diff options
Diffstat (limited to 'meta/recipes-connectivity/bind')
-rw-r--r-- | meta/recipes-connectivity/bind/bind-9.16.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch | 35 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.12/0001-avoid-start-failure-with-bind-user.patch) | 2 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch | 35 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.12/bind-ensure-searching-for-json-headers-searches-sysr.patch) | 28 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/bind9 (renamed from meta/recipes-connectivity/bind/bind-9.16.12/bind9) | 0 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/conf.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.12/conf.patch) | 2 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/generate-rndc-key.sh (renamed from meta/recipes-connectivity/bind/bind-9.16.12/generate-rndc-key.sh) | 0 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.12/init.d-add-support-for-read-only-rootfs.patch) | 0 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.12/make-etc-initd-bind-stop-work.patch) | 0 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind/named.service (renamed from meta/recipes-connectivity/bind/bind-9.16.12/named.service) | 0 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.26.bb (renamed from meta/recipes-connectivity/bind/bind_9.16.12.bb) | 66 |
11 files changed, 77 insertions, 91 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 5bcc16c9b2..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.16.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Mon, 27 Aug 2018 21:24:20 +0800 -Subject: [PATCH] `named/lwresd -V' and start log hide build options - -The build options expose build path directories, so hide them. -[snip] -$ named -V -|built by make with *** (options are hidden) -[snip] - -Upstream-Status: Inappropriate [oe-core specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> - -Refreshed for 9.16.0 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - bin/named/include/named/globals.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: bind-9.16.0/bin/named/include/named/globals.h -=================================================================== ---- bind-9.16.0.orig/bin/named/include/named/globals.h -+++ bind-9.16.0/bin/named/include/named/globals.h -@@ -69,7 +69,7 @@ EXTERN const char *named_g_version I - EXTERN const char *named_g_product INIT(PRODUCT); - EXTERN const char *named_g_description INIT(DESCRIPTION); - EXTERN const char *named_g_srcid INIT(SRCID); --EXTERN const char *named_g_configargs INIT(CONFIGARGS); -+EXTERN const char *named_g_configargs INIT("*** (options are hidden)"); - EXTERN const char *named_g_builder INIT(BUILDER); - EXTERN in_port_t named_g_port INIT(0); - EXTERN isc_dscp_t named_g_dscp INIT(-1); diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch index 8db96ec049..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch @@ -17,7 +17,7 @@ index b2eec60..6e03936 100644 @@ -57,6 +57,7 @@ case "$1" in modprobe capability >/dev/null 2>&1 || true if [ ! -f /etc/bind/rndc.key ]; then - /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + /usr/sbin/rndc-confgen -a -b 512 + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true chmod 0640 /etc/bind/rndc.key fi diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 0000000000..4c10f33f04 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,35 @@ +From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +Refreshed for 9.16.0 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index bf20690..c5d330f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par + AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) + AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) + +-bind_CONFIGARGS="${ac_configure_args:-default}" ++bind_CONFIGARGS="(removed for reproducibility)" + AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) + + AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index f9cdc7ca4d..38d07cae39 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001 +From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker <paul.gortmaker@windriver.com> Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -32,16 +32,16 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: bind-9.16.4/configure.ac -=================================================================== ---- bind-9.16.4.orig/configure.ac -+++ bind-9.16.4/configure.ac -@@ -1232,7 +1232,7 @@ case "$use_lmdb" in - LMDB_LIBS="" - ;; - auto|yes) -- for d in /usr /usr/local /opt/local -+ for d in "${STAGING_INCDIR}" - do - if test -f "${d}/include/lmdb.h" - then +diff --git a/configure.ac b/configure.ac +index 2ab8ddd..92fe983 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb], + [no],[], + [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], + [ac_lib_lmdb_found=yes], +- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do ++ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do + AX_LIB_LMDB([$ac_lib_lmdb_path], + [ac_lib_lmdb_found=yes + break]) diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/bind9 b/meta/recipes-connectivity/bind/bind/bind9 index 968679ff7f..968679ff7f 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/bind9 +++ b/meta/recipes-connectivity/bind/bind/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch index aad345f9fc..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/conf.patch +++ b/meta/recipes-connectivity/bind/bind/conf.patch @@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d + + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ /usr/sbin/rndc-confgen -a -b 512 + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/init.d-add-support-for-read-only-rootfs.patch +++ b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/make-etc-initd-bind-stop-work.patch +++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.12/named.service b/meta/recipes-connectivity/bind/bind/named.service index cda56ef015..cda56ef015 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.12/named.service +++ b/meta/recipes-connectivity/bind/bind/named.service diff --git a/meta/recipes-connectivity/bind/bind_9.16.12.bb b/meta/recipes-connectivity/bind/bind_9.18.26.bb index 09f77038fa..2784f3bdd9 100644 --- a/meta/recipes-connectivity/bind/bind_9.16.12.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.26.bb @@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" SECTION = "console/network" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ef10b4de6371115dcecdc38ca2af4561" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" DEPENDS = "openssl libcap zlib libuv" @@ -20,66 +20,60 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "9914af9311fd349cab441097898d94fb28d0bfd9bf6ed04fe1f97f042644da7f" +SRC_URI[sha256sum] = "75ffee52731e9604c849b658df29e927f1c4f01d5a71ea3ebcbeb63702cb6651" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# stay at 9.16 follow the ESV versions divisible by 4 -UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/" +# follow the ESV versions divisible by 2 +UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" + +# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore +# so the issue doesn't affect us. +CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives # PACKAGECONFIGs readline and libedit should NOT be set at same time PACKAGECONFIG ?= "readline" PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," +PACKAGECONFIG[readline] = "--with-readline=readline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" +PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" -EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \ +EXTRA_OECONF = " --disable-auto-validation \ --with-gssapi=no --with-lmdb=no --with-zlib \ --sysconfdir=${sysconfdir}/bind \ --with-openssl=${STAGING_DIR_HOST}${prefix} \ " -LDFLAGS_append = " -lz" - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} +LDFLAGS:append = " -lz" # dhcp needs .la so keep them REMOVE_LIBTOOL_LA = "0" USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ --user-group bind" INITSCRIPT_NAME = "bind" INITSCRIPT_PARAMS = "defaults" -SYSTEMD_SERVICE_${PN} = "named.service" +SYSTEMD_SERVICE:${PN} = "named.service" -do_install_append() { +do_install:append() { - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" install -d -o bind "${D}${localstatedir}/cache/bind" install -d "${D}${sysconfdir}/bind" install -d "${D}${sysconfdir}/init.d" install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ - ${D}${sbindir}/dnssec-coverage \ - ${D}${sbindir}/dnssec-checkds \ - ${D}${sbindir}/dnssec-keymgr - fi # Install systemd related files install -d ${D}${sbindir} install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service + ${D}${systemd_system_unitdir}/named.service install -d ${D}${sysconfdir}/default install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default @@ -88,11 +82,9 @@ do_install_append() { install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf fi - - oe_multilib_header isc/platform.h } -CONFFILES_${PN} = " \ +CONFFILES:${PN} = " \ ${sysconfdir}/bind/named.conf \ ${sysconfdir}/bind/named.conf.local \ ${sysconfdir}/bind/named.conf.options \ @@ -103,25 +95,19 @@ CONFFILES_${PN} = " \ ${sysconfdir}/bind/db.root \ " -ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE:${PN}-utils = "nslookup" ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" ALTERNATIVE_PRIORITY = "100" PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" +FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES:${PN}-dev += "${bindir}/isc-config.h" +FILES:${PN} += "${sbindir}/generate-rndc-key.sh" PACKAGE_BEFORE_PN += "${PN}-libs" # special arrangement below due to # https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" -FILES_${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" -FILES_${PN}-staticdev += "${libdir}/*.la" - -PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ - ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" +FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" +DEV_PKG_DEPENDENCY = "" |