* [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
@ 2019-03-20 14:09 Adrian Bunk
2019-03-20 14:35 ` akuster808
0 siblings, 1 reply; 7+ messages in thread
From: Adrian Bunk @ 2019-03-20 14:09 UTC (permalink / raw)
To: openembedded-core
Copyright hash changed to to year change.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
...0001-configure.in-remove-useless-L-use_openssl-lib.patch | 4 ++--
| 4 ++--
.../bind/{bind_9.11.5.bb => bind_9.11.6.bb} | 6 +++---
3 files changed, 7 insertions(+), 7 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.11.5.bb => bind_9.11.6.bb} (96%)
diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
index 871bb2a5f6..92a84a206c 100644
--- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
+++ b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
@@ -16,8 +16,8 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
diff --git a/configure.in b/configure.in
index 54efc55..76ac0eb 100644
---- a/configure.in
-+++ b/configure.in
+--- a/configure.ac
++++ b/configure.ac
@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl])
fi
;;
--git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
index 37e210e6da..f686862d3d 100644
--- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -33,8 +33,8 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Index: bind-9.11.3/configure.in
===================================================================
---- bind-9.11.3.orig/configure.in
-+++ bind-9.11.3/configure.in
+--- bind-9.11.3.orig/configure.ac
++++ bind-9.11.3/configure.ca
@@ -2574,7 +2574,7 @@ case "$use_libjson" in
libjson_libs=""
;;
diff --git a/meta/recipes-connectivity/bind/bind_9.11.5.bb b/meta/recipes-connectivity/bind/bind_9.11.6.bb
similarity index 96%
rename from meta/recipes-connectivity/bind/bind_9.11.5.bb
rename to meta/recipes-connectivity/bind/bind_9.11.6.bb
index 67672792b1..36c3425cfe 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.6.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/"
SECTION = "console/network"
LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e"
DEPENDS = "openssl libcap zlib"
@@ -22,8 +22,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[md5sum] = "17a0d02102117c9a221e857cf2cc8157"
-SRC_URI[sha256sum] = "a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322"
+SRC_URI[md5sum] = "4882bd3eeef779e05b515b32354cc081"
+SRC_URI[sha256sum] = "4499007f3a6b8bba84fc757053caeabf36466d6f7d278baccef9fd109beac6d4"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
2019-03-20 14:09 [PATCH] bind: Upgrade 9.11.5 -> 9.11.6 Adrian Bunk
@ 2019-03-20 14:35 ` akuster808
2019-03-20 14:56 ` Adrian Bunk
0 siblings, 1 reply; 7+ messages in thread
From: akuster808 @ 2019-03-20 14:35 UTC (permalink / raw)
To: Adrian Bunk, openembedded-core
On 3/20/19 7:09 AM, Adrian Bunk wrote:
> Copyright hash changed to to year change.
You are missing one of the more important bits of info that would help
make the decision if this gets into M4 or waits until after 2.7 releases.
Go look at the 9.11.5-p4 release notes.
Did you double check this is in line with DHCP?
- Armin
>
> Signed-off-by: Adrian Bunk <bunk@stusta.de>
> ---
> ...0001-configure.in-remove-useless-L-use_openssl-lib.patch | 4 ++--
> ...nd-ensure-searching-for-json-headers-searches-sysr.patch | 4 ++--
> .../bind/{bind_9.11.5.bb => bind_9.11.6.bb} | 6 +++---
> 3 files changed, 7 insertions(+), 7 deletions(-)
> rename meta/recipes-connectivity/bind/{bind_9.11.5.bb => bind_9.11.6.bb} (96%)
>
> diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
> index 871bb2a5f6..92a84a206c 100644
> --- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
> +++ b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
> @@ -16,8 +16,8 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
>
> diff --git a/configure.in b/configure.in
> index 54efc55..76ac0eb 100644
> ---- a/configure.in
> -+++ b/configure.in
> +--- a/configure.ac
> ++++ b/configure.ac
> @@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl])
> fi
> ;;
> diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
> index 37e210e6da..f686862d3d 100644
> --- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
> +++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
> @@ -33,8 +33,8 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
>
> Index: bind-9.11.3/configure.in
> ===================================================================
> ---- bind-9.11.3.orig/configure.in
> -+++ bind-9.11.3/configure.in
> +--- bind-9.11.3.orig/configure.ac
> ++++ bind-9.11.3/configure.ca
> @@ -2574,7 +2574,7 @@ case "$use_libjson" in
> libjson_libs=""
> ;;
> diff --git a/meta/recipes-connectivity/bind/bind_9.11.5.bb b/meta/recipes-connectivity/bind/bind_9.11.6.bb
> similarity index 96%
> rename from meta/recipes-connectivity/bind/bind_9.11.5.bb
> rename to meta/recipes-connectivity/bind/bind_9.11.6.bb
> index 67672792b1..36c3425cfe 100644
> --- a/meta/recipes-connectivity/bind/bind_9.11.5.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.11.6.bb
> @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/"
> SECTION = "console/network"
>
> LICENSE = "ISC & BSD"
> -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb"
> +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e"
>
> DEPENDS = "openssl libcap zlib"
>
> @@ -22,8 +22,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
> file://0001-avoid-start-failure-with-bind-user.patch \
> "
>
> -SRC_URI[md5sum] = "17a0d02102117c9a221e857cf2cc8157"
> -SRC_URI[sha256sum] = "a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322"
> +SRC_URI[md5sum] = "4882bd3eeef779e05b515b32354cc081"
> +SRC_URI[sha256sum] = "4499007f3a6b8bba84fc757053caeabf36466d6f7d278baccef9fd109beac6d4"
>
> UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
> UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
2019-03-20 14:35 ` akuster808
@ 2019-03-20 14:56 ` Adrian Bunk
2019-03-20 15:21 ` akuster808
0 siblings, 1 reply; 7+ messages in thread
From: Adrian Bunk @ 2019-03-20 14:56 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
On Wed, Mar 20, 2019 at 07:35:53AM -0700, akuster808 wrote:
>
>
> On 3/20/19 7:09 AM, Adrian Bunk wrote:
> > Copyright hash changed to to year change.
>
> You are missing one of the more important bits of info that would help
> make the decision if this gets into M4 or waits until after 2.7 releases.
>
> Go look at the 9.11.5-p4 release notes.
What part of the release notes are you referring to?
And why are you talking about release notes for a version
that is neither of the two versions in this upgrade?
> Did you double check this is in line with DHCP?
What kind of breakage exactly do you fear?
dhcp still builds and I am staying on an LTS branch of bind.
> - Armin
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
2019-03-20 14:56 ` Adrian Bunk
@ 2019-03-20 15:21 ` akuster808
2019-03-20 15:55 ` Adrian Bunk
0 siblings, 1 reply; 7+ messages in thread
From: akuster808 @ 2019-03-20 15:21 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-core
On 3/20/19 7:56 AM, Adrian Bunk wrote:
> On Wed, Mar 20, 2019 at 07:35:53AM -0700, akuster808 wrote:
>>
>> On 3/20/19 7:09 AM, Adrian Bunk wrote:
>>> Copyright hash changed to to year change.
>> You are missing one of the more important bits of info that would help
>> make the decision if this gets into M4 or waits until after 2.7 releases.
>>
>> Go look at the 9.11.5-p4 release notes.
> What part of the release notes are you referring to?
>
> And why are you talking about release notes for a version
> that is neither of the two versions in this upgrade?
Ah, because the 9.11.5 has patch level updates from -p1 to -p5 that are
not the current 9.11.5 and those changes are included in 9.11.6.
Also, nowhere was it mentioned this is a bugfix only update. This helps
me in deciding if this is a back port candidate.
Keywords to look for: Bugfix only, CVE's, ABI changes, dependency
changes, depreciated functions and new features.
I are hoping a little do-diligence in being applied to package updates
otherwise automation will save us all a bunch of time.
Thanks,
Armin
>
>> Did you double check this is in line with DHCP?
> What kind of breakage exactly do you fear?
>
> dhcp still builds and I am staying on an LTS branch of bind.
>
>> - Armin
> cu
> Adrian
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
2019-03-20 15:21 ` akuster808
@ 2019-03-20 15:55 ` Adrian Bunk
2019-03-20 16:33 ` akuster808
0 siblings, 1 reply; 7+ messages in thread
From: Adrian Bunk @ 2019-03-20 15:55 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
On Wed, Mar 20, 2019 at 08:21:31AM -0700, akuster808 wrote:
> On 3/20/19 7:56 AM, Adrian Bunk wrote:
> > On Wed, Mar 20, 2019 at 07:35:53AM -0700, akuster808 wrote:
> >>
> >> On 3/20/19 7:09 AM, Adrian Bunk wrote:
> >>> Copyright hash changed to to year change.
> >> You are missing one of the more important bits of info that would help
> >> make the decision if this gets into M4 or waits until after 2.7 releases.
> >>
> >> Go look at the 9.11.5-p4 release notes.
> > What part of the release notes are you referring to?
> >
> > And why are you talking about release notes for a version
> > that is neither of the two versions in this upgrade?
>
> Ah, because the 9.11.5 has patch level updates from -p1 to -p5 that are
> not the current 9.11.5 and those changes are included in 9.11.6.
Most items in the 9.11.6 release notes are also in the 9.11.5
release notes.
> Also, nowhere was it mentioned this is a bugfix only update.
It is not a bugfix only update.
> This helps
> me in deciding if this is a back port candidate.
You are saying you were threatening to veto inclusion into 2.7 because
you aren't able to decide whether it should be backported to 2.6?
> Keywords to look for: Bugfix only, CVE's, ABI changes, dependency
> changes, depreciated functions and new features.
>
> I are hoping a little do-diligence in being applied to package updates
> otherwise automation will save us all a bunch of time.
Doing the 9.11.5 -> 9.11.6 upgrade in master is something I wouldn't
have suggested if I wouldn't have considered it reasonable.
Upgrading bind 9.11.4 -> 9.11.6 in thud is a case where
automation or keywords in a commit cannot make the decision.
It doesn't look like a clear case either way to me.
The recipe maintainer might be better qualified to analyse
whether or not this is a backport candidate.
> Thanks,
> Armin
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
2019-03-20 15:55 ` Adrian Bunk
@ 2019-03-20 16:33 ` akuster808
2019-03-20 17:05 ` Adrian Bunk
0 siblings, 1 reply; 7+ messages in thread
From: akuster808 @ 2019-03-20 16:33 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3647 bytes --]
On 3/20/19 8:55 AM, Adrian Bunk wrote:
> On Wed, Mar 20, 2019 at 08:21:31AM -0700, akuster808 wrote:
>> On 3/20/19 7:56 AM, Adrian Bunk wrote:
>>> On Wed, Mar 20, 2019 at 07:35:53AM -0700, akuster808 wrote:
>>>> On 3/20/19 7:09 AM, Adrian Bunk wrote:
>>>>> Copyright hash changed to to year change.
>>>> You are missing one of the more important bits of info that would help
>>>> make the decision if this gets into M4 or waits until after 2.7 releases.
>>>>
>>>> Go look at the 9.11.5-p4 release notes.
>>> What part of the release notes are you referring to?
>>>
>>> And why are you talking about release notes for a version
>>> that is neither of the two versions in this upgrade?
>> Ah, because the 9.11.5 has patch level updates from -p1 to -p5 that are
>> not the current 9.11.5 and those changes are included in 9.11.6.
> Most items in the 9.11.6 release notes are also in the 9.11.5
> release notes.
9.11.5-P4
* CVE-2018-5744: A specially crafted packet can cause named to leak
memory
<https://lists.isc.org/pipermail/bind-announce/2019-February/001115.html>
/Michael McNally /
* CVE-2018-5745: An assertion failure can occur if a trust anchor
rolls over to an unsupported key algorithm when using managed-keys
<https://lists.isc.org/pipermail/bind-announce/2019-February/001116.html>
/Michael McNally /
* CVE-2019-6465: Controls for zone transfers might not be properly
applied to Dynamically Loadable Zones (DLZs) if the zones are
writable.
<https://lists.isc.org/pipermail/bind-announce/2019-February/001117.html>
/Michael McNally /
please add just the CVE references to the commit message.
>> Also, nowhere was it mentioned this is a bugfix only update.
> It is not a bugfix only update.
The 9.11 series is a Extended Supported Version. (ESV) release. Use the
software for Production Environments needing infrequent upgrades and no
new features.
https://www.isc.org/downloads/software-support-policy/version-numbering/
>
>> This helps
>> me in deciding if this is a back port candidate.
> You are saying you were threatening to veto inclusion into 2.7 because
> you aren't able to decide whether it should be backported to 2.6?
Not at all. We have entered 2.7 M3 which includes freezing package
updates. The ones that have the best chance of getting in are ones that
are bugfixes and or include CVE fixes. Without any information, the
chance on being included goes down. Having more info in the commit
message helps Richard and Ross to decide if they should include it.
>
>> Keywords to look for: Bugfix only, CVE's, ABI changes, dependency
>> changes, depreciated functions and new features.
>>
>> I are hoping a little do-diligence in being applied to package updates
>> otherwise automation will save us all a bunch of time.
> Doing the 9.11.5 -> 9.11.6 upgrade in master is something I wouldn't
> have suggested if I wouldn't have considered it reasonable.
Master tends to have a very liberal update policy, it should now be
closed for stabilization with the possible exceptions I mentioned before.
>
> Upgrading bind 9.11.4 -> 9.11.6 in thud is a case where
> automation or keywords in a commit cannot make the decision.
> It doesn't look like a clear case either way to me.
>
> The recipe maintainer might be better qualified to analyse
> whether or not this is a backport candidate.
I am the package maintainer and I appreciate folks helping me support
the packages I maintain with in updates and fixes.
regards,
Armin
>
>> Thanks,
>> Armin
> cu
> Adrian
>
[-- Attachment #2: Type: text/html, Size: 6509 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] bind: Upgrade 9.11.5 -> 9.11.6
2019-03-20 16:33 ` akuster808
@ 2019-03-20 17:05 ` Adrian Bunk
0 siblings, 0 replies; 7+ messages in thread
From: Adrian Bunk @ 2019-03-20 17:05 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
On Wed, Mar 20, 2019 at 09:33:56AM -0700, akuster808 wrote:
>
>
> On 3/20/19 8:55 AM, Adrian Bunk wrote:
> > On Wed, Mar 20, 2019 at 08:21:31AM -0700, akuster808 wrote:
> >> On 3/20/19 7:56 AM, Adrian Bunk wrote:
> >>> On Wed, Mar 20, 2019 at 07:35:53AM -0700, akuster808 wrote:
> >>>> On 3/20/19 7:09 AM, Adrian Bunk wrote:
> >>>>> Copyright hash changed to to year change.
> >>>> You are missing one of the more important bits of info that would help
> >>>> make the decision if this gets into M4 or waits until after 2.7 releases.
> >>>>
> >>>> Go look at the 9.11.5-p4 release notes.
> >>> What part of the release notes are you referring to?
> >>>
> >>> And why are you talking about release notes for a version
> >>> that is neither of the two versions in this upgrade?
> >> Ah, because the 9.11.5 has patch level updates from -p1 to -p5 that are
> >> not the current 9.11.5 and those changes are included in 9.11.6.
> > Most items in the 9.11.6 release notes are also in the 9.11.5
> > release notes.
>
> 9.11.5-P4
>
> * CVE-2018-5744: A specially crafted packet can cause named to leak
> memory
> <https://lists.isc.org/pipermail/bind-announce/2019-February/001115.html>
> /Michael McNally /
> * CVE-2018-5745: An assertion failure can occur if a trust anchor
> rolls over to an unsupported key algorithm when using managed-keys
> <https://lists.isc.org/pipermail/bind-announce/2019-February/001116.html>
> /Michael McNally /
> * CVE-2019-6465: Controls for zone transfers might not be properly
> applied to Dynamically Loadable Zones (DLZs) if the zones are
> writable.
> <https://lists.isc.org/pipermail/bind-announce/2019-February/001117.html>
> /Michael McNally /
>
>
> please add just the CVE references to the commit message.
Precedent in master seems to be to not list CVEs fixed in new upstream,
only when CVE fixes get backported.
Justifying my patch with CVE numbers would also be wrong since for only
these CVE fixes 9.11.5-p4 would be better than 9.11.6.
> >> Also, nowhere was it mentioned this is a bugfix only update.
> > It is not a bugfix only update.
>
> The 9.11 series is a Extended Supported Version. (ESV) release. Use the
> software for Production Environments needing infrequent upgrades and no
> new features.
>
> https://www.isc.org/downloads/software-support-policy/version-numbering/
I am not disputing that it is an LTS series.
But 9.11.5 -> 9.11.6 is not a bugfix only update.
> >> This helps
> >> me in deciding if this is a back port candidate.
> > You are saying you were threatening to veto inclusion into 2.7 because
> > you aren't able to decide whether it should be backported to 2.6?
>
> Not at all. We have entered 2.7 M3 which includes freezing package
> updates. The ones that have the best chance of getting in are ones that
> are bugfixes and or include CVE fixes. Without any information, the
> chance on being included goes down. Having more info in the commit
> message helps Richard and Ross to decide if they should include it.
>...
> I am the package maintainer and I appreciate folks helping me support
> the packages I maintain with in updates and fixes.
Do whatever you want to do, it's best to end the discussion at this point.
> regards,
> Armin
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-03-20 17:05 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-20 14:09 [PATCH] bind: Upgrade 9.11.5 -> 9.11.6 Adrian Bunk
2019-03-20 14:35 ` akuster808
2019-03-20 14:56 ` Adrian Bunk
2019-03-20 15:21 ` akuster808
2019-03-20 15:55 ` Adrian Bunk
2019-03-20 16:33 ` akuster808
2019-03-20 17:05 ` Adrian Bunk
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.