summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2018-10-15 17:25:27 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-10-15 23:19:37 +0100
commitfc4c4f40dbcf558a48058d944eef21e588d64aa0 (patch)
treeb0fff80ac7a626d06ca554eacd5808142d778b5b /meta/recipes-connectivity
parente2fa6bc137faebba3c440cac93c88092421e8e82 (diff)
downloadopenembedded-core-contrib-fc4c4f40dbcf558a48058d944eef21e588d64aa0.tar.gz
openembedded-core-contrib-fc4c4f40dbcf558a48058d944eef21e588d64aa0.tar.bz2
openembedded-core-contrib-fc4c4f40dbcf558a48058d944eef21e588d64aa0.zip
bind: fix startup failure in sysvinit
The generated key file should try to have bind group so that if the named daemon is started via '-u bind' option, which is the default in OE core, we will not get startup failure because of 'permission denied' error. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch27
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.4.bb1
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
new file mode 100644
index 0000000000..8db96ec049
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
@@ -0,0 +1,27 @@
+From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Mon, 15 Oct 2018 16:55:09 +0800
+Subject: [PATCH] avoid start failure with bind user
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/init.d b/init.d
+index b2eec60..6e03936 100644
+--- a/init.d
++++ b/init.d
+@@ -57,6 +57,7 @@ case "$1" in
+ modprobe capability >/dev/null 2>&1 || true
+ if [ ! -f /etc/bind/rndc.key ]; then
+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
+ chmod 0640 /etc/bind/rndc.key
+ fi
+ if [ -f /var/run/named/named.pid ]; then
+--
+2.7.4
+
diff --git a/meta/recipes-connectivity/bind/bind_9.11.4.bb b/meta/recipes-connectivity/bind/bind_9.11.4.bb
index 63d8b0baa8..cb4a21a9af 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.4.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-lib-dns-gen.c-fix-too-long-error.patch \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
+ file://0001-avoid-start-failure-with-bind-user.patch \
file://CVE-2018-5740.patch \
"