diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
| commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
| tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-connectivity/bind/bind | |
| parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
| download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz | |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-connectivity/bind/bind')
10 files changed, 180 insertions, 125 deletions
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch new file mode 100644 index 000000000..8db96ec04 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch @@ -0,0 +1,27 @@ +From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Mon, 15 Oct 2018 16:55:09 +0800 +Subject: [PATCH] avoid start failure with bind user + +Upstream-Status: Pending + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + init.d | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/init.d b/init.d +index b2eec60..6e03936 100644 +--- a/init.d ++++ b/init.d +@@ -57,6 +57,7 @@ case "$1" in + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then + /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch new file mode 100644 index 000000000..871bb2a5f --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch @@ -0,0 +1,32 @@ +From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 15:00:51 +0800 +Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib' + +Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe, +the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless +and helpful for clean up host build path in isc-config.sh + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + configure.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.in b/configure.in +index 54efc55..76ac0eb 100644 +--- a/configure.in ++++ b/configure.in +@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl]) + fi + ;; + *) +- DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" ++ DST_OPENSSL_LIBS="-lcrypto" + ;; + esac + fi +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch index 121509371..a8d601dca 100644 --- a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch +++ b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch @@ -7,11 +7,11 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> lib/dns/gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 7a7dafb..51a0435 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -148,7 +148,7 @@ static const char copyright[] = +Index: bind-9.11.3/lib/dns/gen.c +=================================================================== +--- bind-9.11.3.orig/lib/dns/gen.c ++++ bind-9.11.3/lib/dns/gen.c +@@ -130,7 +130,7 @@ static const char copyright[] = #define TYPECLASSBUF (TYPECLASSLEN + 1) #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" #define ATTRIBUTESIZE 256 @@ -20,6 +20,3 @@ index 7a7dafb..51a0435 100644 static struct cc { struct cc *next; --- -1.9.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch index 1ed858cd3..01874a440 100644 --- a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch +++ b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch @@ -13,11 +13,11 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> lib/dns/gen.c | 4 ++++ 1 file changed, 4 insertions(+) -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 51a0435..3d7214f 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -148,7 +148,11 @@ static const char copyright[] = +Index: bind-9.11.3/lib/dns/gen.c +=================================================================== +--- bind-9.11.3.orig/lib/dns/gen.c ++++ bind-9.11.3/lib/dns/gen.c +@@ -130,7 +130,11 @@ static const char copyright[] = #define TYPECLASSBUF (TYPECLASSLEN + 1) #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" #define ATTRIBUTESIZE 256 @@ -29,6 +29,3 @@ index 51a0435..3d7214f 100644 static struct cc { struct cc *next; --- -1.7.9.5 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 000000000..75908aa63 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,34 @@ +From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + bin/named/include/named/globals.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h +index ba3457e..7741da7 100644 +--- a/bin/named/include/named/globals.h ++++ b/bin/named/include/named/globals.h +@@ -68,7 +68,7 @@ EXTERN const char * ns_g_version INIT(VERSION); + EXTERN const char * ns_g_product INIT(PRODUCT); + EXTERN const char * ns_g_description INIT(DESCRIPTION); + EXTERN const char * ns_g_srcid INIT(SRCID); +-EXTERN const char * ns_g_configargs INIT(CONFIGARGS); ++EXTERN const char * ns_g_configargs INIT("*** (options are hidden)"); + EXTERN const char * ns_g_builder INIT(BUILDER); + EXTERN in_port_t ns_g_port INIT(0); + EXTERN isc_dscp_t ns_g_dscp INIT(-1); +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch new file mode 100644 index 000000000..7a2ba7eab --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch @@ -0,0 +1,72 @@ +Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740] + +CVE: CVE-2018-5740 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +diff --git a/CHANGES b/CHANGES +index 750b600..3d8d655 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1,3 +1,9 @@ ++ --- 9.11.4-P1 released --- ++ ++4997. [security] named could crash during recursive processing ++ of DNAME records when "deny-answer-aliases" was ++ in use. (CVE-2018-5740) [GL #387] ++ + --- 9.11.4 released --- + + --- 9.11.4rc2 released --- +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 8f674a2..41d1385 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, + unsigned int nlabels; + dns_fixedname_t fixed; + dns_name_t prefix; ++ int order; + + REQUIRE(rdataset != NULL); + REQUIRE(rdataset->type == dns_rdatatype_cname || +@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, + tname = &cname.cname; + break; + case dns_rdatatype_dname: ++ if (dns_name_fullcompare(qname, rname, &order, &nlabels) != ++ dns_namereln_subdomain) ++ { ++ return (ISC_TRUE); ++ } + result = dns_rdata_tostruct(&rdata, &dname, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_name_init(&prefix, NULL); + tname = dns_fixedname_initname(&fixed); +- nlabels = dns_name_countlabels(qname) - +- dns_name_countlabels(rname); ++ nlabels = dns_name_countlabels(rname); + dns_name_split(qname, nlabels, &prefix, NULL); + result = dns_name_concatenate(&prefix, &dname.dname, tname, + NULL); +- if (result == DNS_R_NAMETOOLONG) ++ if (result == DNS_R_NAMETOOLONG) { ++ if (chainingp != NULL) { ++ *chainingp = ISC_TRUE; ++ } + return (ISC_TRUE); ++ } + RUNTIME_CHECK(result == ISC_R_SUCCESS); + break; + default: +@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) { + } + if ((ardataset->type == dns_rdatatype_cname || + ardataset->type == dns_rdatatype_dname) && +- !is_answertarget_allowed(fctx, qname, aname, ardataset, ++ type != ardataset->type && ++ type != dns_rdatatype_any && ++ !is_answertarget_allowed(fctx, qname, aname, ardataset, + NULL)) + { + return (DNS_R_SERVFAIL); diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch deleted file mode 100644 index 8bc4ea30f..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Mon, 16 Feb 2015 00:50:01 -0800 -Subject: [PATCH] confgen: don't build unix.o twice - -Fixed: -unix/os.o: file not recognized: File truncated -collect2: error: ld returned 1 exit status - -This is because os.o was built twice: -* The implicity rule (depends on unix/os.o) -* The "make all" in unix subdir (depends on unix/os.o) - -Depend on subdirs which is unix only rather than unix/os.o will fix the -problem. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - -Update context(trailing whitespace) for version 9.10.5-P3. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- - bin/confgen/Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in -index dca272f..02becce 100644 ---- a/bin/confgen/Makefile.in -+++ b/bin/confgen/Makefile.in -@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c - ddns-confgen.@O@: ddns-confgen.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c - --rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} -+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) - export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ - ${FINALBUILDCMD} - --ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} -+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) - export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ - ${FINALBUILDCMD} - --- -1.7.9.5 - diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index 13df3bb0e..37e210e6d 100644 --- a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -31,11 +31,11 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.in b/configure.in -index c9ef3a601343..17a1f613e9ac 100644 ---- a/configure.in -+++ b/configure.in -@@ -2139,7 +2139,7 @@ case "$use_libjson" in +Index: bind-9.11.3/configure.in +=================================================================== +--- bind-9.11.3.orig/configure.in ++++ bind-9.11.3/configure.in +@@ -2574,7 +2574,7 @@ case "$use_libjson" in libjson_libs="" ;; auto|yes) @@ -44,6 +44,3 @@ index c9ef3a601343..17a1f613e9ac 100644 do if test -f "${d}/include/json/json.h" then --- -2.4.2 - diff --git a/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch deleted file mode 100644 index b02ecb106..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: bind-9.9.5/bin/Makefile.in -=================================================================== ---- bind-9.9.5.orig/bin/Makefile.in -+++ bind-9.9.5/bin/Makefile.in -@@ -19,7 +19,7 @@ srcdir = @srcdir@ - VPATH = @srcdir@ - top_srcdir = @top_srcdir@ - --SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ -+SUBDIRS = named rndc dig delv dnssec tools nsupdate \ - check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - diff --git a/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch b/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch deleted file mode 100644 index 9829f1588..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch +++ /dev/null @@ -1,36 +0,0 @@ -Use python3 rather default python which maybe links to python2 for oe. And add -option for setup.py to install files to right directory. - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in -index a43a3c1..2e727f2 100644 ---- a/bin/python/Makefile.in -+++ b/bin/python/Makefile.in -@@ -55,9 +55,9 @@ install:: ${TARGETS} installdirs - ${INSTALL_DATA} ${srcdir}/dnssec-coverage.8 ${DESTDIR}${mandir}/man8 - if test -n "${PYTHON}" ; then \ - if test -n "${DESTDIR}" ; then \ -- ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} ; \ -+ ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ - else \ -- ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} ; \ -+ ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ - fi \ - fi - -diff --git a/configure.in b/configure.in -index 314bb90..867923e 100644 ---- a/configure.in -+++ b/configure.in -@@ -227,7 +227,7 @@ AC_ARG_WITH(python, - [ --with-python=PATH specify path to python interpreter], - use_python="$withval", use_python="unspec") - --python="python python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" -+python="python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" - - testargparse='try: import argparse - except: exit(1)' |