[kirkstone] bind: Upgrade bind-9.18.11 -> bind-9.19.9

Fix below security CVEs:
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924

Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]

Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]

An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
 .../0001-avoid-start-failure-with-bind-user.patch               | 0
 .../0001-named-lwresd-V-and-start-log-hide-build-options.patch  | 0
 .../bind-ensure-searching-for-json-headers-searches-sysr.patch  | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/bind9                    | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch               | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh     | 0
 .../init.d-add-support-for-read-only-rootfs.patch               | 0
 .../make-etc-initd-bind-stop-work.patch                         | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/named.service            | 0
 .../bind/{bind_9.18.11.bb => bind_9.19.9.bb}                    | 2 +-
 10 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%)

9.19 is a development branch. You need to update to the latest version
in 9.18 series. Also, the patch needs to be submitted for master
first.

Alex

On Fri, 24 Feb 2023 at 09:53, vkumbhar <vkumbhar@mvista.com> wrote:
>
> Fix below security CVEs:
> CVE-2022-3094
> CVE-2022-3736
> CVE-2022-3924
>
> Fix serve-stale crash when recursive clients soft quota
> is reached. (CVE-2022-3924) [GL #3619]
>
> Handle RRSIG lookups when serve-stale is active.
> (CVE-2022-3736) [GL #3622]
>
> An UPDATE message flood could cause named to exhaust all
> available memory. This flaw was addressed by adding a
> new "update-quota" statement that controls the number of
> simultaneous UPDATE messages that can be processed or
> forwarded. The default is 100. A stats counter has been
> added to record events when the update quota is
> exceeded, and the XML and JSON statistics version
> numbers have been updated. (CVE-2022-3094) [GL #3523]
>
> Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
> ---
>  .../0001-avoid-start-failure-with-bind-user.patch               | 0
>  .../0001-named-lwresd-V-and-start-log-hide-build-options.patch  | 0
>  .../bind-ensure-searching-for-json-headers-searches-sysr.patch  | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/bind9                    | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch               | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh     | 0
>  .../init.d-add-support-for-read-only-rootfs.patch               | 0
>  .../make-etc-initd-bind-stop-work.patch                         | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/named.service            | 0
>  .../bind/{bind_9.18.11.bb => bind_9.19.9.bb}                    | 2 +-
>  10 files changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%)
>  rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%)
>
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind9 b/meta/recipes-connectivity/bind/bind-9.19.9/bind9
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/bind9
> rename to meta/recipes-connectivity/bind/bind-9.19.9/bind9
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.19.9/conf.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/conf.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
> rename to meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/named.service b/meta/recipes-connectivity/bind/bind-9.19.9/named.service
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/named.service
> rename to meta/recipes-connectivity/bind/bind-9.19.9/named.service
> diff --git a/meta/recipes-connectivity/bind/bind_9.18.11.bb b/meta/recipes-connectivity/bind/bind_9.19.9.bb
> similarity index 97%
> rename from meta/recipes-connectivity/bind/bind_9.18.11.bb
> rename to meta/recipes-connectivity/bind/bind_9.19.9.bb
> index 0618129318..7bb7bbce7f 100644
> --- a/meta/recipes-connectivity/bind/bind_9.18.11.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.19.9.bb
> @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
>             file://0001-avoid-start-failure-with-bind-user.patch \
>             "
>
> -SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158"
> +SRC_URI[sha256sum] = "d8916799832370edeeaa216111b5577675b99d47fc2554e0f93656afa8d5fb71"
>
>  UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
>  # follow the ESV versions divisible by 2
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#177662): https://lists.openembedded.org/g/openembedded-core/message/177662
> Mute This Topic: https://lists.openembedded.org/mt/97202405/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>