| Age | Commit message (Collapse) | Author | Files |
|---|
|
Addresses CVE-2015-8704 and CVE-2015-8705
CVE-2015-8704
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade bind from 9.10.2-P4 to 9.10.3-P2.
* update context of 0001-build-use-pkg-config-to-find-libxml2.patch
* add PACKAGECONFIGs readline and libedit. They provide same library, so
should not be set at same time.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
gen.c uses 512 as the path length which is a little short when build in
deep dir, and cause "too long" error, use PATH_MAX if defined.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the building path is long, when building bind, we would meet the following
error.
".../long/path/to/bind/9.10.2-P3-r0/bind-9.10.2-P3/lib/dns" too long
This is because the in gen.c, DIRNAMESIZE is limited to 256. But in OE, the
path length limit is more than 400. So we change it to 512.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
fixes two secruity issues:
CVE-2015-5722 and CVE-2015-5986.
see release notes for more information.
ftp://ftp.isc.org/isc/bind9/9.10.2-P4/RELEASE-NOTES.bind-9.10.2-P4.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bind doesn't ship shared libraries only static libraries, so the default
dependency on PN from PN-dev is pointless and means that an image with bind-dev
installed (via dhcp-dev's automatic dependency) ends up with named installed and
started on boot which is rarely intended.
If and when we ship bind's shared libraries we should ensure that the libraries
go into a separate package.
Also remove an old comment about --enable-exportlib which isn't supported by
configure anymore.
[ YOCTO #8216 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
9.10.2-p3 includes the fix for CVE-2015-5477:
BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote
attackers to cause a denial of service (REQUIRE assertion failure
and daemon exit) via TKEY queries.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix CVE-2015-4620:
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x
before 9.10.2-P2, when configured as a recursive resolver with DNSSEC
validation, allows remote attackers to cause a denial of service (REQUIRE
assertion failure and daemon exit) by constructing crafted zone data and
then making a query for a name in that zone.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bind can fail configure by detecting headers w/o libs, or
it can fail the host contamination check. More details
are within the commit log in the contained patch.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix B != S and separate them.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rename the "libxml2" PACKAGECONFIG to "httpstats" so that is is meaningful, and
disable it by default as a web frontend to the server statistics shouldn't be
enabled by default.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refresh the libxml2 detection patch to directly call pkg-config instead of
attempting to use xml2-config, which will always return an error in OE.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Remove two unneeded CVE patches, 9.10.2 fixed the CVE-2015-1349 also
2. Remove bind-subdirs-run-serially.patch and cross-build-fix.patch,
similar fixes are merged into 9.10.2
3. update the dont-test-on-host.patch
4. update the Copyright file checksum, since the date in it has been changed.
5. replace the hardcode lib dir with $base_libdir in bind-add-crosscripts*.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They are backport patches, and verified that the patches are in the
source.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit b003df03358aea4e9e094ee339a9f6796866961e.
We keep seeing parallel make failures on the autobuilder
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
unix/os.o: file not recognized: File truncated
collect2: error: ld returned 1 exit status
This is because os.o was built twice:
* The implicity rule (depends on unix/os.o)
* The "make all" in unix subdir (depends on unix/os.o)
Depend on subdirs which is unix only rather than unix/os.o will fix the
problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Firstly configure scritp was testing files from bin folder.
In our case we don't copy bin folder to sysroot for target
recipes. So added extra check to validate .pc file from lib
folder via a patch to configure.in file.
* Secondly linxml2 dependency was missing. So added PACKAGECONFIG
for libxml2.
Signed-off-by: Noor Ahsan <noor_ahsan@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce]
[YOCTO #7098]
External References:
===================
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add in conf.patch /etc/bind/db.255 file so that we don't get the following error.
zone 255.in-addr.arpa/IN: loading from master file /etc/bind/db.255 failed: file not found
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* /usr/bin/isc-config.sh
* /usr/bin/bind9-config - hardlink to isc-config.sh
Signed-off-by: Shiqun Lin <Shiqun.Lin@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Appending or prepending to PACKAGES breaks when the package is built natively,
so use PACKAGE_BEFORE_PN instead.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use /etc/default/bind9 as the environment file in named.service.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We refer what ubuntu/redhat did, gave bind a user/group
Here is the example in ubuntu 14.04:
$ ps -eo user,group,cmd | grep "named"
...
bind bind /usr/sbin/named -u bind
...
$vim bind9_1%3a9.9.5.dfsg-3_amd64.deb/postinst
...
# lets give them a bind user/group in all cases.
getent group bind >/dev/null 2>&1 || addgroup --system bind
getent passwd bind >/dev/null 2>&1 ||
adduser --system --home /var/cache/bind --no-create-home \
--disabled-password --ingroup bind bind
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds support for read-only rootfs to the bind service.
Basically it just bind mounts several directories so that the bind
service could start correctly without reporting any error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add systemd support for bind.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The nslookup had been disabled from 2010 (or earlier), but it still in
FILES_${PN}-utils, we need remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the typo:
PACKAGES_preprend -> PACKAGES_prepend
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove CVE patches that are in bind
Updated COPYRIGHT includes date changes the NetBSD Copyright
Modifies the Base BSD License to 3-Clause (removes advertising clause)w
Add patch to disable running tests on host
Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
* resolves following warnings:
WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends)
WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch goes through the OE-Core recipes and marks those which use autotools
but don't support a separate build directory (${S} != ${B}). A new class,
autotools-brokensep is used for this purpose.
This doesn't introduce any change in behaviour in its own right.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Make ipv6 configure dependent on DISTRO_FEATURES.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The /var/run directory is already created by base-files.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Change /var/run/bind/run to /var/run/named to avoid the following error message.
chmod: cannot access '/var/run/bind/run': No such file or directory
[YOCTO #4429]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The nslookup is not shipped for now, we should disable its man page if
the binary tool is not installed.
[YOCTO#3754]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add some configurations, make rndc command be able to controls
the named daemon.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
| checking linking as -lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err... no
| checking linking as -lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err... no
| checking linking as -lgss -lkrb5... no
| configure: error: could not determine proper GSSAPI linkage
| + bbfatal 'oe_runconf failed'
| + echo 'ERROR: oe_runconf failed'
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The COPYRIGHT File was updates for both Year and showing the complete
list of contributors, this change effectively adds BSD equivlant to
the licensing terms.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Fixes do_install() on micro, which otherwise fails for obvious reasons.
Signed-off-by: Phil Blundell <philb@gnu.org>
|
|
[YOCTO #860]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
