diff options
| author | akuster <akuster808@gmail.com> | 2020-07-09 00:07:57 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-08-04 23:17:37 +0100 |
| commit | 836c3b18657f850ccd590532b10d8e06e5e87720 (patch) | |
| tree | 871e5fecdd3c4cb4a2a1aa6414882745d1ad7d80 /meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch | |
| parent | 77d5709875401ecb23925675a8c33b31336f0953 (diff) | |
| download | poky-836c3b18657f850ccd590532b10d8e06e5e87720.tar.gz | |
bind: update to 9.11.19
Bug fix only updates.
suitable for Stable branch updates where applicable.
Drop CVE patches included in update
LIC_FILES_CHKSUM update copyright year to 2020
Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES
(From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2)
(From OE-Core rev: 74aacd292387f9a2c36381080ade5537af1d3d9e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch')
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch deleted file mode 100644 index d8769c45cc..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch +++ /dev/null | |||
| @@ -1,29 +0,0 @@ | |||
| 1 | Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8617.patch] | ||
| 2 | CVE: CVE-2020-8617 | ||
| 3 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
| 4 | --- | ||
| 5 | diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c | ||
| 6 | index b597a18d49..6357a3a486 100644 | ||
| 7 | --- a/lib/dns/tsig.c | ||
| 8 | +++ b/lib/dns/tsig.c | ||
| 9 | @@ -1427,8 +1424,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, | ||
| 10 | goto cleanup_context; | ||
| 11 | } | ||
| 12 | msg->verified_sig = 1; | ||
| 13 | - } else if (tsig.error != dns_tsigerror_badsig && | ||
| 14 | - tsig.error != dns_tsigerror_badkey) { | ||
| 15 | + } else if (!response || (tsig.error != dns_tsigerror_badsig && | ||
| 16 | + tsig.error != dns_tsigerror_badkey)) | ||
| 17 | + { | ||
| 18 | tsig_log(msg->tsigkey, 2, "signature was empty"); | ||
| 19 | return (DNS_R_TSIGVERIFYFAILURE); | ||
| 20 | } | ||
| 21 | @@ -1484,7 +1482,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, | ||
| 22 | } | ||
| 23 | } | ||
| 24 | |||
| 25 | - if (tsig.error != dns_rcode_noerror) { | ||
| 26 | + if (response && tsig.error != dns_rcode_noerror) { | ||
| 27 | msg->tsigstatus = tsig.error; | ||
| 28 | if (tsig.error == dns_tsigerror_badtime) | ||
| 29 | ret = DNS_R_CLOCKSKEW; | ||