diff options
author | Kai Kang <kai.kang@windriver.com> | 2017-07-12 09:25:05 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-07-17 13:49:02 +0100 |
commit | 9ee6a0a6599d081767b63382a576e67aed12cf4d (patch) | |
tree | 4d6f8c4f4cadd1549948f967bee99fc833af337e /meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch | |
parent | 26aaa6cca9de678fa6d6e89902d14aff9cf3c8b0 (diff) | |
download | openembedded-core-contrib-9ee6a0a6599d081767b63382a576e67aed12cf4d.tar.gz |
bind: 9.10.3-P3 -> 9.10.5-P3
Upgrade bind from 9.10.3-P3 to 9.10.5-P3
* Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT
* Remvoe mips1-not-support-opcode.diff which has been merged
* Remove CVE patches that there are backported from upstream
* Use python3 for build and make sure install .py files to right directory
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch deleted file mode 100644 index ae5cc48d9c..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch +++ /dev/null @@ -1,79 +0,0 @@ -From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001 -From: Mukund Sivaraman <muks@isc.org> -Date: Mon, 22 Feb 2016 12:22:43 +0530 -Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling - (CVE-2016-1286) (#41753) - -(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673) - -CVE: CVE-2016-1286 -Upstream-Status: Backport - -[Removed doc/arm/notes.xml changes from upstream patch.] - -Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> ---- -diff -ruN a/CHANGES b/CHANGES ---- a/CHANGES 2016-04-13 07:28:44.940873629 +0200 -+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200 -@@ -1,3 +1,7 @@ -+4319. [security] Fix resolver assertion failure due to improper -+ DNAME handling when parsing fetch reply messages. -+ (CVE-2016-1286) [RT #41753] -+ - 4318. [security] Malformed control messages can trigger assertions - in named and rndc. (CVE-2016-1285) [RT #41666] - -diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c ---- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200 -+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200 -@@ -6967,21 +6967,26 @@ - isc_boolean_t found_dname = ISC_FALSE; - dns_name_t *dname_name; - -+ /* -+ * Only pass DNAME or RRSIG(DNAME). -+ */ -+ if (rdataset->type != dns_rdatatype_dname && -+ (rdataset->type != dns_rdatatype_rrsig || -+ rdataset->covers != dns_rdatatype_dname)) -+ continue; -+ -+ /* -+ * If we're not chaining, then the DNAME and -+ * its signature should not be external. -+ */ -+ if (!chaining && external) { -+ log_formerr(fctx, "external DNAME"); -+ return (DNS_R_FORMERR); -+ } -+ - found = ISC_FALSE; - aflag = 0; - if (rdataset->type == dns_rdatatype_dname) { -- /* -- * We're looking for something else, -- * but we found a DNAME. -- * -- * If we're not chaining, then the -- * DNAME should not be external. -- */ -- if (!chaining && external) { -- log_formerr(fctx, -- "external DNAME"); -- return (DNS_R_FORMERR); -- } - found = ISC_TRUE; - want_chaining = ISC_TRUE; - POST(want_chaining); -@@ -7010,9 +7015,7 @@ - &fctx->domain)) { - return (DNS_R_SERVFAIL); - } -- } else if (rdataset->type == dns_rdatatype_rrsig -- && rdataset->covers == -- dns_rdatatype_dname) { -+ } else { - /* - * We've found a signature that - * covers the DNAME. |