From d12befdf03500a0c72b661caf1a8fe81a20b6163 Mon Sep 17 00:00:00 2001 From: Roy Li Date: Mon, 27 Jul 2015 10:45:49 +0800 Subject: [PATCH] bind: upgrade to 9.10.2-P2 upgrade to fix CVE-2015-4620: name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. Signed-off-by: Roy Li Signed-off-by: Ross Burton --- .../bind/{bind_9.10.2.bb => bind_9.10.2-P2.bb} | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) rename meta/recipes-connectivity/bind/{bind_9.10.2.bb => bind_9.10.2-P2.bb} (95%) diff --git a/meta/recipes-connectivity/bind/bind_9.10.2.bb b/meta/recipes-connectivity/bind/bind_9.10.2-P2.bb similarity index 95% rename from meta/recipes-connectivity/bind/bind_9.10.2.bb rename to meta/recipes-connectivity/bind/bind_9.10.2-P2.bb index 43f17984b5..3a8959eb9e 100644 --- a/meta/recipes-connectivity/bind/bind_9.10.2.bb +++ b/meta/recipes-connectivity/bind/bind_9.10.2-P2.bb @@ -21,8 +21,8 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ " -SRC_URI[md5sum] = "dca7a9967947bffa98547fca6130fc04" -SRC_URI[sha256sum] = "6f9bb7908aa45c1edfa391e356fc0afc1ded175386cdefb6cf9e1289f7457a98" +SRC_URI[md5sum] = "55d8f094bc10baae0e23e5e9100ba320" +SRC_URI[sha256sum] = "b1e6f0af88634aaf48fb9d06bbf82968264f49b8e2685f061dd3fd4c1ab76c5f" # --enable-exportlib is necessary for building dhcp ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" @@ -34,8 +34,6 @@ EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \ " inherit autotools update-rc.d systemd useradd pkgconfig -PR = "r1" - PACKAGECONFIG ?= "" PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" -- 2.40.1