diff options
| author | Roy Li <rongqing.li@windriver.com> | 2015-05-04 16:43:39 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-05-09 22:26:42 +0100 |
| commit | 05956671a250e7664593e136d1d60cc2df36e245 (patch) | |
| tree | 6f8862d781328447029afb139514de0f2c49aba3 /meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch | |
| parent | 29c7111362add0b4c457d11eecdb9c1928806e51 (diff) | |
| download | poky-05956671a250e7664593e136d1d60cc2df36e245.tar.gz | |
bind: upgrade to 9.10.2
1. Remove two unneeded CVE patches, 9.10.2 fixed the CVE-2015-1349 also
2. Remove bind-subdirs-run-serially.patch and cross-build-fix.patch,
similar fixes are merged into 9.10.2
3. update the dont-test-on-host.patch
4. update the Copyright file checksum, since the date in it has been changed.
5. replace the hardcode lib dir with $base_libdir in bind-add-crosscripts*.patch
(From OE-Core rev: 41d53f0139a9cb29679dbcaaab8311a1364c65f4)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch')
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch deleted file mode 100644 index 1e159bd2f8..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch +++ /dev/null | |||
| @@ -1,40 +0,0 @@ | |||
| 1 | bind: fix for CVE-2012-3817 | ||
| 2 | |||
| 3 | Upstream-Status: Backport | ||
| 4 | |||
| 5 | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; | ||
| 6 | 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation | ||
| 7 | is enabled, does not properly initialize the failing-query cache, which allows | ||
| 8 | remote attackers to cause a denial of service (assertion failure and daemon exit) | ||
| 9 | by sending many queries. | ||
| 10 | |||
| 11 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 | ||
| 12 | |||
| 13 | This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package. | ||
| 14 | |||
| 15 | Signed-off-by: Ming Liu <ming.liu@windriver.com> | ||
| 16 | --- | ||
| 17 | resolver.c | 5 +++-- | ||
| 18 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
| 19 | |||
| 20 | --- a/lib/dns/resolver.c | ||
| 21 | +++ b/lib/dns/resolver.c | ||
| 22 | @@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t | ||
| 23 | goto cleanup; | ||
| 24 | bad->type = type; | ||
| 25 | bad->hashval = hashval; | ||
| 26 | + bad->expire = *expire; | ||
| 27 | isc_buffer_init(&buffer, bad + 1, name->length); | ||
| 28 | dns_name_init(&bad->name, NULL); | ||
| 29 | dns_name_copy(name, &bad->name, &buffer); | ||
| 30 | @@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t | ||
| 31 | if (resolver->badcount < resolver->badhash * 2 && | ||
| 32 | resolver->badhash > DNS_BADCACHE_SIZE) | ||
| 33 | resizehash(resolver, &now, ISC_FALSE); | ||
| 34 | - } | ||
| 35 | - bad->expire = *expire; | ||
| 36 | + } else | ||
| 37 | + bad->expire = *expire; | ||
| 38 | cleanup: | ||
| 39 | UNLOCK(&resolver->lock); | ||
| 40 | } | ||