CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=70037e040e587329cec82123e12b9f4f7c945f67 CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=7602be276a73a6eb5431c5acd9718e68a55e8b61 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-24bind: /var/cache/bindJoe Slater
Change the ownership of /var/cache/bind to bind rather than root. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26bind: update to 9.10.3-P3Derek Straka
Addresses CVE-2015-8704 and CVE-2015-8705 CVE-2015-8704 Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record CVE-2015-8705: When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option [YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-12-27bind: 9.10.2-P4 -> 9.10.3-P2Kai Kang
Upgrade bind from 9.10.2-P4 to 9.10.3-P2. * update context of 0001-build-use-pkg-config-to-find-libxml2.patch * add PACKAGECONFIGs readline and libedit. They provide same library, so should not be set at same time. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-09-21bind: fix too long error from genRobert Yang
gen.c uses 512 as the path length which is a little short when build in deep dir, and cause "too long" error, use PATH_MAX if defined. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-09-12meta: Fix Upstream-Status statementsRoss Burton
Fix a variety of problems such as typos, bad punctuations, or incorrect Upstream-Status values. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>