summaryrefslogtreecommitdiffstats
path: root/external/poky/meta/recipes-connectivity/bind
diff options
context:
space:
mode:
authortakeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>2020-10-22 14:58:56 +0900
committertakeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>2020-10-22 14:58:56 +0900
commit4204309872da5cb401cbb2729d9e2d4869a87f42 (patch)
treec7415e8600205e40ff7e91e8e5f4c411f30329f2 /external/poky/meta/recipes-connectivity/bind
parent5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (diff)
agl-basesystem 0.1sandbox/ToshikazuOhiwa/master
Diffstat (limited to 'external/poky/meta/recipes-connectivity/bind')
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch72
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb (renamed from external/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb)8
2 files changed, 4 insertions, 76 deletions
diff --git a/external/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/external/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
deleted file mode 100644
index 7a2ba7ea..00000000
--- a/external/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740]
-
-CVE: CVE-2018-5740
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
-diff --git a/CHANGES b/CHANGES
-index 750b600..3d8d655 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,9 @@
-+ --- 9.11.4-P1 released ---
-+
-+4997. [security] named could crash during recursive processing
-+ of DNAME records when "deny-answer-aliases" was
-+ in use. (CVE-2018-5740) [GL #387]
-+
- --- 9.11.4 released ---
-
- --- 9.11.4rc2 released ---
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index 8f674a2..41d1385 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- unsigned int nlabels;
- dns_fixedname_t fixed;
- dns_name_t prefix;
-+ int order;
-
- REQUIRE(rdataset != NULL);
- REQUIRE(rdataset->type == dns_rdatatype_cname ||
-@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- tname = &cname.cname;
- break;
- case dns_rdatatype_dname:
-+ if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
-+ dns_namereln_subdomain)
-+ {
-+ return (ISC_TRUE);
-+ }
- result = dns_rdata_tostruct(&rdata, &dname, NULL);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- dns_name_init(&prefix, NULL);
- tname = dns_fixedname_initname(&fixed);
-- nlabels = dns_name_countlabels(qname) -
-- dns_name_countlabels(rname);
-+ nlabels = dns_name_countlabels(rname);
- dns_name_split(qname, nlabels, &prefix, NULL);
- result = dns_name_concatenate(&prefix, &dname.dname, tname,
- NULL);
-- if (result == DNS_R_NAMETOOLONG)
-+ if (result == DNS_R_NAMETOOLONG) {
-+ if (chainingp != NULL) {
-+ *chainingp = ISC_TRUE;
-+ }
- return (ISC_TRUE);
-+ }
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- break;
- default:
-@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) {
- }
- if ((ardataset->type == dns_rdatatype_cname ||
- ardataset->type == dns_rdatatype_dname) &&
-- !is_answertarget_allowed(fctx, qname, aname, ardataset,
-+ type != ardataset->type &&
-+ type != dns_rdatatype_any &&
-+ !is_answertarget_allowed(fctx, qname, aname, ardataset,
- NULL))
- {
- return (DNS_R_SERVFAIL);
diff --git a/external/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb b/external/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
index cb4a21a9..432bad01 100644
--- a/external/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/external/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/"
SECTION = "console/network"
LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e"
DEPENDS = "openssl libcap zlib"
@@ -20,14 +20,14 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
- file://CVE-2018-5740.patch \
"
-SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36"
-SRC_URI[sha256sum] = "595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617"
+SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960"
+SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
+RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
inherit autotools update-rc.d systemd useradd pkgconfig multilib_script