diff options
author | Saul Wold <sgw@linux.intel.com> | 2014-03-04 13:56:06 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-03-11 20:23:17 -0700 |
commit | 041576d6d63ad807ca405dcea9eeecf1c9ccd7fe (patch) | |
tree | ea66a640004902f8fe466b0ab28f4a0f53ad7f92 /meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch | |
parent | 58fb2f8eac69bc6ae5bcba8227d161888af5a230 (diff) | |
download | openembedded-core-contrib-041576d6d63ad807ca405dcea9eeecf1c9ccd7fe.tar.gz |
bind: Update to 9.9.5
Remove CVE patches that are in bind
Updated COPYRIGHT includes date changes the NetBSD Copyright
Modifies the Base BSD License to 3-Clause (removes advertising clause)w
Add patch to disable running tests on host
Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch new file mode 100644 index 0000000000..1e159bd2f8 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch @@ -0,0 +1,40 @@ +bind: fix for CVE-2012-3817 + +Upstream-Status: Backport + +ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; +9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation +is enabled, does not properly initialize the failing-query cache, which allows +remote attackers to cause a denial of service (assertion failure and daemon exit) +by sending many queries. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 + +This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package. + +Signed-off-by: Ming Liu <ming.liu@windriver.com> +--- + resolver.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t + goto cleanup; + bad->type = type; + bad->hashval = hashval; ++ bad->expire = *expire; + isc_buffer_init(&buffer, bad + 1, name->length); + dns_name_init(&bad->name, NULL); + dns_name_copy(name, &bad->name, &buffer); +@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t + if (resolver->badcount < resolver->badhash * 2 && + resolver->badhash > DNS_BADCACHE_SIZE) + resizehash(resolver, &now, ISC_FALSE); +- } +- bad->expire = *expire; ++ } else ++ bad->expire = *expire; + cleanup: + UNLOCK(&resolver->lock); + } |