[master] Upgrade bind-9.18.11 -> bind-9.19.9

Fix below security CVEs:
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924

Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]

Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]

An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
 .../0001-avoid-start-failure-with-bind-user.patch               | 0
 .../0001-named-lwresd-V-and-start-log-hide-build-options.patch  | 0
 .../bind-ensure-searching-for-json-headers-searches-sysr.patch  | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/bind9                    | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch               | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh     | 0
 .../init.d-add-support-for-read-only-rootfs.patch               | 0
 .../make-etc-initd-bind-stop-work.patch                         | 0
 .../bind/{bind-9.18.11 => bind-9.19.9}/named.service            | 0
 .../bind/{bind_9.18.11.bb => bind_9.19.9.bb}                    | 2 +-
 10 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%)

Please read my previous feedback; you have simply resent the patch
without addressing the points.

Alex

On Mon, 27 Feb 2023 at 04:29, vkumbhar <vkumbhar@mvista.com> wrote:
>
> Fix below security CVEs:
> CVE-2022-3094
> CVE-2022-3736
> CVE-2022-3924
>
> Fix serve-stale crash when recursive clients soft quota
> is reached. (CVE-2022-3924) [GL #3619]
>
> Handle RRSIG lookups when serve-stale is active.
> (CVE-2022-3736) [GL #3622]
>
> An UPDATE message flood could cause named to exhaust all
> available memory. This flaw was addressed by adding a
> new "update-quota" statement that controls the number of
> simultaneous UPDATE messages that can be processed or
> forwarded. The default is 100. A stats counter has been
> added to record events when the update quota is
> exceeded, and the XML and JSON statistics version
> numbers have been updated. (CVE-2022-3094) [GL #3523]
>
> Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
> ---
>  .../0001-avoid-start-failure-with-bind-user.patch               | 0
>  .../0001-named-lwresd-V-and-start-log-hide-build-options.patch  | 0
>  .../bind-ensure-searching-for-json-headers-searches-sysr.patch  | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/bind9                    | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/conf.patch               | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh     | 0
>  .../init.d-add-support-for-read-only-rootfs.patch               | 0
>  .../make-etc-initd-bind-stop-work.patch                         | 0
>  .../bind/{bind-9.18.11 => bind-9.19.9}/named.service            | 0
>  .../bind/{bind_9.18.11.bb => bind_9.19.9.bb}                    | 2 +-
>  10 files changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/bind9 (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/conf.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/generate-rndc-key.sh (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/make-etc-initd-bind-stop-work.patch (100%)
>  rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.19.9}/named.service (100%)
>  rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.19.9.bb} (97%)
>
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-avoid-start-failure-with-bind-user.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/bind9 b/meta/recipes-connectivity/bind/bind-9.19.9/bind9
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/bind9
> rename to meta/recipes-connectivity/bind/bind-9.19.9/bind9
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.19.9/conf.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/conf.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
> rename to meta/recipes-connectivity/bind/bind-9.19.9/generate-rndc-key.sh
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/init.d-add-support-for-read-only-rootfs.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
> rename to meta/recipes-connectivity/bind/bind-9.19.9/make-etc-initd-bind-stop-work.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/named.service b/meta/recipes-connectivity/bind/bind-9.19.9/named.service
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.11/named.service
> rename to meta/recipes-connectivity/bind/bind-9.19.9/named.service
> diff --git a/meta/recipes-connectivity/bind/bind_9.18.11.bb b/meta/recipes-connectivity/bind/bind_9.19.9.bb
> similarity index 97%
> rename from meta/recipes-connectivity/bind/bind_9.18.11.bb
> rename to meta/recipes-connectivity/bind/bind_9.19.9.bb
> index 55a06eae5f..375f24e222 100644
> --- a/meta/recipes-connectivity/bind/bind_9.18.11.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.19.9.bb
> @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
>             file://0001-avoid-start-failure-with-bind-user.patch \
>             "
>
> -SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158"
> +SRC_URI[sha256sum] = "d8916799832370edeeaa216111b5577675b99d47fc2554e0f93656afa8d5fb71"
>
>  UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
>  # follow the ESV versions divisible by 2
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#177771): https://lists.openembedded.org/g/openembedded-core/message/177771
> Mute This Topic: https://lists.openembedded.org/mt/97259357/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>