Message ID | 20230227032917.6940-1-vkumbhar@mvista.com |
---|---|
State | New |
Headers | show |
Series | [master] Upgrade bind-9.18.11 -> bind-9.19.9 | expand |
Please read my previous feedback; you have simply resent the patch without addressing the points. Alex On Mon, 27 Feb 2023 at 04:29, vkumbhar <vkumbhar@mvista.com> wrote: > > Fix below security CVEs: > CVE-2022-3094 > CVE-2022-3736 > CVE-2022-3924 > > Fix serve-stale crash when recursive clients soft quota > is reached. (CVE-2022-3924) [GL #3619] > > Handle RRSIG lookups when serve-stale is active. > (CVE-2022-3736) [GL #3622] > > An UPDATE message flood could cause named to exhaust all > available memory. This flaw was addressed by adding a > new "update-quota" statement that controls the number of > simultaneous UPDATE messages that can be processed or > forwarded. The default is 100. A stats counter has been > added to record events when the update quota is > exceeded, and the XML and JSON statistics version > numbers have been updated. (CVE-2022-3094) [GL #3523] > > Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> > --- > .../0001-avoid-start-failure-with-bind-user.patch | 0 > .../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0 > .../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/bind9 | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh | 0 > .../init.d-add-support-for-read-only-rootfs.patch | 0 > .../make-etc-initd-bind-stop-work.patch | 0 > .../bind/{bind-9.18.11 => bind-9.19.9}/named.service | 0 > .../bind/{bind_9.18.11.bb => bind_9.19.9.bb} | 2 +- > 10 files changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%) > rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%) > rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%) > > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind9 b/meta/recipes-connectivity/bind/bind-9.19.9/bind9 > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/bind9 > rename to meta/recipes-connectivity/bind/bind-9.19.9/bind9 > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.19.9/conf.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/conf.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/conf.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh > rename to meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch > rename to meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch > diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/named.service b/meta/recipes-connectivity/bind/bind-9.19.9/named.service > similarity index 100% > rename from meta/recipes-connectivity/bind/bind-9.18.11/named.service > rename to meta/recipes-connectivity/bind/bind-9.19.9/named.service > diff --git a/meta/recipes-connectivity/bind/bind_9.18.11.bb b/meta/recipes-connectivity/bind/bind_9.19.9.bb > similarity index 97% > rename from meta/recipes-connectivity/bind/bind_9.18.11.bb > rename to meta/recipes-connectivity/bind/bind_9.19.9.bb > index 55a06eae5f..375f24e222 100644 > --- a/meta/recipes-connectivity/bind/bind_9.18.11.bb > +++ b/meta/recipes-connectivity/bind/bind_9.19.9.bb > @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ > file://0001-avoid-start-failure-with-bind-user.patch \ > " > > -SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158" > +SRC_URI[sha256sum] = "d8916799832370edeeaa216111b5577675b99d47fc2554e0f93656afa8d5fb71" > > UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" > # follow the ESV versions divisible by 2 > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#177771): https://lists.openembedded.org/g/openembedded-core/message/177771 > Mute This Topic: https://lists.openembedded.org/mt/97259357/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind9 b/meta/recipes-connectivity/bind/bind-9.19.9/bind9 similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/bind9 rename to meta/recipes-connectivity/bind/bind-9.19.9/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.19.9/conf.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/conf.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/conf.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh rename to meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch rename to meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/named.service b/meta/recipes-connectivity/bind/bind-9.19.9/named.service similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.11/named.service rename to meta/recipes-connectivity/bind/bind-9.19.9/named.service diff --git a/meta/recipes-connectivity/bind/bind_9.18.11.bb b/meta/recipes-connectivity/bind/bind_9.19.9.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.11.bb rename to meta/recipes-connectivity/bind/bind_9.19.9.bb index 55a06eae5f..375f24e222 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.11.bb +++ b/meta/recipes-connectivity/bind/bind_9.19.9.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158" +SRC_URI[sha256sum] = "d8916799832370edeeaa216111b5577675b99d47fc2554e0f93656afa8d5fb71" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2
Fix below security CVEs: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Fix serve-stale crash when recursive clients soft quota is reached. (CVE-2022-3924) [GL #3619] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622] An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new "update-quota" statement that controls the number of simultaneous UPDATE messages that can be processed or forwarded. The default is 100. A stats counter has been added to record events when the update quota is exceeded, and the XML and JSON statistics version numbers have been updated. (CVE-2022-3094) [GL #3523] Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> --- .../0001-avoid-start-failure-with-bind-user.patch | 0 .../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0 .../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/bind9 | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh | 0 .../init.d-add-support-for-read-only-rootfs.patch | 0 .../make-etc-initd-bind-stop-work.patch | 0 .../bind/{bind-9.18.11 => bind-9.19.9}/named.service | 0 .../bind/{bind_9.18.11.bb => bind_9.19.9.bb} | 2 +- 10 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%) rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%)