bind: Update to 9.9.5

Remove CVE patches that are in bind
Updated COPYRIGHT includes date changes the NetBSD Copyright
Modifies the Base BSD License to 3-Clause (removes advertising clause)w
Add patch to disable running tests on host
Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python

Signed-off-by: Saul Wold <sgw@linux.intel.com>

11 files changed, 1016 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
new file mode 100644
index 0000000000..0abb475adc
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
@@ -0,0 +1,119 @@
+bind_Fix_for_CVE-2012-5166
+
+Upstream-Status: Backport
+
+Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
+-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
+
+ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
+9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
+remote attackers to cause a denial of service (named daemon hang)
+via unspecified combinations of resource records.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/bin/named/query.c b/bin/named/query.c
+--- a/bin/named/query.c	2012-10-22 13:24:27.000000000 +0800
++++ b/bin/named/query.c	2012-10-22 13:17:04.000000000 +0800
+@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
+ 		mname = NULL;
+ 	}
+ 
+-	/*
+-	 * If the dns_name_t we're looking up is already in the message,
+-	 * we don't want to trigger the caller's name replacement logic.
+-	 */
+-	if (name == mname)
+-		mname = NULL;
+-
+ 	*mnamep = mname;
+ 
+ 	CTRACE("query_isduplicate: false: done");
+@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
+ 	if (dns_rdataset_isassociated(rdataset) &&
+ 	    !query_isduplicate(client, fname, type, &mname)) {
+ 		if (mname != NULL) {
++			INSIST(mname != fname);
+ 			query_releasename(client, &fname);
+ 			fname = mname;
+ 		} else
+@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
+ 			mname = NULL;
+ 			if (!query_isduplicate(client, fname,
+ 					       dns_rdatatype_a, &mname)) {
+-				if (mname != NULL) {
+-					query_releasename(client, &fname);
+-					fname = mname;
+-				} else
+-					need_addname = ISC_TRUE;
++				if (mname != fname) {
++					if (mname != NULL) {
++						query_releasename(client, &fname);
++						fname = mname;
++					} else
++						need_addname = ISC_TRUE;
++				}
+ 				ISC_LIST_APPEND(fname->list, rdataset, link);
+ 				added_something = ISC_TRUE;
+ 				if (sigrdataset != NULL &&
+@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
+ 			mname = NULL;
+ 			if (!query_isduplicate(client, fname,
+ 					       dns_rdatatype_aaaa, &mname)) {
+-				if (mname != NULL) {
+-					query_releasename(client, &fname);
+-					fname = mname;
+-				} else
+-					need_addname = ISC_TRUE;
++				if (mname != fname) {
++					if (mname != NULL) {
++						query_releasename(client, &fname);
++						fname = mname;
++					} else
++						need_addname = ISC_TRUE;
++				}
+ 				ISC_LIST_APPEND(fname->list, rdataset, link);
+ 				added_something = ISC_TRUE;
+ 				if (sigrdataset != NULL &&
+@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
+ 		    crdataset->type == dns_rdatatype_aaaa) {
+ 			if (!query_isduplicate(client, fname, crdataset->type,
+ 					       &mname)) {
+-				if (mname != NULL) {
+-					/*
+-					 * A different type of this name is
+-					 * already stored in the additional
+-					 * section.  We'll reuse the name.
+-					 * Note that this should happen at most
+-					 * once.  Otherwise, fname->link could
+-					 * leak below.
+-					 */
+-					INSIST(mname0 == NULL);
+-
+-					query_releasename(client, &fname);
+-					fname = mname;
+-					mname0 = mname;
+-				} else
+-					need_addname = ISC_TRUE;
++				if (mname != fname) {
++					if (mname != NULL) {
++						/*
++						 * A different type of this name is
++						 * already stored in the additional
++						 * section.  We'll reuse the name.
++						 * Note that this should happen at most
++						 * once.  Otherwise, fname->link could
++						 * leak below.
++						 */
++						INSIST(mname0 == NULL);
++
++						query_releasename(client, &fname);
++						fname = mname;
++						mname0 = mname;
++					} else
++						need_addname = ISC_TRUE;
++				}
+ 				ISC_LIST_UNLINK(cfname.list, crdataset, link);
+ 				ISC_LIST_APPEND(fname->list, crdataset, link);
+ 				added_something = ISC_TRUE;
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
new file mode 100644
index 0000000000..19d8df1c2d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
@@ -0,0 +1,89 @@
+The patch to fix CVE-2011-4313
+
+Upstream-Status: Backport
+
+Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
+
+query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
+through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
+through 9.9.0b1 allows remote attackers to cause a denial of service
+(assertion failure and named exit) via unknown vectors related to recursive DNS
+queries, error logging, and the caching of an invalid record by the resolver.
+
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ bin/named/query.c |   19 ++++++++-----------
+ lib/dns/rbtdb.c   |    4 ++--
+ 2 files changed, 10 insertions(+), 13 deletions(-)
+
+--- a/bin/named/query.c
++++ b/bin/named/query.c
+@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			/*
+-			 * Negative cache entries don't have sigrdatasets.
+-			 */
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
+ 		goto setcache;
+ 	if (result == DNS_R_NCACHENXRRSET) {
+ 		dns_rdataset_disassociate(rdataset);
+-		/*
+-		 * Negative cache entries don't have sigrdatasets.
+-		 */
+-		INSIST(! dns_rdataset_isassociated(sigrdataset));
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
+ 	}
+ 	if (result == ISC_R_SUCCESS) {
+ 		/* Remember the result as a cache */
+--- a/lib/dns/rbtdb.c
++++ b/lib/dns/rbtdb.c
+@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
+ 			      rdataset);
+ 		if (need_headerupdate(found, search.now))
+ 			update = found;
+-		if (foundsig != NULL) {
++		if (!NEGATIVE(found) && foundsig != NULL) {
+ 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
+ 				      sigrdataset);
+ 			if (need_headerupdate(foundsig, search.now))
+@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
+ 	}
+ 	if (found != NULL) {
+ 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+ 				      sigrdataset);
+ 	}
+@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
+ 	}
+ 	if (found != NULL) {
+ 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+ 				      sigrdataset);
+ 	}
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
new file mode 100644
index 0000000000..c441eab65d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
@@ -0,0 +1,92 @@
+bind CVE-2012-1667
+
+Upstream-Status: Backport
+
+ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
+and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
+records with a zero-length RDATA section, which allows remote DNS servers to
+cause a denial of service (daemon crash or data corruption) or obtain
+sensitive information from process memory via a crafted record.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
+
+The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ lib/dns/rdata.c     |    8 ++++----
+ lib/dns/rdataslab.c |   11 ++++++++---
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
+index 063b1f6..9337a80 100644
+--- a/lib/dns/rdata.c
++++ b/lib/dns/rdata.c
+@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+index a41f16f..ed13b30 100644
+--- a/lib/dns/rdataslab.c
++++ b/lib/dns/rdataslab.c
+@@ -125,6 +125,11 @@ isc_result_t
+ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 			   isc_region_t *region, unsigned int reservelen)
+ {
++	/*
++	 * Use &removed as a sentinal pointer for duplicate
++	 * rdata as rdata.data == NULL is valid.
++	 */
++	static unsigned char removed;
+ 	struct xrdata  *x;
+ 	unsigned char  *rawbuf;
+ #if DNS_RDATASET_FIXED
+@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 		INSIST(result == ISC_R_SUCCESS);
+ 		dns_rdata_init(&x[i].rdata);
+ 		dns_rdataset_current(rdataset, &x[i].rdata);
++		INSIST(x[i].rdata.data != &removed);
+ #if DNS_RDATASET_FIXED
+ 		x[i].order = i;
+ #endif
+@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 	 */
+ 	for (i = 1; i < nalloc; i++) {
+ 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
+-			x[i-1].rdata.data = NULL;
+-			x[i-1].rdata.length = 0;
++			x[i-1].rdata.data = &removed;
+ #if DNS_RDATASET_FIXED
+ 			/*
+ 			 * Preserve the least order so A, B, A -> A, B
+@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ #endif
+ 
+ 	for (i = 0; i < nalloc; i++) {
+-		if (x[i].rdata.data == NULL)
++		if (x[i].rdata.data == &removed)
+ 			continue;
+ #if DNS_RDATASET_FIXED
+ 		offsettable[x[i].order] = rawbuf - offsetbase;
+-- 
+1.7.0.5
+
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch
new file mode 100644
index 0000000000..1e159bd2f8
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch
@@ -0,0 +1,40 @@
+bind: fix for CVE-2012-3817
+
+Upstream-Status: Backport
+
+ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2;
+9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation
+is enabled, does not properly initialize the failing-query cache, which allows
+remote attackers to cause a denial of service (assertion failure and daemon exit)
+by sending many queries.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817
+
+This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package.
+
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ resolver.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t 
+ 			goto cleanup;
+ 		bad->type = type;
+ 		bad->hashval = hashval;
++		bad->expire = *expire;
+ 		isc_buffer_init(&buffer, bad + 1, name->length);
+ 		dns_name_init(&bad->name, NULL);
+ 		dns_name_copy(name, &bad->name, &buffer);
+@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t 
+ 		if (resolver->badcount < resolver->badhash * 2 &&
+ 		    resolver->badhash > DNS_BADCACHE_SIZE)
+ 			resizehash(resolver, &now, ISC_FALSE);
+-	}
+-	bad->expire = *expire;
++	} else
++		bad->expire = *expire;
+  cleanup:
+ 	UNLOCK(&resolver->lock);
+ }
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
new file mode 100644
index 0000000000..7ec6deb714
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
@@ -0,0 +1,41 @@
+bind: fix for CVE-2013-2266
+
+Upstream-Status: Backport
+
+libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
+9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
+remote attackers to cause a denial of service (memory consumption) via a
+crafted regular expression, as demonstrated by a memory-exhaustion attack
+against a machine running a named process.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
+
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ config.h.in  |    3 ---
+ configure.in |    2 +-
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+
+--- a/config.h.in
++++ b/config.h.in
+@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
+ /* Define if your OpenSSL version supports GOST. */
+ #undef HAVE_OPENSSL_GOST
+ 
+-/* Define to 1 if you have the <regex.h> header file. */
+-#undef HAVE_REGEX_H
+-
+ /* Define to 1 if you have the `setegid' function. */
+ #undef HAVE_SETEGID
+ 
+--- a/configure.in
++++ b/configure.in
+@@ -279,7 +279,7 @@ esac
+ 
+ AC_HEADER_STDC
+ 
+-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
++AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+ [$ac_includes_default
+ #ifdef HAVE_SYS_PARAM_H
+ # include <sys/param.h>
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
new file mode 100644
index 0000000000..5dd6f69e45
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
@@ -0,0 +1,141 @@
+bind_Fix_for_CVE-2012-4244
+
+Upstream-Status: Backport
+
+Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
+
+ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
+ and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
+cause a denial of service (assertion failure and named daemon exit) via
+a query for a long resource record.
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+
+diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
+--- a/lib/dns/include/dns/rdata.h	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/include/dns/rdata.h	2012-10-08 11:26:43.000000000 +0800
+@@ -147,6 +147,17 @@ struct dns_rdata {
+ 	(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
+ 
+ /*
++ * The maximum length of a RDATA that can be sent on the wire.
++ * Max packet size (65535) less header (12), less name (1), type (2),
++ * class (2), ttl(4), length (2).
++ *
++ * None of the defined types that support name compression can exceed
++ * this and all new types are to be sent uncompressed.
++ */
++
++#define DNS_RDATA_MAXLENGTH    65512U
++
++/*
+  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
+  * are used by masterfile-level formatting and defined elsewhere.
+  * See additional comments at dns_rdata_tofmttext().
+diff -urpN a/lib/dns/master.c b/lib/dns/master.c
+--- a/lib/dns/master.c	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/master.c	2012-10-08 11:27:06.000000000 +0800
+@@ -75,7 +75,7 @@
+ /*%
+  * max message size - header - root - type - class - ttl - rdlen
+  */
+-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
++#define MINTSIZ DNS_RDATA_MAXLENGTH 
+ /*%
+  * Size for tokens in the presentation format,
+  * The largest tokens are the base64 blocks in KEY and CERT records,
+diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
+--- a/lib/dns/rdata.c	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/rdata.c	2012-10-08 11:27:27.000000000 +0800
+@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 	isc_buffer_t st;
+ 	isc_boolean_t use_default = ISC_FALSE;
+ 	isc_uint32_t activelength;
++	size_t length;
+ 
+ 	REQUIRE(dctx != NULL);
+ 	if (rdata != NULL) {
+@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 	}
+ 
+ 	/*
++	 * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
++	 * as we cannot transmit it.
++	 */
++	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
++	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
++		result = DNS_R_FORMERR;
++
++	/*
+ 	 * We should have consumed all of our buffer.
+ 	 */
+ 	if (result == ISC_R_SUCCESS && !buffer_empty(source))
+@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 
+ 	if (rdata != NULL && result == ISC_R_SUCCESS) {
+ 		region.base = isc_buffer_used(&st);
+-		region.length = isc_buffer_usedlength(target) -
+-				isc_buffer_usedlength(&st);
++		region.length = length;
+ 		dns_rdata_fromregion(rdata, rdclass, type, &region);
+ 	}
+ 
+@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+ 	unsigned long line;
+ 	void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
+ 	isc_result_t tresult;
++	size_t length;
+ 
+ 	REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
+ 	if (rdata != NULL) {
+@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+ 		}
+ 	} while (1);
+ 
++	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
++	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
++		result = ISC_R_NOSPACE;
++
+ 	if (rdata != NULL && result == ISC_R_SUCCESS) {
+ 		region.base = isc_buffer_used(&st);
+-		region.length = isc_buffer_usedlength(target) -
+-				isc_buffer_usedlength(&st);
++		region.length = length;
+ 		dns_rdata_fromregion(rdata, rdclass, type, &region);
+ 	}
+ 	if (result != ISC_R_SUCCESS) {
+@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+ 	isc_buffer_t st;
+ 	isc_region_t region;
+ 	isc_boolean_t use_default = ISC_FALSE;
++	size_t length;
+ 
+ 	REQUIRE(source != NULL);
+ 	if (rdata != NULL) {
+@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+ 	if (use_default)
+ 		(void)NULL;
+ 
++	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
++	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
++		result = ISC_R_NOSPACE;
++
+ 	if (rdata != NULL && result == ISC_R_SUCCESS) {
+ 		region.base = isc_buffer_used(&st);
+-		region.length = isc_buffer_usedlength(target) -
+-				isc_buffer_usedlength(&st);
++		region.length = length;
+ 		dns_rdata_fromregion(rdata, rdclass, type, &region);
+ 	}
+ 	if (result != ISC_R_SUCCESS)
+diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+--- a/lib/dns/rdataslab.c	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/rdataslab.c	2012-10-08 11:27:54.000000000 +0800
+@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
+ 		length = x[i].rdata.length;
+ 		if (rdataset->type == dns_rdatatype_rrsig)
+ 			length++;
++		INSIST(length <= 0xffff);
+ 		*rawbuf++ = (length & 0xff00) >> 8;
+ 		*rawbuf++ = (length & 0x00ff);
+ #if DNS_RDATASET_FIXED
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch
new file mode 100644
index 0000000000..2785c6a22f
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/conf.patch
@@ -0,0 +1,314 @@
+Upstream-Status: Inappropriate [configuration]
+
+the patch is imported from openembedded project
+
+11/30/2010 - Qing He <qing.he@intel.com>
+
+diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0
+--- bind-9.3.1.orig/conf/db.0	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.0	2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
++;
++; BIND reverse data file for broadcast zone
++;
++$TTL	604800
++@	IN	SOA	localhost. root.localhost. (
++			      1		; Serial
++			 604800		; Refresh
++			  86400		; Retry
++			2419200		; Expire
++			 604800 )	; Negative Cache TTL
++;
++@	IN	NS	localhost.
+diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127
+--- bind-9.3.1.orig/conf/db.127	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.127	2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
++;
++; BIND reverse data file for local loopback interface
++;
++$TTL	604800
++@	IN	SOA	localhost. root.localhost. (
++			      1		; Serial
++			 604800		; Refresh
++			  86400		; Retry
++			2419200		; Expire
++			 604800 )	; Negative Cache TTL
++;
++@	IN	NS	localhost.
++1.0.0	IN	PTR	localhost.
+diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty
+--- bind-9.3.1.orig/conf/db.empty	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.empty	2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,14 @@
++; BIND reverse data file for empty rfc1918 zone
++;
++; DO NOT EDIT THIS FILE - it is used for multiple zones.
++; Instead, copy it, edit named.conf, and use that copy.
++;
++$TTL	86400
++@	IN	SOA	localhost. root.localhost. (
++			      1		; Serial
++			 604800		; Refresh
++			  86400		; Retry
++			2419200		; Expire
++			  86400 )	; Negative Cache TTL
++;
++@	IN	NS	localhost.
+diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local
+--- bind-9.3.1.orig/conf/db.local	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.local	2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
++;
++; BIND data file for local loopback interface
++;
++$TTL	604800
++@	IN	SOA	localhost. root.localhost. (
++			      1		; Serial
++			 604800		; Refresh
++			  86400		; Retry
++			2419200		; Expire
++			 604800 )	; Negative Cache TTL
++;
++@	IN	NS	localhost.
++@	IN	A	127.0.0.1
+diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root
+--- bind-9.3.1.orig/conf/db.root	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.root	2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,45 @@
++
++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
++;; global options:  printcmd
++;; Got answer:
++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
++
++;; QUESTION SECTION:
++;.				IN	NS
++
++;; ANSWER SECTION:
++.			518400	IN	NS	A.ROOT-SERVERS.NET.
++.			518400	IN	NS	B.ROOT-SERVERS.NET.
++.			518400	IN	NS	C.ROOT-SERVERS.NET.
++.			518400	IN	NS	D.ROOT-SERVERS.NET.
++.			518400	IN	NS	E.ROOT-SERVERS.NET.
++.			518400	IN	NS	F.ROOT-SERVERS.NET.
++.			518400	IN	NS	G.ROOT-SERVERS.NET.
++.			518400	IN	NS	H.ROOT-SERVERS.NET.
++.			518400	IN	NS	I.ROOT-SERVERS.NET.
++.			518400	IN	NS	J.ROOT-SERVERS.NET.
++.			518400	IN	NS	K.ROOT-SERVERS.NET.
++.			518400	IN	NS	L.ROOT-SERVERS.NET.
++.			518400	IN	NS	M.ROOT-SERVERS.NET.
++
++;; ADDITIONAL SECTION:
++A.ROOT-SERVERS.NET.	3600000	IN	A	198.41.0.4
++B.ROOT-SERVERS.NET.	3600000	IN	A	192.228.79.201
++C.ROOT-SERVERS.NET.	3600000	IN	A	192.33.4.12
++D.ROOT-SERVERS.NET.	3600000	IN	A	128.8.10.90
++E.ROOT-SERVERS.NET.	3600000	IN	A	192.203.230.10
++F.ROOT-SERVERS.NET.	3600000	IN	A	192.5.5.241
++G.ROOT-SERVERS.NET.	3600000	IN	A	192.112.36.4
++H.ROOT-SERVERS.NET.	3600000	IN	A	128.63.2.53
++I.ROOT-SERVERS.NET.	3600000	IN	A	192.36.148.17
++J.ROOT-SERVERS.NET.	3600000	IN	A	192.58.128.30
++K.ROOT-SERVERS.NET.	3600000	IN	A	193.0.14.129
++L.ROOT-SERVERS.NET.	3600000	IN	A	198.32.64.12
++M.ROOT-SERVERS.NET.	3600000	IN	A	202.12.27.33
++
++;; Query time: 81 msec
++;; SERVER: 198.41.0.4#53(a.root-servers.net.)
++;; WHEN: Sun Feb  1 11:27:14 2004
++;; MSG SIZE  rcvd: 436
++
+diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf
+--- bind-9.3.1.orig/conf/named.conf	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf	2005-07-10 22:33:46.000000000 +0200
+@@ -0,0 +1,49 @@
++// This is the primary configuration file for the BIND DNS server named.
++//
++// If you are just adding zones, please do that in /etc/bind/named.conf.local
++
++include "/etc/bind/named.conf.options";
++
++// prime the server with knowledge of the root servers
++zone "." {
++	type hint;
++	file "/etc/bind/db.root";
++};
++
++// be authoritative for the localhost forward and reverse zones, and for
++// broadcast zones as per RFC 1912
++
++zone "localhost" {
++	type master;
++	file "/etc/bind/db.local";
++};
++
++zone "127.in-addr.arpa" {
++	type master;
++	file "/etc/bind/db.127";
++};
++
++zone "0.in-addr.arpa" {
++	type master;
++	file "/etc/bind/db.0";
++};
++
++zone "255.in-addr.arpa" {
++	type master;
++	file "/etc/bind/db.255";
++};
++
++// zone "com" { type delegation-only; };
++// zone "net" { type delegation-only; };
++
++// From the release notes:
++//  Because many of our users are uncomfortable receiving undelegated answers
++//  from root or top level domains, other than a few for whom that behaviour
++//  has been trusted and expected for quite some length of time, we have now
++//  introduced the "root-delegations-only" feature which applies delegation-only
++//  logic to all top level domains, and to the root domain.  An exception list
++//  should be specified, including "MUSEUM" and "DE", and any other top level
++//  domains from whom undelegated responses are expected and trusted.
++// root-delegation-only exclude { "DE"; "MUSEUM"; };
++
++include "/etc/bind/named.conf.local";
+diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local
+--- bind-9.3.1.orig/conf/named.conf.local	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf.local	2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,8 @@
++//
++// Do any local configuration here
++//
++
++// Consider adding the 1918 zones here, if they are not used in your
++// organization
++//include "/etc/bind/zones.rfc1918";
++
+diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options
+--- bind-9.3.1.orig/conf/named.conf.options	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf.options	2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,24 @@
++options {
++	directory "/var/cache/bind";
++
++	// If there is a firewall between you and nameservers you want
++	// to talk to, you might need to uncomment the query-source
++	// directive below.  Previous versions of BIND always asked
++	// questions using port 53, but BIND 8.1 and later use an unprivileged
++	// port by default.
++
++	// query-source address * port 53;
++
++	// If your ISP provided one or more IP addresses for stable 
++	// nameservers, you probably want to use them as forwarders.  
++	// Uncomment the following block, and insert the addresses replacing 
++	// the all-0's placeholder.
++
++	// forwarders {
++	// 	0.0.0.0;
++	// };
++
++	auth-nxdomain no;    # conform to RFC1035
++
++};
++
+diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918
+--- bind-9.3.1.orig/conf/zones.rfc1918	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/zones.rfc1918	2005-07-10 22:14:10.000000000 +0200
+@@ -0,0 +1,20 @@
++zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
++ 
++zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
++
++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
+--- bind-9.3.1.orig/init.d	1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/init.d	2005-07-10 23:09:58.000000000 +0200
+@@ -0,0 +1,70 @@
++#!/bin/sh
++
++PATH=/sbin:/bin:/usr/sbin:/usr/bin
++
++# for a chrooted server: "-u bind -t /var/lib/named"
++# Don't modify this line, change or create /etc/default/bind9.
++OPTIONS=""
++
++test -f /etc/default/bind9 && . /etc/default/bind9
++
++test -x /usr/sbin/rndc || exit 0
++
++case "$1" in
++    start)
++	echo -n "Starting domain name service: named"
++
++	modprobe capability >/dev/null 2>&1 || true
++	if [ ! -f /etc/bind/rndc.key ]; then
++	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++	    chown 0640 /etc/bind/rndc.key
++	fi
++	if [ -f /var/run/named/named.pid ]; then
++	    ps `cat /var/run/named/named.pid` > /dev/null && exit 1
++	fi
++
++	# dirs under /var/run can go away on reboots.
++	mkdir -p /var/run/named
++	mkdir -p /var/cache/bind
++	chmod 775 /var/run/named
++	chown root:bind /var/run/named >/dev/null 2>&1 || true
++
++	if [ ! -x /usr/sbin/named ]; then
++	    echo "named binary missing - not starting"
++	    exit 1
++	fi
++	if start-stop-daemon --start --quiet --exec /usr/sbin/named \
++		--pidfile /var/run/named/named.pid -- $OPTIONS; then
++	    if [ -x /sbin/resolvconf ] ; then
++		echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo
++	    fi
++	fi
++	echo "."	
++    ;;
++
++    stop)
++	echo -n "Stopping domain name service: named"
++	if [ -x /sbin/resolvconf ]; then
++	    /sbin/resolvconf -d lo
++	fi
++	/usr/sbin/rndc stop >/dev/null 2>&1
++	echo "."	
++    ;;
++
++    reload)
++	/usr/sbin/rndc reload
++    ;;
++
++    restart|force-reload)
++	$0 stop
++	sleep 2
++	$0 start
++    ;;
++    
++    *)
++	echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
++	exit 1
++    ;;
++esac
++
++exit 0
diff --git a/meta/recipes-connectivity/bind/bind/cross-build-fix.patch b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch
new file mode 100644
index 0000000000..4c37b6b00c
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch
@@ -0,0 +1,21 @@
+Upstream-Status: Inappropriate [configuration]
+
+11/30/2010
+gen.c should be build by ${BUILD_CC}
+
+Signed-off-by: Qing He <qing.he@intel.com>
+
+diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in
+index aeadf57..d3fae74 100644
+--- a/lib/export/dns/Makefile.in
++++ b/lib/export/dns/Makefile.in
+@@ -166,7 +166,8 @@ code.h:	gen
+ 	./gen -s ${srcdir} > code.h
+ 
+ gen: ${srcdir}/gen.c
+-	${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS}
++	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
++	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
+ 
+ #We don't need rbtdb64 for this library
+ #rbtdb64.@O@: rbtdb.c
diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
new file mode 100644
index 0000000000..89207404b5
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
@@ -0,0 +1,13 @@
+Index: bind-9.9.5/bin/Makefile.in
+===================================================================
+--- bind-9.9.5.orig/bin/Makefile.in
++++ bind-9.9.5/bin/Makefile.in
+@@ -19,7 +19,7 @@ srcdir =	@srcdir@
+ VPATH =		@srcdir@
+ top_srcdir =	@top_srcdir@
+ 
+-SUBDIRS =	named rndc dig dnssec tools tests nsupdate \
++SUBDIRS =	named rndc dig dnssec tools nsupdate \
+ 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+ TARGETS =
+ 
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
new file mode 100644
index 0000000000..146f3e35db
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
@@ -0,0 +1,42 @@
+bind: make "/etc/init.d/bind stop" work
+
+Upstream-Status: Inappropriate [configuration]
+
+Add some configurations, make rndc command be able to controls
+the named daemon.
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ conf/named.conf |    5 +++++
+ conf/rndc.conf  |    5 +++++
+ 2 files changed, 10 insertions(+), 0 deletions(-)
+ create mode 100644 conf/rndc.conf
+
+diff --git a/conf/named.conf b/conf/named.conf
+index 95829cf..c8899e7 100644
+--- a/conf/named.conf
++++ b/conf/named.conf
+@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" {
+ // root-delegation-only exclude { "DE"; "MUSEUM"; };
+ 
+ include "/etc/bind/named.conf.local";
++include "/etc/bind/rndc.key" ;
++controls {
++	inet 127.0.0.1 allow { localhost; }
++	keys { rndc-key; };
++};
+diff --git a/conf/rndc.conf b/conf/rndc.conf
+new file mode 100644
+index 0000000..a0b481d
+--- /dev/null
++++ b/conf/rndc.conf
+@@ -0,0 +1,5 @@
++include "/etc/bind/rndc.key";
++options {
++	default-server  localhost;
++	default-key     rndc-key;
++};
+
+-- 
+1.7.5.4
+
diff --git a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
new file mode 100644
index 0000000000..2930796b6a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
@@ -0,0 +1,104 @@
+bind: port a patch to fix a build failure
+
+mips1 does not support ll and sc instructions, and lead to below error, now
+we port a patch from debian to fix it
+[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz]
+
+| {standard input}: Assembler messages:
+| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)'
+| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)'
+
+Upstream-Status: Pending
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+
+--- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h
++++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h
+@@ -31,18 +31,20 @@
+ isc_atomic_xadd(isc_int32_t *p, int val) {
+ 	isc_int32_t orig;
+ 
+-	/* add is a cheat, since MIPS has no mov instruction */
+-	__asm__ volatile (
+-	    "1:"
+-	    "ll $3, %1\n"
+-	    "add %0, $0, $3\n"
+-	    "add $3, $3, %2\n"
+-	    "sc $3, %1\n"
+-	    "beq $3, 0, 1b"
+-	    : "=&r"(orig)
+-	    : "m"(*p), "r"(val)
+-	    : "memory", "$3"
+-		);
++	__asm__ __volatile__ (
++	"	.set	push		\n"
++	"	.set	mips2		\n"
++	"	.set	noreorder	\n"
++	"	.set	noat		\n"
++	"1:	ll	$1, %1		\n"
++	"	addu	%0, $1, %2	\n"
++	"	sc	%0, %1		\n"
++	"	beqz	%0, 1b		\n"
++	"	move	%0, $1		\n"
++	"	.set	pop		\n"
++	: "=&r" (orig), "+R" (*p)
++	: "r" (val)
++	: "memory");
+ 
+ 	return (orig);
+ }
+@@ -52,16 +54,7 @@
+  */
+ static inline void
+ isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+-	__asm__ volatile (
+-	    "1:"
+-	    "ll $3, %0\n"
+-	    "add $3, $0, %1\n"
+-	    "sc $3, %0\n"
+-	    "beq $3, 0, 1b"
+-	    :
+-	    : "m"(*p), "r"(val)
+-	    : "memory", "$3"
+-		);
++	*p = val;
+ }
+ 
+ /*
+@@ -72,20 +65,23 @@
+ static inline isc_int32_t
+ isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) {
+ 	isc_int32_t orig;
++	isc_int32_t tmp;
+ 
+-	__asm__ volatile(
+-	    "1:"
+-	    "ll $3, %1\n"
+-	    "add %0, $0, $3\n"
+-	    "bne $3, %2, 2f\n"
+-	    "add $3, $0, %3\n"
+-	    "sc $3, %1\n"
+-	    "beq $3, 0, 1b\n"
+-	    "2:"
+-	    : "=&r"(orig)
+-	    : "m"(*p), "r"(cmpval), "r"(val)
+-	    : "memory", "$3"
+-		);
++	__asm__ __volatile__ (
++	"	.set	push		\n"
++	"	.set	mips2		\n"
++	"	.set	noreorder	\n"
++	"	.set	noat		\n"
++	"1:	ll	$1, %1		\n"
++	"	bne	$1, %3, 2f	\n"
++	"	move	%2, %4		\n"
++	"	sc	%2, %1		\n"
++	"	beqz	%2, 1b		\n"
++	"2:	move	%0, $1		\n"
++	"	.set	pop		\n"
++	: "=&r"(orig), "+R" (*p), "=r" (tmp)
++	: "r"(cmpval), "r"(val)
++	: "memory");
+ 
+ 	return (orig);
+ }