summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMinjae Kim <flowergom@gmail.com>2021-03-02 07:50:12 +0900
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-03-10 00:22:50 +0000
commit41057791a7af219de7aab9c99effa2283e2ba1c0 (patch)
tree52f5bac5724aca1e90a1548e89864c1a82465440
parente9a38cd0d870df91bdaeac03a6b570fb2095997d (diff)
downloadpoky-41057791a7af219de7aab9c99effa2283e2ba1c0.tar.gz
bind: fix CVE-2020-8625
BIND Operational Notification: Zone journal (.jnl) file incompatibility Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch] CVE: CVE-2020-8625 (From OE-Core rev: dcce323a1b651a875da8e51f02f015de442d7d49) Signed-off-by: Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch17
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.22.bb1
2 files changed, 18 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
new file mode 100644
index 0000000000..9078f2448e
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
@@ -0,0 +1,17 @@
1Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
2CVE: CVE-2020-8625
3Signed-off-by: Minjae Kim <flowergom@gmail.com>
4
5diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
6index e61d1c600f2..753dc8049fa 100644
7--- a/lib/dns/spnego.c
8+++ b/lib/dns/spnego.c
9@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
10 return (ASN1_OVERRUN);
11 }
12
13- data->components = malloc(len * sizeof(*data->components));
14+ data->components = malloc((len + 1) * sizeof(*data->components));
15 if (data->components == NULL) {
16 return (ENOMEM);
17 }
diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb
index 3b4a299b36..e3b9cacc15 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb
@@ -18,6 +18,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
18 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ 18 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
19 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ 19 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
20 file://0001-avoid-start-failure-with-bind-user.patch \ 20 file://0001-avoid-start-failure-with-bind-user.patch \
21 file://CVE-2020-8625.patch \
21 " 22 "
22 23
23SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9" 24SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-22 20:51:05 +0000