bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722

three security fixes. (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Armin Kuster <akuster@mvista.com> 2015-09-12 15:17:26 -0700
committer: Tudor Florea <tudor.florea@enea.com> 2015-11-12 11:01:18 +0100
commit: b6105680bfb85915e0012c456118441c4c74463d (patch)
tree: 179e8ae4340a8e0e7cedb2ca63590b907791a12d /meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
parent: bf6c30908948b7bc9be1206fe88c09dc3f526387 (diff)
download: poky-b6105680bfb85915e0012c456118441c4c74463d.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
new file mode 100644
index 0000000000..1a5051e638
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
@@ -0,0 +1,36 @@
+CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
+issue introduced by git commit
+https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d
+which is in this version of bind.
+Upstream Status: Backport from Redhat
+https://bugzilla.redhat.com/attachment.cgi?id=1044719
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: bind-9.9.5/lib/dns/validator.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/validator.c
+++ bind-9.9.5/lib/dns/validator.c
+@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
+  */
+ static isc_boolean_t
+ isselfsigned(dns_validator_t *val) {
+-       dns_fixedname_t fixed;
+        dns_rdataset_t *rdataset, *sigrdataset;
+        dns_rdata_t rdata = DNS_RDATA_INIT;
+        dns_rdata_t sigrdata = DNS_RDATA_INIT;
+@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
+                        result = dns_dnssec_verify3(name, rdataset, dstkey,
+                                                    ISC_TRUE,
+                                                    val->view->maxbits,
+-                                                   mctx, &sigrdata,
+-                                                   dns_fixedname_name(&fixed));
+                                                   mctx, &sigrdata, NULL);
+                        dst_key_free(&dstkey);
+                        if (result != ISC_R_SUCCESS)
+                                continue;
author	Armin Kuster <akuster@mvista.com>	2015-09-12 15:17:26 -0700
committer	Tudor Florea <tudor.florea@enea.com>	2015-11-12 11:01:18 +0100
commit	b6105680bfb85915e0012c456118441c4c74463d (patch)
tree	179e8ae4340a8e0e7cedb2ca63590b907791a12d /meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
parent	bf6c30908948b7bc9be1206fe88c09dc3f526387 (diff)
download	poky-b6105680bfb85915e0012c456118441c4c74463d.tar.gz

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch new file mode 100644 index 0000000000..1a5051e638 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
@@ -0,0 +1,36 @@
	1	CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
	2
	3	issue introduced by git commit
	4
	5	https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d
	6
	7	which is in this version of bind.
	8
	9	Upstream Status: Backport from Redhat
	10
	11	https://bugzilla.redhat.com/attachment.cgi?id=1044719
	12
	13	Signed-off-by: Armin Kuster <akuster@mvista.com>
	14
	15	Index: bind-9.9.5/lib/dns/validator.c
	16	===================================================================
	17	--- bind-9.9.5.orig/lib/dns/validator.c
	18	+++ bind-9.9.5/lib/dns/validator.c
	19	@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
	20	*/
	21	static isc_boolean_t
	22	isselfsigned(dns_validator_t *val) {
	23	- dns_fixedname_t fixed;
	24	dns_rdataset_t rdataset, sigrdataset;
	25	dns_rdata_t rdata = DNS_RDATA_INIT;
	26	dns_rdata_t sigrdata = DNS_RDATA_INIT;
	27	@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
	28	result = dns_dnssec_verify3(name, rdataset, dstkey,
	29	ISC_TRUE,
	30	val->view->maxbits,
	31	- mctx, &sigrdata,
	32	- dns_fixedname_name(&fixed));
	33	+ mctx, &sigrdata, NULL);
	34	dst_key_free(&dstkey);
	35	if (result != ISC_R_SUCCESS)
	36	continue;