From 041576d6d63ad807ca405dcea9eeecf1c9ccd7fe Mon Sep 17 00:00:00 2001 From: Saul Wold Date: Tue, 4 Mar 2014 13:56:06 -0800 Subject: bind: Update to 9.9.5 Remove CVE patches that are in bind Updated COPYRIGHT includes date changes the NetBSD Copyright Modifies the Base BSD License to 3-Clause (removes advertising clause)w Add patch to disable running tests on host Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python Signed-off-by: Saul Wold --- .../bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch | 119 -------- .../bind/bind-9.8.1/bind-CVE-2011-4313.patch | 89 ------ .../bind/bind-9.8.1/bind-CVE-2012-1667.patch | 92 ------ .../bind/bind-9.8.1/bind-CVE-2012-3817.patch | 40 --- .../bind/bind-9.8.1/bind-CVE-2013-2266.patch | 41 --- .../bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch | 141 --------- .../bind/bind-9.8.1/conf.patch | 314 --------------------- .../bind/bind-9.8.1/cross-build-fix.patch | 21 -- .../bind-9.8.1/make-etc-initd-bind-stop-work.patch | 42 --- .../bind/bind-9.8.1/mips1-not-support-opcode.diff | 104 ------- .../bind/bind/bind-9.8.1-CVE-2012-5166.patch | 119 ++++++++ .../bind/bind/bind-CVE-2011-4313.patch | 89 ++++++ .../bind/bind/bind-CVE-2012-1667.patch | 92 ++++++ .../bind/bind/bind-CVE-2012-3817.patch | 40 +++ .../bind/bind/bind-CVE-2013-2266.patch | 41 +++ .../bind/bind/bind-Fix-CVE-2012-4244.patch | 141 +++++++++ meta/recipes-connectivity/bind/bind/conf.patch | 314 +++++++++++++++++++++ .../bind/bind/cross-build-fix.patch | 21 ++ .../bind/bind/dont-test-on-host.patch | 13 + .../bind/bind/make-etc-initd-bind-stop-work.patch | 42 +++ .../bind/bind/mips1-not-support-opcode.diff | 104 +++++++ meta/recipes-connectivity/bind/bind_9.8.1.bb | 68 ----- meta/recipes-connectivity/bind/bind_9.9.5.bb | 65 +++++ 23 files changed, 1081 insertions(+), 1071 deletions(-) delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/conf.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/cross-build-fix.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/make-etc-initd-bind-stop-work.patch delete mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/mips1-not-support-opcode.diff create mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch create mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch create mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch create mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch create mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch create mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch create mode 100644 meta/recipes-connectivity/bind/bind/conf.patch create mode 100644 meta/recipes-connectivity/bind/bind/cross-build-fix.patch create mode 100644 meta/recipes-connectivity/bind/bind/dont-test-on-host.patch create mode 100644 meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch create mode 100644 meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff delete mode 100644 meta/recipes-connectivity/bind/bind_9.8.1.bb create mode 100644 meta/recipes-connectivity/bind/bind_9.9.5.bb (limited to 'meta/recipes-connectivity/bind') diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch deleted file mode 100644 index 0abb475adc..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch +++ /dev/null @@ -1,119 +0,0 @@ -bind_Fix_for_CVE-2012-5166 - -Upstream-Status: Backport - -Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg --1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz - -ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before -9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows -remote attackers to cause a denial of service (named daemon hang) -via unspecified combinations of resource records. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166 - -Signed-off-by: yanjun.zhu -diff -urpN a/bin/named/query.c b/bin/named/query.c ---- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800 -+++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800 -@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d - mname = NULL; - } - -- /* -- * If the dns_name_t we're looking up is already in the message, -- * we don't want to trigger the caller's name replacement logic. -- */ -- if (name == mname) -- mname = NULL; -- - *mnamep = mname; - - CTRACE("query_isduplicate: false: done"); -@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_ - if (dns_rdataset_isassociated(rdataset) && - !query_isduplicate(client, fname, type, &mname)) { - if (mname != NULL) { -+ INSIST(mname != fname); - query_releasename(client, &fname); - fname = mname; - } else -@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_ - mname = NULL; - if (!query_isduplicate(client, fname, - dns_rdatatype_a, &mname)) { -- if (mname != NULL) { -- query_releasename(client, &fname); -- fname = mname; -- } else -- need_addname = ISC_TRUE; -+ if (mname != fname) { -+ if (mname != NULL) { -+ query_releasename(client, &fname); -+ fname = mname; -+ } else -+ need_addname = ISC_TRUE; -+ } - ISC_LIST_APPEND(fname->list, rdataset, link); - added_something = ISC_TRUE; - if (sigrdataset != NULL && -@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_ - mname = NULL; - if (!query_isduplicate(client, fname, - dns_rdatatype_aaaa, &mname)) { -- if (mname != NULL) { -- query_releasename(client, &fname); -- fname = mname; -- } else -- need_addname = ISC_TRUE; -+ if (mname != fname) { -+ if (mname != NULL) { -+ query_releasename(client, &fname); -+ fname = mname; -+ } else -+ need_addname = ISC_TRUE; -+ } - ISC_LIST_APPEND(fname->list, rdataset, link); - added_something = ISC_TRUE; - if (sigrdataset != NULL && -@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name - crdataset->type == dns_rdatatype_aaaa) { - if (!query_isduplicate(client, fname, crdataset->type, - &mname)) { -- if (mname != NULL) { -- /* -- * A different type of this name is -- * already stored in the additional -- * section. We'll reuse the name. -- * Note that this should happen at most -- * once. Otherwise, fname->link could -- * leak below. -- */ -- INSIST(mname0 == NULL); -- -- query_releasename(client, &fname); -- fname = mname; -- mname0 = mname; -- } else -- need_addname = ISC_TRUE; -+ if (mname != fname) { -+ if (mname != NULL) { -+ /* -+ * A different type of this name is -+ * already stored in the additional -+ * section. We'll reuse the name. -+ * Note that this should happen at most -+ * once. Otherwise, fname->link could -+ * leak below. -+ */ -+ INSIST(mname0 == NULL); -+ -+ query_releasename(client, &fname); -+ fname = mname; -+ mname0 = mname; -+ } else -+ need_addname = ISC_TRUE; -+ } - ISC_LIST_UNLINK(cfname.list, crdataset, link); - ISC_LIST_APPEND(fname->list, crdataset, link); - added_something = ISC_TRUE; diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch deleted file mode 100644 index 19d8df1c2d..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch +++ /dev/null @@ -1,89 +0,0 @@ -The patch to fix CVE-2011-4313 - -Upstream-Status: Backport - -Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html - -query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV -through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 -through 9.9.0b1 allows remote attackers to cause a denial of service -(assertion failure and named exit) via unknown vectors related to recursive DNS -queries, error logging, and the caching of an invalid record by the resolver. - -Signed-off-by Ming Liu ---- - bin/named/query.c | 19 ++++++++----------- - lib/dns/rbtdb.c | 4 ++-- - 2 files changed, 10 insertions(+), 13 deletions(-) - ---- a/bin/named/query.c -+++ b/bin/named/query.c -@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ - goto addname; - if (result == DNS_R_NCACHENXRRSET) { - dns_rdataset_disassociate(rdataset); -- /* -- * Negative cache entries don't have sigrdatasets. -- */ -- INSIST(sigrdataset == NULL || -- ! dns_rdataset_isassociated(sigrdataset)); -+ if (sigrdataset != NULL && -+ dns_rdataset_isassociated(sigrdataset)) -+ dns_rdataset_disassociate(sigrdataset); - } - if (result == ISC_R_SUCCESS) { - mname = NULL; -@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ - goto addname; - if (result == DNS_R_NCACHENXRRSET) { - dns_rdataset_disassociate(rdataset); -- INSIST(sigrdataset == NULL || -- ! dns_rdataset_isassociated(sigrdataset)); -+ if (sigrdataset != NULL && -+ dns_rdataset_isassociated(sigrdataset)) -+ dns_rdataset_disassociate(sigrdataset); - } - if (result == ISC_R_SUCCESS) { - mname = NULL; -@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name - goto setcache; - if (result == DNS_R_NCACHENXRRSET) { - dns_rdataset_disassociate(rdataset); -- /* -- * Negative cache entries don't have sigrdatasets. -- */ -- INSIST(! dns_rdataset_isassociated(sigrdataset)); -+ if (dns_rdataset_isassociated(sigrdataset)) -+ dns_rdataset_disassociate(sigrdataset); - } - if (result == ISC_R_SUCCESS) { - /* Remember the result as a cache */ ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam - rdataset); - if (need_headerupdate(found, search.now)) - update = found; -- if (foundsig != NULL) { -+ if (!NEGATIVE(found) && foundsig != NULL) { - bind_rdataset(search.rbtdb, node, foundsig, search.now, - sigrdataset); - if (need_headerupdate(foundsig, search.now)) -@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno - } - if (found != NULL) { - bind_rdataset(rbtdb, rbtnode, found, now, rdataset); -- if (foundsig != NULL) -+ if (!NEGATIVE(found) && foundsig != NULL) - bind_rdataset(rbtdb, rbtnode, foundsig, now, - sigrdataset); - } -@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn - } - if (found != NULL) { - bind_rdataset(rbtdb, rbtnode, found, now, rdataset); -- if (foundsig != NULL) -+ if (!NEGATIVE(found) && foundsig != NULL) - bind_rdataset(rbtdb, rbtnode, foundsig, now, - sigrdataset); - } diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch deleted file mode 100644 index c441eab65d..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch +++ /dev/null @@ -1,92 +0,0 @@ -bind CVE-2012-1667 - -Upstream-Status: Backport - -ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, -and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource -records with a zero-length RDATA section, which allows remote DNS servers to -cause a denial of service (daemon crash or data corruption) or obtain -sensitive information from process memory via a crafted record. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667 - -The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package. - -Signed-off-by: Li Wang ---- - lib/dns/rdata.c | 8 ++++---- - lib/dns/rdataslab.c | 11 ++++++++--- - 2 files changed, 12 insertions(+), 7 deletions(-) - -diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c -index 063b1f6..9337a80 100644 ---- a/lib/dns/rdata.c -+++ b/lib/dns/rdata.c -@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { - - REQUIRE(rdata1 != NULL); - REQUIRE(rdata2 != NULL); -- REQUIRE(rdata1->data != NULL); -- REQUIRE(rdata2->data != NULL); -+ REQUIRE(rdata1->length == 0 || rdata1->data != NULL); -+ REQUIRE(rdata2->length == 0 || rdata2->data != NULL); - REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); - REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); - -@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { - - REQUIRE(rdata1 != NULL); - REQUIRE(rdata2 != NULL); -- REQUIRE(rdata1->data != NULL); -- REQUIRE(rdata2->data != NULL); -+ REQUIRE(rdata1->length == 0 || rdata1->data != NULL); -+ REQUIRE(rdata2->length == 0 || rdata2->data != NULL); - REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); - REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); - -diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c -index a41f16f..ed13b30 100644 ---- a/lib/dns/rdataslab.c -+++ b/lib/dns/rdataslab.c -@@ -125,6 +125,11 @@ isc_result_t - dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, - isc_region_t *region, unsigned int reservelen) - { -+ /* -+ * Use &removed as a sentinal pointer for duplicate -+ * rdata as rdata.data == NULL is valid. -+ */ -+ static unsigned char removed; - struct xrdata *x; - unsigned char *rawbuf; - #if DNS_RDATASET_FIXED -@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, - INSIST(result == ISC_R_SUCCESS); - dns_rdata_init(&x[i].rdata); - dns_rdataset_current(rdataset, &x[i].rdata); -+ INSIST(x[i].rdata.data != &removed); - #if DNS_RDATASET_FIXED - x[i].order = i; - #endif -@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, - */ - for (i = 1; i < nalloc; i++) { - if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) { -- x[i-1].rdata.data = NULL; -- x[i-1].rdata.length = 0; -+ x[i-1].rdata.data = &removed; - #if DNS_RDATASET_FIXED - /* - * Preserve the least order so A, B, A -> A, B -@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, - #endif - - for (i = 0; i < nalloc; i++) { -- if (x[i].rdata.data == NULL) -+ if (x[i].rdata.data == &removed) - continue; - #if DNS_RDATASET_FIXED - offsettable[x[i].order] = rawbuf - offsetbase; --- -1.7.0.5 - diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch deleted file mode 100644 index 1e159bd2f8..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch +++ /dev/null @@ -1,40 +0,0 @@ -bind: fix for CVE-2012-3817 - -Upstream-Status: Backport - -ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; -9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation -is enabled, does not properly initialize the failing-query cache, which allows -remote attackers to cause a denial of service (assertion failure and daemon exit) -by sending many queries. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 - -This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package. - -Signed-off-by: Ming Liu ---- - resolver.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t - goto cleanup; - bad->type = type; - bad->hashval = hashval; -+ bad->expire = *expire; - isc_buffer_init(&buffer, bad + 1, name->length); - dns_name_init(&bad->name, NULL); - dns_name_copy(name, &bad->name, &buffer); -@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t - if (resolver->badcount < resolver->badhash * 2 && - resolver->badhash > DNS_BADCACHE_SIZE) - resizehash(resolver, &now, ISC_FALSE); -- } -- bad->expire = *expire; -+ } else -+ bad->expire = *expire; - cleanup: - UNLOCK(&resolver->lock); - } diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch deleted file mode 100644 index 7ec6deb714..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch +++ /dev/null @@ -1,41 +0,0 @@ -bind: fix for CVE-2013-2266 - -Upstream-Status: Backport - -libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, -9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows -remote attackers to cause a denial of service (memory consumption) via a -crafted regular expression, as demonstrated by a memory-exhaustion attack -against a machine running a named process. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266 - -Signed-off-by Ming Liu ---- - config.h.in | 3 --- - configure.in | 2 +- - 2 files changed, 1 insertion(+), 4 deletions(-) - ---- a/config.h.in -+++ b/config.h.in -@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int - /* Define if your OpenSSL version supports GOST. */ - #undef HAVE_OPENSSL_GOST - --/* Define to 1 if you have the header file. */ --#undef HAVE_REGEX_H -- - /* Define to 1 if you have the `setegid' function. */ - #undef HAVE_SETEGID - ---- a/configure.in -+++ b/configure.in -@@ -279,7 +279,7 @@ esac - - AC_HEADER_STDC - --AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, -+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, - [$ac_includes_default - #ifdef HAVE_SYS_PARAM_H - # include diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch deleted file mode 100644 index 5dd6f69e45..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch +++ /dev/null @@ -1,141 +0,0 @@ -bind_Fix_for_CVE-2012-4244 - -Upstream-Status: Backport - -Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit - -ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, - and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to -cause a denial of service (assertion failure and named daemon exit) via -a query for a long resource record. - -Signed-off-by: yanjun.zhu - -diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h ---- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800 -@@ -147,6 +147,17 @@ struct dns_rdata { - (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0) - - /* -+ * The maximum length of a RDATA that can be sent on the wire. -+ * Max packet size (65535) less header (12), less name (1), type (2), -+ * class (2), ttl(4), length (2). -+ * -+ * None of the defined types that support name compression can exceed -+ * this and all new types are to be sent uncompressed. -+ */ -+ -+#define DNS_RDATA_MAXLENGTH 65512U -+ -+/* - * Flags affecting rdata formatting style. Flags 0xFFFF0000 - * are used by masterfile-level formatting and defined elsewhere. - * See additional comments at dns_rdata_tofmttext(). -diff -urpN a/lib/dns/master.c b/lib/dns/master.c ---- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800 -@@ -75,7 +75,7 @@ - /*% - * max message size - header - root - type - class - ttl - rdlen - */ --#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2) -+#define MINTSIZ DNS_RDATA_MAXLENGTH - /*% - * Size for tokens in the presentation format, - * The largest tokens are the base64 blocks in KEY and CERT records, -diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c ---- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800 -@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d - isc_buffer_t st; - isc_boolean_t use_default = ISC_FALSE; - isc_uint32_t activelength; -+ size_t length; - - REQUIRE(dctx != NULL); - if (rdata != NULL) { -@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d - } - - /* -+ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH -+ * as we cannot transmit it. -+ */ -+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); -+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) -+ result = DNS_R_FORMERR; -+ -+ /* - * We should have consumed all of our buffer. - */ - if (result == ISC_R_SUCCESS && !buffer_empty(source)) -@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d - - if (rdata != NULL && result == ISC_R_SUCCESS) { - region.base = isc_buffer_used(&st); -- region.length = isc_buffer_usedlength(target) - -- isc_buffer_usedlength(&st); -+ region.length = length; - dns_rdata_fromregion(rdata, rdclass, type, ®ion); - } - -@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d - unsigned long line; - void (*callback)(dns_rdatacallbacks_t *, const char *, ...); - isc_result_t tresult; -+ size_t length; - - REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); - if (rdata != NULL) { -@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d - } - } while (1); - -+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); -+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) -+ result = ISC_R_NOSPACE; -+ - if (rdata != NULL && result == ISC_R_SUCCESS) { - region.base = isc_buffer_used(&st); -- region.length = isc_buffer_usedlength(target) - -- isc_buffer_usedlength(&st); -+ region.length = length; - dns_rdata_fromregion(rdata, rdclass, type, ®ion); - } - if (result != ISC_R_SUCCESS) { -@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, - isc_buffer_t st; - isc_region_t region; - isc_boolean_t use_default = ISC_FALSE; -+ size_t length; - - REQUIRE(source != NULL); - if (rdata != NULL) { -@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, - if (use_default) - (void)NULL; - -+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); -+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) -+ result = ISC_R_NOSPACE; -+ - if (rdata != NULL && result == ISC_R_SUCCESS) { - region.base = isc_buffer_used(&st); -- region.length = isc_buffer_usedlength(target) - -- isc_buffer_usedlength(&st); -+ region.length = length; - dns_rdata_fromregion(rdata, rdclass, type, ®ion); - } - if (result != ISC_R_SUCCESS) -diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c ---- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800 -@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_ - length = x[i].rdata.length; - if (rdataset->type == dns_rdatatype_rrsig) - length++; -+ INSIST(length <= 0xffff); - *rawbuf++ = (length & 0xff00) >> 8; - *rawbuf++ = (length & 0x00ff); - #if DNS_RDATASET_FIXED diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/conf.patch b/meta/recipes-connectivity/bind/bind-9.8.1/conf.patch deleted file mode 100644 index 2785c6a22f..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/conf.patch +++ /dev/null @@ -1,314 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -the patch is imported from openembedded project - -11/30/2010 - Qing He - -diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 ---- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,12 @@ -+; -+; BIND reverse data file for broadcast zone -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 ---- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,13 @@ -+; -+; BIND reverse data file for local loopback interface -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -+1.0.0 IN PTR localhost. -diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty ---- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,14 @@ -+; BIND reverse data file for empty rfc1918 zone -+; -+; DO NOT EDIT THIS FILE - it is used for multiple zones. -+; Instead, copy it, edit named.conf, and use that copy. -+; -+$TTL 86400 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 86400 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local ---- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,13 @@ -+; -+; BIND data file for local loopback interface -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -+@ IN A 127.0.0.1 -diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root ---- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,45 @@ -+ -+; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. -+;; global options: printcmd -+;; Got answer: -+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 -+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 -+ -+;; QUESTION SECTION: -+;. IN NS -+ -+;; ANSWER SECTION: -+. 518400 IN NS A.ROOT-SERVERS.NET. -+. 518400 IN NS B.ROOT-SERVERS.NET. -+. 518400 IN NS C.ROOT-SERVERS.NET. -+. 518400 IN NS D.ROOT-SERVERS.NET. -+. 518400 IN NS E.ROOT-SERVERS.NET. -+. 518400 IN NS F.ROOT-SERVERS.NET. -+. 518400 IN NS G.ROOT-SERVERS.NET. -+. 518400 IN NS H.ROOT-SERVERS.NET. -+. 518400 IN NS I.ROOT-SERVERS.NET. -+. 518400 IN NS J.ROOT-SERVERS.NET. -+. 518400 IN NS K.ROOT-SERVERS.NET. -+. 518400 IN NS L.ROOT-SERVERS.NET. -+. 518400 IN NS M.ROOT-SERVERS.NET. -+ -+;; ADDITIONAL SECTION: -+A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 -+B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 -+C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 -+D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 -+E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 -+F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 -+G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 -+H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 -+I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 -+J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 -+K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 -+L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 -+M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 -+ -+;; Query time: 81 msec -+;; SERVER: 198.41.0.4#53(a.root-servers.net.) -+;; WHEN: Sun Feb 1 11:27:14 2004 -+;; MSG SIZE rcvd: 436 -+ -diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf ---- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 -@@ -0,0 +1,49 @@ -+// This is the primary configuration file for the BIND DNS server named. -+// -+// If you are just adding zones, please do that in /etc/bind/named.conf.local -+ -+include "/etc/bind/named.conf.options"; -+ -+// prime the server with knowledge of the root servers -+zone "." { -+ type hint; -+ file "/etc/bind/db.root"; -+}; -+ -+// be authoritative for the localhost forward and reverse zones, and for -+// broadcast zones as per RFC 1912 -+ -+zone "localhost" { -+ type master; -+ file "/etc/bind/db.local"; -+}; -+ -+zone "127.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.127"; -+}; -+ -+zone "0.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.0"; -+}; -+ -+zone "255.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.255"; -+}; -+ -+// zone "com" { type delegation-only; }; -+// zone "net" { type delegation-only; }; -+ -+// From the release notes: -+// Because many of our users are uncomfortable receiving undelegated answers -+// from root or top level domains, other than a few for whom that behaviour -+// has been trusted and expected for quite some length of time, we have now -+// introduced the "root-delegations-only" feature which applies delegation-only -+// logic to all top level domains, and to the root domain. An exception list -+// should be specified, including "MUSEUM" and "DE", and any other top level -+// domains from whom undelegated responses are expected and trusted. -+// root-delegation-only exclude { "DE"; "MUSEUM"; }; -+ -+include "/etc/bind/named.conf.local"; -diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local ---- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 -@@ -0,0 +1,8 @@ -+// -+// Do any local configuration here -+// -+ -+// Consider adding the 1918 zones here, if they are not used in your -+// organization -+//include "/etc/bind/zones.rfc1918"; -+ -diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options ---- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 -@@ -0,0 +1,24 @@ -+options { -+ directory "/var/cache/bind"; -+ -+ // If there is a firewall between you and nameservers you want -+ // to talk to, you might need to uncomment the query-source -+ // directive below. Previous versions of BIND always asked -+ // questions using port 53, but BIND 8.1 and later use an unprivileged -+ // port by default. -+ -+ // query-source address * port 53; -+ -+ // If your ISP provided one or more IP addresses for stable -+ // nameservers, you probably want to use them as forwarders. -+ // Uncomment the following block, and insert the addresses replacing -+ // the all-0's placeholder. -+ -+ // forwarders { -+ // 0.0.0.0; -+ // }; -+ -+ auth-nxdomain no; # conform to RFC1035 -+ -+}; -+ -diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 ---- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 -@@ -0,0 +1,20 @@ -+zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+ -+zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+ -+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d ---- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 -@@ -0,0 +1,70 @@ -+#!/bin/sh -+ -+PATH=/sbin:/bin:/usr/sbin:/usr/bin -+ -+# for a chrooted server: "-u bind -t /var/lib/named" -+# Don't modify this line, change or create /etc/default/bind9. -+OPTIONS="" -+ -+test -f /etc/default/bind9 && . /etc/default/bind9 -+ -+test -x /usr/sbin/rndc || exit 0 -+ -+case "$1" in -+ start) -+ echo -n "Starting domain name service: named" -+ -+ modprobe capability >/dev/null 2>&1 || true -+ if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom -+ chown 0640 /etc/bind/rndc.key -+ fi -+ if [ -f /var/run/named/named.pid ]; then -+ ps `cat /var/run/named/named.pid` > /dev/null && exit 1 -+ fi -+ -+ # dirs under /var/run can go away on reboots. -+ mkdir -p /var/run/named -+ mkdir -p /var/cache/bind -+ chmod 775 /var/run/named -+ chown root:bind /var/run/named >/dev/null 2>&1 || true -+ -+ if [ ! -x /usr/sbin/named ]; then -+ echo "named binary missing - not starting" -+ exit 1 -+ fi -+ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ -+ --pidfile /var/run/named/named.pid -- $OPTIONS; then -+ if [ -x /sbin/resolvconf ] ; then -+ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo -+ fi -+ fi -+ echo "." -+ ;; -+ -+ stop) -+ echo -n "Stopping domain name service: named" -+ if [ -x /sbin/resolvconf ]; then -+ /sbin/resolvconf -d lo -+ fi -+ /usr/sbin/rndc stop >/dev/null 2>&1 -+ echo "." -+ ;; -+ -+ reload) -+ /usr/sbin/rndc reload -+ ;; -+ -+ restart|force-reload) -+ $0 stop -+ sleep 2 -+ $0 start -+ ;; -+ -+ *) -+ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 -+ exit 1 -+ ;; -+esac -+ -+exit 0 diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/cross-build-fix.patch b/meta/recipes-connectivity/bind/bind-9.8.1/cross-build-fix.patch deleted file mode 100644 index 4c37b6b00c..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/cross-build-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -11/30/2010 -gen.c should be build by ${BUILD_CC} - -Signed-off-by: Qing He - -diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in -index aeadf57..d3fae74 100644 ---- a/lib/export/dns/Makefile.in -+++ b/lib/export/dns/Makefile.in -@@ -166,7 +166,8 @@ code.h: gen - ./gen -s ${srcdir} > code.h - - gen: ${srcdir}/gen.c -- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS} -+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ -+ ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS} - - #We don't need rbtdb64 for this library - #rbtdb64.@O@: rbtdb.c diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.8.1/make-etc-initd-bind-stop-work.patch deleted file mode 100644 index 146f3e35db..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/make-etc-initd-bind-stop-work.patch +++ /dev/null @@ -1,42 +0,0 @@ -bind: make "/etc/init.d/bind stop" work - -Upstream-Status: Inappropriate [configuration] - -Add some configurations, make rndc command be able to controls -the named daemon. - -Signed-off-by: Roy Li ---- - conf/named.conf | 5 +++++ - conf/rndc.conf | 5 +++++ - 2 files changed, 10 insertions(+), 0 deletions(-) - create mode 100644 conf/rndc.conf - -diff --git a/conf/named.conf b/conf/named.conf -index 95829cf..c8899e7 100644 ---- a/conf/named.conf -+++ b/conf/named.conf -@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { - // root-delegation-only exclude { "DE"; "MUSEUM"; }; - - include "/etc/bind/named.conf.local"; -+include "/etc/bind/rndc.key" ; -+controls { -+ inet 127.0.0.1 allow { localhost; } -+ keys { rndc-key; }; -+}; -diff --git a/conf/rndc.conf b/conf/rndc.conf -new file mode 100644 -index 0000000..a0b481d ---- /dev/null -+++ b/conf/rndc.conf -@@ -0,0 +1,5 @@ -+include "/etc/bind/rndc.key"; -+options { -+ default-server localhost; -+ default-key rndc-key; -+}; - --- -1.7.5.4 - diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind-9.8.1/mips1-not-support-opcode.diff deleted file mode 100644 index 2930796b6a..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.8.1/mips1-not-support-opcode.diff +++ /dev/null @@ -1,104 +0,0 @@ -bind: port a patch to fix a build failure - -mips1 does not support ll and sc instructions, and lead to below error, now -we port a patch from debian to fix it -[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz] - -| {standard input}: Assembler messages: -| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)' -| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)' - -Upstream-Status: Pending - -Signed-off-by: Roy Li - ---- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h -+++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h -@@ -31,18 +31,20 @@ - isc_atomic_xadd(isc_int32_t *p, int val) { - isc_int32_t orig; - -- /* add is a cheat, since MIPS has no mov instruction */ -- __asm__ volatile ( -- "1:" -- "ll $3, %1\n" -- "add %0, $0, $3\n" -- "add $3, $3, %2\n" -- "sc $3, %1\n" -- "beq $3, 0, 1b" -- : "=&r"(orig) -- : "m"(*p), "r"(val) -- : "memory", "$3" -- ); -+ __asm__ __volatile__ ( -+ " .set push \n" -+ " .set mips2 \n" -+ " .set noreorder \n" -+ " .set noat \n" -+ "1: ll $1, %1 \n" -+ " addu %0, $1, %2 \n" -+ " sc %0, %1 \n" -+ " beqz %0, 1b \n" -+ " move %0, $1 \n" -+ " .set pop \n" -+ : "=&r" (orig), "+R" (*p) -+ : "r" (val) -+ : "memory"); - - return (orig); - } -@@ -52,16 +54,7 @@ - */ - static inline void - isc_atomic_store(isc_int32_t *p, isc_int32_t val) { -- __asm__ volatile ( -- "1:" -- "ll $3, %0\n" -- "add $3, $0, %1\n" -- "sc $3, %0\n" -- "beq $3, 0, 1b" -- : -- : "m"(*p), "r"(val) -- : "memory", "$3" -- ); -+ *p = val; - } - - /* -@@ -72,20 +65,23 @@ - static inline isc_int32_t - isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { - isc_int32_t orig; -+ isc_int32_t tmp; - -- __asm__ volatile( -- "1:" -- "ll $3, %1\n" -- "add %0, $0, $3\n" -- "bne $3, %2, 2f\n" -- "add $3, $0, %3\n" -- "sc $3, %1\n" -- "beq $3, 0, 1b\n" -- "2:" -- : "=&r"(orig) -- : "m"(*p), "r"(cmpval), "r"(val) -- : "memory", "$3" -- ); -+ __asm__ __volatile__ ( -+ " .set push \n" -+ " .set mips2 \n" -+ " .set noreorder \n" -+ " .set noat \n" -+ "1: ll $1, %1 \n" -+ " bne $1, %3, 2f \n" -+ " move %2, %4 \n" -+ " sc %2, %1 \n" -+ " beqz %2, 1b \n" -+ "2: move %0, $1 \n" -+ " .set pop \n" -+ : "=&r"(orig), "+R" (*p), "=r" (tmp) -+ : "r"(cmpval), "r"(val) -+ : "memory"); - - return (orig); - } diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch new file mode 100644 index 0000000000..0abb475adc --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch @@ -0,0 +1,119 @@ +bind_Fix_for_CVE-2012-5166 + +Upstream-Status: Backport + +Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg +-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz + +ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before +9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows +remote attackers to cause a denial of service (named daemon hang) +via unspecified combinations of resource records. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166 + +Signed-off-by: yanjun.zhu +diff -urpN a/bin/named/query.c b/bin/named/query.c +--- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800 ++++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800 +@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d + mname = NULL; + } + +- /* +- * If the dns_name_t we're looking up is already in the message, +- * we don't want to trigger the caller's name replacement logic. +- */ +- if (name == mname) +- mname = NULL; +- + *mnamep = mname; + + CTRACE("query_isduplicate: false: done"); +@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_ + if (dns_rdataset_isassociated(rdataset) && + !query_isduplicate(client, fname, type, &mname)) { + if (mname != NULL) { ++ INSIST(mname != fname); + query_releasename(client, &fname); + fname = mname; + } else +@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_ + mname = NULL; + if (!query_isduplicate(client, fname, + dns_rdatatype_a, &mname)) { +- if (mname != NULL) { +- query_releasename(client, &fname); +- fname = mname; +- } else +- need_addname = ISC_TRUE; ++ if (mname != fname) { ++ if (mname != NULL) { ++ query_releasename(client, &fname); ++ fname = mname; ++ } else ++ need_addname = ISC_TRUE; ++ } + ISC_LIST_APPEND(fname->list, rdataset, link); + added_something = ISC_TRUE; + if (sigrdataset != NULL && +@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_ + mname = NULL; + if (!query_isduplicate(client, fname, + dns_rdatatype_aaaa, &mname)) { +- if (mname != NULL) { +- query_releasename(client, &fname); +- fname = mname; +- } else +- need_addname = ISC_TRUE; ++ if (mname != fname) { ++ if (mname != NULL) { ++ query_releasename(client, &fname); ++ fname = mname; ++ } else ++ need_addname = ISC_TRUE; ++ } + ISC_LIST_APPEND(fname->list, rdataset, link); + added_something = ISC_TRUE; + if (sigrdataset != NULL && +@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name + crdataset->type == dns_rdatatype_aaaa) { + if (!query_isduplicate(client, fname, crdataset->type, + &mname)) { +- if (mname != NULL) { +- /* +- * A different type of this name is +- * already stored in the additional +- * section. We'll reuse the name. +- * Note that this should happen at most +- * once. Otherwise, fname->link could +- * leak below. +- */ +- INSIST(mname0 == NULL); +- +- query_releasename(client, &fname); +- fname = mname; +- mname0 = mname; +- } else +- need_addname = ISC_TRUE; ++ if (mname != fname) { ++ if (mname != NULL) { ++ /* ++ * A different type of this name is ++ * already stored in the additional ++ * section. We'll reuse the name. ++ * Note that this should happen at most ++ * once. Otherwise, fname->link could ++ * leak below. ++ */ ++ INSIST(mname0 == NULL); ++ ++ query_releasename(client, &fname); ++ fname = mname; ++ mname0 = mname; ++ } else ++ need_addname = ISC_TRUE; ++ } + ISC_LIST_UNLINK(cfname.list, crdataset, link); + ISC_LIST_APPEND(fname->list, crdataset, link); + added_something = ISC_TRUE; diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch new file mode 100644 index 0000000000..19d8df1c2d --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch @@ -0,0 +1,89 @@ +The patch to fix CVE-2011-4313 + +Upstream-Status: Backport + +Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html + +query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV +through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 +through 9.9.0b1 allows remote attackers to cause a denial of service +(assertion failure and named exit) via unknown vectors related to recursive DNS +queries, error logging, and the caching of an invalid record by the resolver. + +Signed-off-by Ming Liu +--- + bin/named/query.c | 19 ++++++++----------- + lib/dns/rbtdb.c | 4 ++-- + 2 files changed, 10 insertions(+), 13 deletions(-) + +--- a/bin/named/query.c ++++ b/bin/named/query.c +@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ + goto addname; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); +- /* +- * Negative cache entries don't have sigrdatasets. +- */ +- INSIST(sigrdataset == NULL || +- ! dns_rdataset_isassociated(sigrdataset)); ++ if (sigrdataset != NULL && ++ dns_rdataset_isassociated(sigrdataset)) ++ dns_rdataset_disassociate(sigrdataset); + } + if (result == ISC_R_SUCCESS) { + mname = NULL; +@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ + goto addname; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); +- INSIST(sigrdataset == NULL || +- ! dns_rdataset_isassociated(sigrdataset)); ++ if (sigrdataset != NULL && ++ dns_rdataset_isassociated(sigrdataset)) ++ dns_rdataset_disassociate(sigrdataset); + } + if (result == ISC_R_SUCCESS) { + mname = NULL; +@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name + goto setcache; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); +- /* +- * Negative cache entries don't have sigrdatasets. +- */ +- INSIST(! dns_rdataset_isassociated(sigrdataset)); ++ if (dns_rdataset_isassociated(sigrdataset)) ++ dns_rdataset_disassociate(sigrdataset); + } + if (result == ISC_R_SUCCESS) { + /* Remember the result as a cache */ +--- a/lib/dns/rbtdb.c ++++ b/lib/dns/rbtdb.c +@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam + rdataset); + if (need_headerupdate(found, search.now)) + update = found; +- if (foundsig != NULL) { ++ if (!NEGATIVE(found) && foundsig != NULL) { + bind_rdataset(search.rbtdb, node, foundsig, search.now, + sigrdataset); + if (need_headerupdate(foundsig, search.now)) +@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno + } + if (found != NULL) { + bind_rdataset(rbtdb, rbtnode, found, now, rdataset); +- if (foundsig != NULL) ++ if (!NEGATIVE(found) && foundsig != NULL) + bind_rdataset(rbtdb, rbtnode, foundsig, now, + sigrdataset); + } +@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn + } + if (found != NULL) { + bind_rdataset(rbtdb, rbtnode, found, now, rdataset); +- if (foundsig != NULL) ++ if (!NEGATIVE(found) && foundsig != NULL) + bind_rdataset(rbtdb, rbtnode, foundsig, now, + sigrdataset); + } diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch new file mode 100644 index 0000000000..c441eab65d --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch @@ -0,0 +1,92 @@ +bind CVE-2012-1667 + +Upstream-Status: Backport + +ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, +and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource +records with a zero-length RDATA section, which allows remote DNS servers to +cause a denial of service (daemon crash or data corruption) or obtain +sensitive information from process memory via a crafted record. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667 + +The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package. + +Signed-off-by: Li Wang +--- + lib/dns/rdata.c | 8 ++++---- + lib/dns/rdataslab.c | 11 ++++++++--- + 2 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c +index 063b1f6..9337a80 100644 +--- a/lib/dns/rdata.c ++++ b/lib/dns/rdata.c +@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { + + REQUIRE(rdata1 != NULL); + REQUIRE(rdata2 != NULL); +- REQUIRE(rdata1->data != NULL); +- REQUIRE(rdata2->data != NULL); ++ REQUIRE(rdata1->length == 0 || rdata1->data != NULL); ++ REQUIRE(rdata2->length == 0 || rdata2->data != NULL); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); + +@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { + + REQUIRE(rdata1 != NULL); + REQUIRE(rdata2 != NULL); +- REQUIRE(rdata1->data != NULL); +- REQUIRE(rdata2->data != NULL); ++ REQUIRE(rdata1->length == 0 || rdata1->data != NULL); ++ REQUIRE(rdata2->length == 0 || rdata2->data != NULL); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); + +diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c +index a41f16f..ed13b30 100644 +--- a/lib/dns/rdataslab.c ++++ b/lib/dns/rdataslab.c +@@ -125,6 +125,11 @@ isc_result_t + dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + isc_region_t *region, unsigned int reservelen) + { ++ /* ++ * Use &removed as a sentinal pointer for duplicate ++ * rdata as rdata.data == NULL is valid. ++ */ ++ static unsigned char removed; + struct xrdata *x; + unsigned char *rawbuf; + #if DNS_RDATASET_FIXED +@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + INSIST(result == ISC_R_SUCCESS); + dns_rdata_init(&x[i].rdata); + dns_rdataset_current(rdataset, &x[i].rdata); ++ INSIST(x[i].rdata.data != &removed); + #if DNS_RDATASET_FIXED + x[i].order = i; + #endif +@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + */ + for (i = 1; i < nalloc; i++) { + if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) { +- x[i-1].rdata.data = NULL; +- x[i-1].rdata.length = 0; ++ x[i-1].rdata.data = &removed; + #if DNS_RDATASET_FIXED + /* + * Preserve the least order so A, B, A -> A, B +@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + #endif + + for (i = 0; i < nalloc; i++) { +- if (x[i].rdata.data == NULL) ++ if (x[i].rdata.data == &removed) + continue; + #if DNS_RDATASET_FIXED + offsettable[x[i].order] = rawbuf - offsetbase; +-- +1.7.0.5 + diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch new file mode 100644 index 0000000000..1e159bd2f8 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch @@ -0,0 +1,40 @@ +bind: fix for CVE-2012-3817 + +Upstream-Status: Backport + +ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; +9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation +is enabled, does not properly initialize the failing-query cache, which allows +remote attackers to cause a denial of service (assertion failure and daemon exit) +by sending many queries. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 + +This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package. + +Signed-off-by: Ming Liu +--- + resolver.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t + goto cleanup; + bad->type = type; + bad->hashval = hashval; ++ bad->expire = *expire; + isc_buffer_init(&buffer, bad + 1, name->length); + dns_name_init(&bad->name, NULL); + dns_name_copy(name, &bad->name, &buffer); +@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t + if (resolver->badcount < resolver->badhash * 2 && + resolver->badhash > DNS_BADCACHE_SIZE) + resizehash(resolver, &now, ISC_FALSE); +- } +- bad->expire = *expire; ++ } else ++ bad->expire = *expire; + cleanup: + UNLOCK(&resolver->lock); + } diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch new file mode 100644 index 0000000000..7ec6deb714 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch @@ -0,0 +1,41 @@ +bind: fix for CVE-2013-2266 + +Upstream-Status: Backport + +libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, +9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows +remote attackers to cause a denial of service (memory consumption) via a +crafted regular expression, as demonstrated by a memory-exhaustion attack +against a machine running a named process. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266 + +Signed-off-by Ming Liu +--- + config.h.in | 3 --- + configure.in | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/config.h.in ++++ b/config.h.in +@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int + /* Define if your OpenSSL version supports GOST. */ + #undef HAVE_OPENSSL_GOST + +-/* Define to 1 if you have the header file. */ +-#undef HAVE_REGEX_H +- + /* Define to 1 if you have the `setegid' function. */ + #undef HAVE_SETEGID + +--- a/configure.in ++++ b/configure.in +@@ -279,7 +279,7 @@ esac + + AC_HEADER_STDC + +-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, ++AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, + [$ac_includes_default + #ifdef HAVE_SYS_PARAM_H + # include diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch new file mode 100644 index 0000000000..5dd6f69e45 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch @@ -0,0 +1,141 @@ +bind_Fix_for_CVE-2012-4244 + +Upstream-Status: Backport + +Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit + +ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, + and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to +cause a denial of service (assertion failure and named daemon exit) via +a query for a long resource record. + +Signed-off-by: yanjun.zhu + +diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h +--- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800 +@@ -147,6 +147,17 @@ struct dns_rdata { + (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0) + + /* ++ * The maximum length of a RDATA that can be sent on the wire. ++ * Max packet size (65535) less header (12), less name (1), type (2), ++ * class (2), ttl(4), length (2). ++ * ++ * None of the defined types that support name compression can exceed ++ * this and all new types are to be sent uncompressed. ++ */ ++ ++#define DNS_RDATA_MAXLENGTH 65512U ++ ++/* + * Flags affecting rdata formatting style. Flags 0xFFFF0000 + * are used by masterfile-level formatting and defined elsewhere. + * See additional comments at dns_rdata_tofmttext(). +diff -urpN a/lib/dns/master.c b/lib/dns/master.c +--- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800 +@@ -75,7 +75,7 @@ + /*% + * max message size - header - root - type - class - ttl - rdlen + */ +-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2) ++#define MINTSIZ DNS_RDATA_MAXLENGTH + /*% + * Size for tokens in the presentation format, + * The largest tokens are the base64 blocks in KEY and CERT records, +diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c +--- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800 +@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d + isc_buffer_t st; + isc_boolean_t use_default = ISC_FALSE; + isc_uint32_t activelength; ++ size_t length; + + REQUIRE(dctx != NULL); + if (rdata != NULL) { +@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d + } + + /* ++ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH ++ * as we cannot transmit it. ++ */ ++ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); ++ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) ++ result = DNS_R_FORMERR; ++ ++ /* + * We should have consumed all of our buffer. + */ + if (result == ISC_R_SUCCESS && !buffer_empty(source)) +@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d + + if (rdata != NULL && result == ISC_R_SUCCESS) { + region.base = isc_buffer_used(&st); +- region.length = isc_buffer_usedlength(target) - +- isc_buffer_usedlength(&st); ++ region.length = length; + dns_rdata_fromregion(rdata, rdclass, type, ®ion); + } + +@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d + unsigned long line; + void (*callback)(dns_rdatacallbacks_t *, const char *, ...); + isc_result_t tresult; ++ size_t length; + + REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); + if (rdata != NULL) { +@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d + } + } while (1); + ++ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); ++ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) ++ result = ISC_R_NOSPACE; ++ + if (rdata != NULL && result == ISC_R_SUCCESS) { + region.base = isc_buffer_used(&st); +- region.length = isc_buffer_usedlength(target) - +- isc_buffer_usedlength(&st); ++ region.length = length; + dns_rdata_fromregion(rdata, rdclass, type, ®ion); + } + if (result != ISC_R_SUCCESS) { +@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, + isc_buffer_t st; + isc_region_t region; + isc_boolean_t use_default = ISC_FALSE; ++ size_t length; + + REQUIRE(source != NULL); + if (rdata != NULL) { +@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, + if (use_default) + (void)NULL; + ++ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); ++ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) ++ result = ISC_R_NOSPACE; ++ + if (rdata != NULL && result == ISC_R_SUCCESS) { + region.base = isc_buffer_used(&st); +- region.length = isc_buffer_usedlength(target) - +- isc_buffer_usedlength(&st); ++ region.length = length; + dns_rdata_fromregion(rdata, rdclass, type, ®ion); + } + if (result != ISC_R_SUCCESS) +diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c +--- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800 +@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_ + length = x[i].rdata.length; + if (rdataset->type == dns_rdatatype_rrsig) + length++; ++ INSIST(length <= 0xffff); + *rawbuf++ = (length & 0xff00) >> 8; + *rawbuf++ = (length & 0x00ff); + #if DNS_RDATASET_FIXED diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch new file mode 100644 index 0000000000..2785c6a22f --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/conf.patch @@ -0,0 +1,314 @@ +Upstream-Status: Inappropriate [configuration] + +the patch is imported from openembedded project + +11/30/2010 - Qing He + +diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 +--- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,12 @@ ++; ++; BIND reverse data file for broadcast zone ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 +--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND reverse data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++1.0.0 IN PTR localhost. +diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty +--- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,14 @@ ++; BIND reverse data file for empty rfc1918 zone ++; ++; DO NOT EDIT THIS FILE - it is used for multiple zones. ++; Instead, copy it, edit named.conf, and use that copy. ++; ++$TTL 86400 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 86400 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local +--- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++@ IN A 127.0.0.1 +diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root +--- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,45 @@ ++ ++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. ++;; global options: printcmd ++;; Got answer: ++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 ++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ++ ++;; QUESTION SECTION: ++;. IN NS ++ ++;; ANSWER SECTION: ++. 518400 IN NS A.ROOT-SERVERS.NET. ++. 518400 IN NS B.ROOT-SERVERS.NET. ++. 518400 IN NS C.ROOT-SERVERS.NET. ++. 518400 IN NS D.ROOT-SERVERS.NET. ++. 518400 IN NS E.ROOT-SERVERS.NET. ++. 518400 IN NS F.ROOT-SERVERS.NET. ++. 518400 IN NS G.ROOT-SERVERS.NET. ++. 518400 IN NS H.ROOT-SERVERS.NET. ++. 518400 IN NS I.ROOT-SERVERS.NET. ++. 518400 IN NS J.ROOT-SERVERS.NET. ++. 518400 IN NS K.ROOT-SERVERS.NET. ++. 518400 IN NS L.ROOT-SERVERS.NET. ++. 518400 IN NS M.ROOT-SERVERS.NET. ++ ++;; ADDITIONAL SECTION: ++A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 ++B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 ++C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 ++D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 ++E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 ++F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 ++G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 ++H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 ++I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 ++J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 ++K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 ++L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 ++M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 ++ ++;; Query time: 81 msec ++;; SERVER: 198.41.0.4#53(a.root-servers.net.) ++;; WHEN: Sun Feb 1 11:27:14 2004 ++;; MSG SIZE rcvd: 436 ++ +diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf +--- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 +@@ -0,0 +1,49 @@ ++// This is the primary configuration file for the BIND DNS server named. ++// ++// If you are just adding zones, please do that in /etc/bind/named.conf.local ++ ++include "/etc/bind/named.conf.options"; ++ ++// prime the server with knowledge of the root servers ++zone "." { ++ type hint; ++ file "/etc/bind/db.root"; ++}; ++ ++// be authoritative for the localhost forward and reverse zones, and for ++// broadcast zones as per RFC 1912 ++ ++zone "localhost" { ++ type master; ++ file "/etc/bind/db.local"; ++}; ++ ++zone "127.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.127"; ++}; ++ ++zone "0.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.0"; ++}; ++ ++zone "255.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.255"; ++}; ++ ++// zone "com" { type delegation-only; }; ++// zone "net" { type delegation-only; }; ++ ++// From the release notes: ++// Because many of our users are uncomfortable receiving undelegated answers ++// from root or top level domains, other than a few for whom that behaviour ++// has been trusted and expected for quite some length of time, we have now ++// introduced the "root-delegations-only" feature which applies delegation-only ++// logic to all top level domains, and to the root domain. An exception list ++// should be specified, including "MUSEUM" and "DE", and any other top level ++// domains from whom undelegated responses are expected and trusted. ++// root-delegation-only exclude { "DE"; "MUSEUM"; }; ++ ++include "/etc/bind/named.conf.local"; +diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local +--- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,8 @@ ++// ++// Do any local configuration here ++// ++ ++// Consider adding the 1918 zones here, if they are not used in your ++// organization ++//include "/etc/bind/zones.rfc1918"; ++ +diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options +--- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,24 @@ ++options { ++ directory "/var/cache/bind"; ++ ++ // If there is a firewall between you and nameservers you want ++ // to talk to, you might need to uncomment the query-source ++ // directive below. Previous versions of BIND always asked ++ // questions using port 53, but BIND 8.1 and later use an unprivileged ++ // port by default. ++ ++ // query-source address * port 53; ++ ++ // If your ISP provided one or more IP addresses for stable ++ // nameservers, you probably want to use them as forwarders. ++ // Uncomment the following block, and insert the addresses replacing ++ // the all-0's placeholder. ++ ++ // forwarders { ++ // 0.0.0.0; ++ // }; ++ ++ auth-nxdomain no; # conform to RFC1035 ++ ++}; ++ +diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 +--- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 +@@ -0,0 +1,20 @@ ++zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d +--- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 +@@ -0,0 +1,70 @@ ++#!/bin/sh ++ ++PATH=/sbin:/bin:/usr/sbin:/usr/bin ++ ++# for a chrooted server: "-u bind -t /var/lib/named" ++# Don't modify this line, change or create /etc/default/bind9. ++OPTIONS="" ++ ++test -f /etc/default/bind9 && . /etc/default/bind9 ++ ++test -x /usr/sbin/rndc || exit 0 ++ ++case "$1" in ++ start) ++ echo -n "Starting domain name service: named" ++ ++ modprobe capability >/dev/null 2>&1 || true ++ if [ ! -f /etc/bind/rndc.key ]; then ++ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ chown 0640 /etc/bind/rndc.key ++ fi ++ if [ -f /var/run/named/named.pid ]; then ++ ps `cat /var/run/named/named.pid` > /dev/null && exit 1 ++ fi ++ ++ # dirs under /var/run can go away on reboots. ++ mkdir -p /var/run/named ++ mkdir -p /var/cache/bind ++ chmod 775 /var/run/named ++ chown root:bind /var/run/named >/dev/null 2>&1 || true ++ ++ if [ ! -x /usr/sbin/named ]; then ++ echo "named binary missing - not starting" ++ exit 1 ++ fi ++ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ ++ --pidfile /var/run/named/named.pid -- $OPTIONS; then ++ if [ -x /sbin/resolvconf ] ; then ++ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo ++ fi ++ fi ++ echo "." ++ ;; ++ ++ stop) ++ echo -n "Stopping domain name service: named" ++ if [ -x /sbin/resolvconf ]; then ++ /sbin/resolvconf -d lo ++ fi ++ /usr/sbin/rndc stop >/dev/null 2>&1 ++ echo "." ++ ;; ++ ++ reload) ++ /usr/sbin/rndc reload ++ ;; ++ ++ restart|force-reload) ++ $0 stop ++ sleep 2 ++ $0 start ++ ;; ++ ++ *) ++ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 diff --git a/meta/recipes-connectivity/bind/bind/cross-build-fix.patch b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch new file mode 100644 index 0000000000..4c37b6b00c --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch @@ -0,0 +1,21 @@ +Upstream-Status: Inappropriate [configuration] + +11/30/2010 +gen.c should be build by ${BUILD_CC} + +Signed-off-by: Qing He + +diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in +index aeadf57..d3fae74 100644 +--- a/lib/export/dns/Makefile.in ++++ b/lib/export/dns/Makefile.in +@@ -166,7 +166,8 @@ code.h: gen + ./gen -s ${srcdir} > code.h + + gen: ${srcdir}/gen.c +- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS} ++ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ ++ ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS} + + #We don't need rbtdb64 for this library + #rbtdb64.@O@: rbtdb.c diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch new file mode 100644 index 0000000000..89207404b5 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch @@ -0,0 +1,13 @@ +Index: bind-9.9.5/bin/Makefile.in +=================================================================== +--- bind-9.9.5.orig/bin/Makefile.in ++++ bind-9.9.5/bin/Makefile.in +@@ -19,7 +19,7 @@ srcdir = @srcdir@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ + +-SUBDIRS = named rndc dig dnssec tools tests nsupdate \ ++SUBDIRS = named rndc dig dnssec tools nsupdate \ + check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ + TARGETS = + diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch new file mode 100644 index 0000000000..146f3e35db --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch @@ -0,0 +1,42 @@ +bind: make "/etc/init.d/bind stop" work + +Upstream-Status: Inappropriate [configuration] + +Add some configurations, make rndc command be able to controls +the named daemon. + +Signed-off-by: Roy Li +--- + conf/named.conf | 5 +++++ + conf/rndc.conf | 5 +++++ + 2 files changed, 10 insertions(+), 0 deletions(-) + create mode 100644 conf/rndc.conf + +diff --git a/conf/named.conf b/conf/named.conf +index 95829cf..c8899e7 100644 +--- a/conf/named.conf ++++ b/conf/named.conf +@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { + // root-delegation-only exclude { "DE"; "MUSEUM"; }; + + include "/etc/bind/named.conf.local"; ++include "/etc/bind/rndc.key" ; ++controls { ++ inet 127.0.0.1 allow { localhost; } ++ keys { rndc-key; }; ++}; +diff --git a/conf/rndc.conf b/conf/rndc.conf +new file mode 100644 +index 0000000..a0b481d +--- /dev/null ++++ b/conf/rndc.conf +@@ -0,0 +1,5 @@ ++include "/etc/bind/rndc.key"; ++options { ++ default-server localhost; ++ default-key rndc-key; ++}; + +-- +1.7.5.4 + diff --git a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff new file mode 100644 index 0000000000..2930796b6a --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff @@ -0,0 +1,104 @@ +bind: port a patch to fix a build failure + +mips1 does not support ll and sc instructions, and lead to below error, now +we port a patch from debian to fix it +[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz] + +| {standard input}: Assembler messages: +| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)' +| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)' + +Upstream-Status: Pending + +Signed-off-by: Roy Li + +--- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h ++++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h +@@ -31,18 +31,20 @@ + isc_atomic_xadd(isc_int32_t *p, int val) { + isc_int32_t orig; + +- /* add is a cheat, since MIPS has no mov instruction */ +- __asm__ volatile ( +- "1:" +- "ll $3, %1\n" +- "add %0, $0, $3\n" +- "add $3, $3, %2\n" +- "sc $3, %1\n" +- "beq $3, 0, 1b" +- : "=&r"(orig) +- : "m"(*p), "r"(val) +- : "memory", "$3" +- ); ++ __asm__ __volatile__ ( ++ " .set push \n" ++ " .set mips2 \n" ++ " .set noreorder \n" ++ " .set noat \n" ++ "1: ll $1, %1 \n" ++ " addu %0, $1, %2 \n" ++ " sc %0, %1 \n" ++ " beqz %0, 1b \n" ++ " move %0, $1 \n" ++ " .set pop \n" ++ : "=&r" (orig), "+R" (*p) ++ : "r" (val) ++ : "memory"); + + return (orig); + } +@@ -52,16 +54,7 @@ + */ + static inline void + isc_atomic_store(isc_int32_t *p, isc_int32_t val) { +- __asm__ volatile ( +- "1:" +- "ll $3, %0\n" +- "add $3, $0, %1\n" +- "sc $3, %0\n" +- "beq $3, 0, 1b" +- : +- : "m"(*p), "r"(val) +- : "memory", "$3" +- ); ++ *p = val; + } + + /* +@@ -72,20 +65,23 @@ + static inline isc_int32_t + isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { + isc_int32_t orig; ++ isc_int32_t tmp; + +- __asm__ volatile( +- "1:" +- "ll $3, %1\n" +- "add %0, $0, $3\n" +- "bne $3, %2, 2f\n" +- "add $3, $0, %3\n" +- "sc $3, %1\n" +- "beq $3, 0, 1b\n" +- "2:" +- : "=&r"(orig) +- : "m"(*p), "r"(cmpval), "r"(val) +- : "memory", "$3" +- ); ++ __asm__ __volatile__ ( ++ " .set push \n" ++ " .set mips2 \n" ++ " .set noreorder \n" ++ " .set noat \n" ++ "1: ll $1, %1 \n" ++ " bne $1, %3, 2f \n" ++ " move %2, %4 \n" ++ " sc %2, %1 \n" ++ " beqz %2, 1b \n" ++ "2: move %0, $1 \n" ++ " .set pop \n" ++ : "=&r"(orig), "+R" (*p), "=r" (tmp) ++ : "r"(cmpval), "r"(val) ++ : "memory"); + + return (orig); + } diff --git a/meta/recipes-connectivity/bind/bind_9.8.1.bb b/meta/recipes-connectivity/bind/bind_9.8.1.bb deleted file mode 100644 index d59f7e5202..0000000000 --- a/meta/recipes-connectivity/bind/bind_9.8.1.bb +++ /dev/null @@ -1,68 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0fbe2a3ab3c68ac3fea3cad13093877c" - -DEPENDS = "openssl libcap" -PR = "r6" - -SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://cross-build-fix.patch \ - file://make-etc-initd-bind-stop-work.patch \ - file://bind-9.8.1-CVE-2012-5166.patch \ - file://bind-CVE-2011-4313.patch \ - file://bind-CVE-2012-1667.patch \ - file://bind-CVE-2012-3817.patch \ - file://bind-CVE-2013-2266.patch \ - file://bind-Fix-CVE-2012-4244.patch \ - file://mips1-not-support-opcode.diff \ - " - -SRC_URI[md5sum] = "cf31117c5d35af34d4c0702970ad9fb7" -SRC_URI[sha256sum] = "02285dc429cb2a6687a1b2446e9ee22c1df27f2577225b05be5092395ee7c92c" - -# --enable-exportlib is necessary for building dhcp -ENABLE_IPV6 = "--enable-ipv6=${@base_contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \ - --disable-devpoll --disable-epoll --with-gost=no \ - --with-gssapi=no \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_LIBDIR}/.. --with-libxml2=${STAGING_LIBDIR}/.. \ - --enable-exportlib --with-export-includedir=${includedir} --with-export-libdir=${libdir} \ - " -inherit autotools-brokensep update-rc.d - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -PARALLEL_MAKE = "" - -PACKAGES_prepend = "${PN}-utils " -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/nslookup" -FILES_${PN}-dev += "${bindir}/isc-config.h" - -do_install_append() { - rm "${D}${bindir}/nslookup" - rm "${D}${mandir}/man1/nslookup.1" - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb new file mode 100644 index 0000000000..4d199d4c1a --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb @@ -0,0 +1,65 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "http://www.isc.org/sw/bind/" +SECTION = "console/network" + +LICENSE = "ISC & BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=a3df5f651469919a0e6cb42f84fb6ff1" + +DEPENDS = "openssl libcap" + +SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ + file://conf.patch \ + file://cross-build-fix.patch \ + file://make-etc-initd-bind-stop-work.patch \ + file://mips1-not-support-opcode.diff \ + file://dont-test-on-host.patch \ + " + +SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" +SRC_URI[sha256sum] = "d4b64c1dde442145a316679acff2df4008aa117ae52dfa3a6bc69efecc7840d1" + +# --enable-exportlib is necessary for building dhcp +ENABLE_IPV6 = "--enable-ipv6=${@base_contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" +EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \ + --disable-devpoll --disable-epoll --with-gost=no \ + --with-gssapi=no --with-ecdsa=yes \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_LIBDIR}/.. --with-libxml2=${STAGING_LIBDIR}/.. \ + --enable-exportlib --with-export-includedir=${includedir} --with-export-libdir=${libdir} \ + " +inherit autotools-brokensep update-rc.d + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +PARALLEL_MAKE = "" + +RDEPENDS_${PN} = "python-core" + +PACKAGES_preprend = " ${PN}-utils " +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/nslookup" +FILES_${PN}-dev += "${bindir}/isc-config.h" + +do_install_append() { + rm "${D}${bindir}/nslookup" + rm "${D}${mandir}/man1/nslookup.1" + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + sed -i -e '1s,#!.*python,#! /usr/bin/env python,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + -- cgit v1.2.3