Security Fixes

The rules for acceptance of records into the cache have been tightened
to prevent the possibility of poisoning if forwarders send records
outside the configured bailiwick. (CVE-2021-25220)

License-Update: copyright years

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
.../bind/{bind_9.11.36.bb => bind_9.11.37.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.11.36.bb => bind_9.11.37.bb} (97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.11.36.bb b/meta/recipes-connectivity/bind/bind_9.11.37.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.11.36.bb
rename to meta/recipes-connectivity/bind/bind_9.11.37.bb
index 872baf6d2f..afc8cf0b3b 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.36.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.37.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
SECTION = "console/network"

LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89a97ebbf713f7125fe5c02223d3ae95"

DEPENDS = "openssl libcap zlib"

@@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-avoid-start-failure-with-bind-user.patch \
"

-SRC_URI[sha256sum] = "c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681"
+SRC_URI[sha256sum] = "0d8efbe7ec166ada90e46add4267b7e7c934790cba9bd5af6b8380a4fbfb5aff"

UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
--
2.25.1