1 files changed, 0 insertions, 60 deletions
diff --git a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
deleted file mode 100644
index 48ae125f84..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Backport patch to fix CVE-2018-5743.
-Ref:
-https://security-tracker.debian.org/tracker/CVE-2018-5743
-CVE: CVE-2018-5743
-Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d]
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
-Date: Thu, 3 Jan 2019 14:17:43 +0100
-Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1)
-tcp-clients settings could be exceeded in some cases by
-creating more and more active TCP clients that are over
-the set quota limit, which in the end could lead to a
-DoS attack by e.g. exhaustion of file descriptors.
-If TCP client we're closing went over the quota (so it's
-not attached to a quota) mark it as mortal - so that it
-will be destroyed and not set up to listen for new
-connections - unless it's the last client for a specific
-interface.
-(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115)
-(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776)
---
- bin/named/client.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-diff --git a/bin/named/client.c b/bin/named/client.c
-index d482da7121..0739dd48af 100644
--- a/bin/named/client.c
-+++ b/bin/named/client.c
-@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
-                        isc_socket_detach(&client->tcpsocket);
-                }
- 
-               if (client->tcpquota != NULL)
-+               if (client->tcpquota != NULL) {
-                        isc_quota_detach(&client->tcpquota);
-+               } else {
-+                       /*
-+                        * We went over quota with this client, we don't
-+                        * want to restart listening unless this is the
-+                        * last client on this interface, which is
-+                        * checked later.
-+                        */
-+                       if (TCP_CLIENT(client)) {
-+                               client->mortal = true;
-+                       }
-+               }
- 
-                if (client->timerset) {
-                        (void)isc_timer_reset(client->timer,
-- 
-2.20.1

diff --git a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch deleted file mode 100644 index 48ae125f84..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch +++ /dev/null
@@ -1,60 +0,0 @@
1	Backport patch to fix CVE-2018-5743.
2
3	Ref:
4	https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6	CVE: CVE-2018-5743
7	Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d]
8
9	Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11	From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001
12	From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
13	Date: Thu, 3 Jan 2019 14:17:43 +0100
14	Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1)
15
16	tcp-clients settings could be exceeded in some cases by
17	creating more and more active TCP clients that are over
18	the set quota limit, which in the end could lead to a
19	DoS attack by e.g. exhaustion of file descriptors.
20
21	If TCP client we're closing went over the quota (so it's
22	not attached to a quota) mark it as mortal - so that it
23	will be destroyed and not set up to listen for new
24	connections - unless it's the last client for a specific
25	interface.
26
27	(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115)
28	(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776)
29	---
30	bin/named/client.c \| 13 ++++++++++++-
31	1 file changed, 12 insertions(+), 1 deletion(-)
32
33	diff --git a/bin/named/client.c b/bin/named/client.c
34	index d482da7121..0739dd48af 100644
35	--- a/bin/named/client.c
36	+++ b/bin/named/client.c
37	@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
38	isc_socket_detach(&client->tcpsocket);
39	}
40
41	- if (client->tcpquota != NULL)
42	+ if (client->tcpquota != NULL) {
43	isc_quota_detach(&client->tcpquota);
44	+ } else {
45	+ /*
46	+ * We went over quota with this client, we don't
47	+ * want to restart listening unless this is the
48	+ * last client on this interface, which is
49	+ * checked later.
50	+ */
51	+ if (TCP_CLIENT(client)) {
52	+ client->mortal = true;
53	+ }
54	+ }
55
56	if (client->timerset) {
57	(void)isc_timer_reset(client->timer,
58	--
59	2.20.1
60