Message ID | 20230224085317.2931394-1-vkumbhar@mvista.com |
---|---|
State | New, archived |
Headers | show |
Series | [kirkstone] bind: Upgrade bind-9.18.11 -> bind-9.19.9 | expand |
9.19 is a development branch. You need to update to the latest version in 9.18 series. Also, the patch needs to be submitted for master first. Alex On Fri, 24 Feb 2023 at 09:53, vkumbhar <vkumbhar@mvista.com> wrote: > > Fix below security CVEs: > CVE-2022-3094 > CVE-2022-3736 > CVE-2022-3924 > > Fix serve-stale crash when recursive clients soft quota > is reached. (CVE-2022-3924) [GL #3619] > > Handle RRSIG lookups when serve-stale is active. > (CVE-2022-3736) [GL #3622] > > An UPDATE message flood could cause named to exhaust all > available memory. This flaw was addressed by adding a > new "update-quota" statement that controls the number of > simultaneous UPDATE messages that can be processed or > forwarded. The default is 100. A stats counter has been > added to record events when the update quota is > exceeded, and the XML and JSON statistics version > numbers have been updated. (CVE-2022-3094) [GL #3523] > > Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> > --- > .../0001-avoid-start-failure-with-bind-user.patch | 0 > .../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0 > .../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/bind9 | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh | 0 > .../init.d-add-support-for-read-only-rootfs.patch | 0 > .../make-etc-initd-bind-stop-work.patch | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/named.service | 0 > .../bind/{bind_9.18.11.bb => bind_9.19.9.bb} | 2 +- > 10 files changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%) > rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%) > > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind9 b/meta/recipes-connectivity/bind/bind-9.19.9/bind9 > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/bind9 > rename to meta/recipes-connectivity/bind/bind-9.19.9/bind9 > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.19.9/conf.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/conf.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/conf.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh > rename to meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/named.service b/meta/recipes-connectivity/bind/bind-9.19.9/named.service > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/named.service > rename to meta/recipes-connectivity/bind/bind-9.19.9/named.service > diff --git a/meta/recipes-connectivity/bind/bind_9.18.11.bb b/meta/recipes-connectivity/bind/bind_9.19.9.bb > similarity index 97% > rename from meta/recipes-connectivity/bind/bind_9.18.11.bb > rename to meta/recipes-connectivity/bind/bind_9.19.9.bb > index 0618129318..7bb7bbce7f 100644 > --- a/meta/recipes-connectivity/bind/bind_9.18.11.bb > +++ b/meta/recipes-connectivity/bind/bind_9.19.9.bb > @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ > file://0001-avoid-start-failure-with-bind-user.patch \ > " > > -SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158" > +SRC_URI[sha256sum] = "d8916799832370edeeaa216111b5577675b99d47fc2554e0f93656afa8d5fb71" > > UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" > # follow the ESV versions divisible by 2 > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#177662): https://lists.openembedded.org/g/openembedded-core/message/177662 > Mute This Topic: https://lists.openembedded.org/mt/97202405/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind9 b/meta/recipes-connectivity/bind/bind-9.19.9/bind9 similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/bind9 rename to meta/recipes-connectivity/bind/bind-9.19.9/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.19.9/conf.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/conf.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/conf.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh rename to meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/named.service b/meta/recipes-connectivity/bind/bind-9.19.9/named.service similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/named.service rename to meta/recipes-connectivity/bind/bind-9.19.9/named.service diff --git a/meta/recipes-connectivity/bind/bind_9.18.11.bb b/meta/recipes-connectivity/bind/bind_9.19.9.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.11.bb rename to meta/recipes-connectivity/bind/bind_9.19.9.bb index 0618129318..7bb7bbce7f 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.11.bb +++ b/meta/recipes-connectivity/bind/bind_9.19.9.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158" +SRC_URI[sha256sum] = "d8916799832370edeeaa216111b5577675b99d47fc2554e0f93656afa8d5fb71" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2
Fix below security CVEs: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Fix serve-stale crash when recursive clients soft quota is reached. (CVE-2022-3924) [GL #3619] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622] An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new "update-quota" statement that controls the number of simultaneous UPDATE messages that can be processed or forwarded. The default is 100. A stats counter has been added to record events when the update quota is exceeded, and the XML and JSON statistics version numbers have been updated. (CVE-2022-3094) [GL #3523] Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> --- .../0001-avoid-start-failure-with-bind-user.patch | 0 .../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0 .../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/bind9 | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh | 0 .../init.d-add-support-for-read-only-rootfs.patch | 0 .../make-etc-initd-bind-stop-work.patch | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/named.service | 0 .../bind/{bind_9.18.11.bb => bind_9.19.9.bb} | 2 +- 10 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%) rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%)