bind: 9.11.22 -> 9.11.32

updates include fixes for CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 CVE-2020-8625 fixed in 9.11.28, so drop that patch (From OE-Core rev: d7e56f1910b7963d8b704107903ecf40e9472d3c) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> tmp Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2021-06-09 16:54:48 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-06-19 16:59:29 +0100
commit: 1ed30171a60d71c8d0fed3eedf2592e52a88f4d6 (patch)
tree: ad4507d94fac72a1f08b6f499ecdddda31cad429
parent: 8bc7fc1f90eb162759e6b1f44a65cff5d91a5adf (diff)
download: poky-1ed30171a60d71c8d0fed3eedf2592e52a88f4d6.tar.gz
2 files changed, 2 insertions, 20 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
deleted file mode 100644
index 9078f2448e..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
-CVE: CVE-2020-8625
-Signed-off-by: Minjae Kim <flowergom@gmail.com>
-diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
-index e61d1c600f2..753dc8049fa 100644
--- a/lib/dns/spnego.c
-+++ b/lib/dns/spnego.c
-@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
-                return (ASN1_OVERRUN);
-        }
- 
-       data->components = malloc(len * sizeof(*data->components));
-+       data->components = malloc((len + 1) * sizeof(*data->components));
-        if (data->components == NULL) {
-                return (ENOMEM);
-        }
diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.32.bb
index 5598ba976d..9feebe5ae2 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.32.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
 SECTION = "console/network"
 LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
 DEPENDS = "openssl libcap zlib"
@@ -19,10 +19,9 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
           file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
           file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
           file://0001-avoid-start-failure-with-bind-user.patch \
-           file://CVE-2020-8625.patch \
           "
-SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
+SRC_URI[sha256sum] = "cbf8cb4b74dd1452d97c3a2a8c625ea346df8516b4b3508ef07443121a591342"
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
author	Lee Chee Yang <chee.yang.lee@intel.com>	2021-06-09 16:54:48 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-06-19 16:59:29 +0100
commit	1ed30171a60d71c8d0fed3eedf2592e52a88f4d6 (patch)
tree	ad4507d94fac72a1f08b6f499ecdddda31cad429
parent	8bc7fc1f90eb162759e6b1f44a65cff5d91a5adf (diff)
download	poky-1ed30171a60d71c8d0fed3eedf2592e52a88f4d6.tar.gz

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch deleted file mode 100644 index 9078f2448e..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch +++ /dev/null
@@ -1,17 +0,0 @@
1	Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
2	CVE: CVE-2020-8625
3	Signed-off-by: Minjae Kim <flowergom@gmail.com>
4
5	diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
6	index e61d1c600f2..753dc8049fa 100644
7	--- a/lib/dns/spnego.c
8	+++ b/lib/dns/spnego.c
9	@@ -848,7 +848,7 @@ der_get_oid(const unsigned char p, size_t len, oid data, size_t *size) {
10	return (ASN1_OVERRUN);
11	}
12
13	- data->components = malloc(len * sizeof(*data->components));
14	+ data->components = malloc((len + 1) * sizeof(*data->components));
15	if (data->components == NULL) {
16	return (ENOMEM);
17	}


diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.32.bb index 5598ba976d..9feebe5ae2 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.22.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.32.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
4	SECTION = "console/network"	4	SECTION = "console/network"
5		5
6	LICENSE = "ISC & BSD"	6	LICENSE = "ISC & BSD"
7	LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45"	7	LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
8		8
9	DEPENDS = "openssl libcap zlib"	9	DEPENDS = "openssl libcap zlib"
10		10
@@ -19,10 +19,9 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
19	file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \	19	file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
20	file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \	20	file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
21	file://0001-avoid-start-failure-with-bind-user.patch \	21	file://0001-avoid-start-failure-with-bind-user.patch \
22	file://CVE-2020-8625.patch \
23	"	22	"
24		23
25	SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"	24	SRC_URI[sha256sum] = "cbf8cb4b74dd1452d97c3a2a8c625ea346df8516b4b3508ef07443121a591342"
26		25
27	UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"	26	UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
28	# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4	27	# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4