bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722

three security fixes. (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2015-09-12 15:17:26 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-09-19 11:53:16 +0100
commit: 85f6cf736b5ecf3af6d1596b782dae81b9ac1f11 (patch)
tree: d981404fb80ebec03bca8a611b23891085f4b35e /meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
parent: a01280b7ab323f415e91243ada46dc42b501116a (diff)
download: poky-85f6cf736b5ecf3af6d1596b782dae81b9ac1f11.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
new file mode 100644
index 0000000000..1a5051e638
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
@@ -0,0 +1,36 @@
+CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
+issue introduced by git commit
+https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d
+which is in this version of bind.
+Upstream Status: Backport from Redhat
+https://bugzilla.redhat.com/attachment.cgi?id=1044719
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: bind-9.9.5/lib/dns/validator.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/validator.c
+++ bind-9.9.5/lib/dns/validator.c
+@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
+  */
+ static isc_boolean_t
+ isselfsigned(dns_validator_t *val) {
+-       dns_fixedname_t fixed;
+        dns_rdataset_t *rdataset, *sigrdataset;
+        dns_rdata_t rdata = DNS_RDATA_INIT;
+        dns_rdata_t sigrdata = DNS_RDATA_INIT;
+@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
+                        result = dns_dnssec_verify3(name, rdataset, dstkey,
+                                                    ISC_TRUE,
+                                                    val->view->maxbits,
+-                                                   mctx, &sigrdata,
+-                                                   dns_fixedname_name(&fixed));
+                                                   mctx, &sigrdata, NULL);
+                        dst_key_free(&dstkey);
+                        if (result != ISC_R_SUCCESS)
+                                continue;
author	Armin Kuster <akuster@mvista.com>	2015-09-12 15:17:26 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-09-19 11:53:16 +0100
commit	85f6cf736b5ecf3af6d1596b782dae81b9ac1f11 (patch)
tree	d981404fb80ebec03bca8a611b23891085f4b35e /meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
parent	a01280b7ab323f415e91243ada46dc42b501116a (diff)
download	poky-85f6cf736b5ecf3af6d1596b782dae81b9ac1f11.tar.gz

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch new file mode 100644 index 0000000000..1a5051e638 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
@@ -0,0 +1,36 @@
	1	CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
	2
	3	issue introduced by git commit
	4
	5	https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d
	6
	7	which is in this version of bind.
	8
	9	Upstream Status: Backport from Redhat
	10
	11	https://bugzilla.redhat.com/attachment.cgi?id=1044719
	12
	13	Signed-off-by: Armin Kuster <akuster@mvista.com>
	14
	15	Index: bind-9.9.5/lib/dns/validator.c
	16	===================================================================
	17	--- bind-9.9.5.orig/lib/dns/validator.c
	18	+++ bind-9.9.5/lib/dns/validator.c
	19	@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
	20	*/
	21	static isc_boolean_t
	22	isselfsigned(dns_validator_t *val) {
	23	- dns_fixedname_t fixed;
	24	dns_rdataset_t rdataset, sigrdataset;
	25	dns_rdata_t rdata = DNS_RDATA_INIT;
	26	dns_rdata_t sigrdata = DNS_RDATA_INIT;
	27	@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
	28	result = dns_dnssec_verify3(name, rdataset, dstkey,
	29	ISC_TRUE,
	30	val->view->maxbits,
	31	- mctx, &sigrdata,
	32	- dns_fixedname_name(&fixed));
	33	+ mctx, &sigrdata, NULL);
	34	dst_key_free(&dstkey);
	35	if (result != ISC_R_SUCCESS)
	36	continue;