Re: [OE-core][master][PATCH] bind: Upgrade 9.18.15 -> 9.18.16

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Yi Zhao <yi.zhao@windriver.com>
To: steve@sakoman.com
Cc: Siddharth <sdoshi@mvista.com>, openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][master][PATCH] bind: Upgrade 9.18.15 -> 9.18.16
Date: Thu, 3 Aug 2023 10:24:22 +0800	[thread overview]
Message-ID: <26e6db4b-10d5-0db1-c442-ca318c58852f@windriver.com> (raw)
In-Reply-To: <20230627063200.12025-1-sdoshi@mvista.com>


Hi Steve,


On 6/27/23 14:32, Siddharth wrote:
> From: Siddharth Doshi <sdoshi@mvista.com>
>
> - Remove configure options no longer supported online.
>
> Changelog:
> =========
> [security]	A query that prioritizes stale data over lookup
> 		triggers a fetch to refresh the stale data in cache.
> 		If the fetch is aborted for exceeding the recursion
> 		quota, it was possible for 'named' to enter an infinite
> 		callback loop and crash due to stack overflow. This has
> 		been fixed. (CVE-2023-2911) [GL #4089]
>
> [security]	Improve the overmem cleaning process to prevent the
> 		cache going over the configured limit. (CVE-2023-2828)
> 		[GL #4055]


There are some CVE fixes in this minor update. Is there any plan to 
backport it to mickledore ?


Thanks,

Yi

>
> [performance]	Reduce memory consumption by allocating properly
> 		sized send buffers for stream-based transports.
> 		[GL #4038]
>
> [bug]		Fix a 'clients-per-query' miscalculation bug. When the
> 		'stale-answer-enable' options was enabled and the
> 		'stale-answer-client-timeout' option was enabled and
> 		larger than 0, named was taking two places from the
> 		'clients-per-query' limit for each client and was
> 		failing to gradually auto-tune its value, as configured.
> 		[GL #4074]
>
> [func]		Add "ClientQuota" statistics channel counter, which
> 		indicates the number of the resolver's spilled queries
> 		due to reaching the clients per query quota. [GL !7978]
>
> [bug]		Fix a serve-stale bug where a delegation from cache
> 		could be returned to the client. [GL #3950]
>
> [cleanup]	Remove configure checks for epoll, kqueue and
> 		/dev/poll. [GL #4098]
>
> [func]		The "tkey-dhkey" option has been deprecated; a
> 		warning will be logged when it is used. In a future
> 		release, Diffie-Hellman TKEY mode will be removed.
> 		[GL #3905]
>
> [bug]		The session key object could be incorrectly added
> 		to multiple different views' keyrings. [GL #4079]
>
> [bug]		Fix an interfacemgr use-after-free error in
> 		zoneconf.c:isself(). [GL #3765]
>
> [test]		Add support for using pytest & pytest-xdist to
> 		execute the system test suite. [GL #3978]
>
> [bug]		BIND could get stuck on reconfiguration when a
> 		'listen' statement for HTTP is removed from the
> 		configuration. That has been fixed. [GL #4071]
>
> [bug]		Properly process extra "nameserver" lines in
> 		resolv.conf otherwise the next line is not properly
> 		processed. [GL #4066]
>
> [bug]		named could crash when deleting inline-signing zones
> 		with "rndc delzone". [GL #4054]
>
> [bug]		Fix a logic error in dighost.c which could call the
> 		dighost_shutdown() callback twice and cause problems
> 		if the callback function was not idempotent. [GL #4039]
>
> Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
> ---
>   .../0001-avoid-start-failure-with-bind-user.patch             | 0
>   ...0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
>   ...bind-ensure-searching-for-json-headers-searches-sysr.patch | 0
>   .../bind/{bind-9.18.15 => bind-9.18.16}/bind9                 | 0
>   .../bind/{bind-9.18.15 => bind-9.18.16}/conf.patch            | 0
>   .../bind/{bind-9.18.15 => bind-9.18.16}/generate-rndc-key.sh  | 0
>   .../init.d-add-support-for-read-only-rootfs.patch             | 0
>   .../make-etc-initd-bind-stop-work.patch                       | 0
>   .../bind/{bind-9.18.15 => bind-9.18.16}/named.service         | 0
>   .../bind/{bind_9.18.15.bb => bind_9.18.16.bb}                 | 4 ++--
>   10 files changed, 2 insertions(+), 2 deletions(-)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/0001-avoid-start-failure-with-bind-user.patch (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/bind9 (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/conf.patch (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/generate-rndc-key.sh (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/init.d-add-support-for-read-only-rootfs.patch (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/make-etc-initd-bind-stop-work.patch (100%)
>   rename meta/recipes-connectivity/bind/{bind-9.18.15 => bind-9.18.16}/named.service (100%)
>   rename meta/recipes-connectivity/bind/{bind_9.18.15.bb => bind_9.18.16.bb} (96%)
>
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch
> rename to meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> rename to meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch
> rename to meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/bind9 b/meta/recipes-connectivity/bind/bind-9.18.16/bind9
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/bind9
> rename to meta/recipes-connectivity/bind/bind-9.18.16/bind9
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/conf.patch
> rename to meta/recipes-connectivity/bind/bind-9.18.16/conf.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh
> rename to meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch
> rename to meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch
> rename to meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch
> diff --git a/meta/recipes-connectivity/bind/bind-9.18.15/named.service b/meta/recipes-connectivity/bind/bind-9.18.16/named.service
> similarity index 100%
> rename from meta/recipes-connectivity/bind/bind-9.18.15/named.service
> rename to meta/recipes-connectivity/bind/bind-9.18.16/named.service
> diff --git a/meta/recipes-connectivity/bind/bind_9.18.15.bb b/meta/recipes-connectivity/bind/bind_9.18.16.bb
> similarity index 96%
> rename from meta/recipes-connectivity/bind/bind_9.18.15.bb
> rename to meta/recipes-connectivity/bind/bind_9.18.16.bb
> index 80164aad87..1b1649566a 100644
> --- a/meta/recipes-connectivity/bind/bind_9.18.15.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.18.16.bb
> @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
>              file://0001-avoid-start-failure-with-bind-user.patch \
>              "
>   
> -SRC_URI[sha256sum] = "28ae8db14862801bc2bd4fd820db00667d3f1ff9ae9cc2d06a0ef7810fed7a4e"
> +SRC_URI[sha256sum] = "c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775"
>   
>   UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
>   # follow the ESV versions divisible by 2
> @@ -39,7 +39,7 @@ PACKAGECONFIG[readline] = "--with-readline=readline,,readline"
>   PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
>   PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
>   
> -EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \
> +EXTRA_OECONF = " --disable-auto-validation \
>                    --with-gssapi=no --with-lmdb=no --with-zlib \
>                    --sysconfdir=${sysconfdir}/bind \
>                    --with-openssl=${STAGING_DIR_HOST}${prefix} \
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#183438): https://lists.openembedded.org/g/openembedded-core/message/183438
> Mute This Topic: https://lists.openembedded.org/mt/99804753/7283133
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [yi.zhao@eng.windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

next prev parent reply	other threads:[~2023-08-03  2:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-27  6:32 [OE-core][master][PATCH] bind: Upgrade 9.18.15 -> 9.18.16 Siddharth
2023-08-03  2:24 ` Yi Zhao [this message]
2023-08-03 18:57   ` Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=26e6db4b-10d5-0db1-c442-ca318c58852f@windriver.com \
    --to=yi.zhao@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=sdoshi@mvista.com \
    --cc=steve@sakoman.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox