1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch
new file mode 100644
index 0000000000..c4a052d7b6
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch
@@ -0,0 +1,44 @@
+a crash or assertion failure can during format processing 
+[security]
+The following flaw in BIND was reported by ISC:
+In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the issue may result in a REQUIRE assertion failure in buffer.c.
+This issue can affect both authoritative and recursive servers if they are performing debug logging. (It may also crash related tools which use the same code, such as dig or delv.)
+A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.
+Upstream-Status: Backport
+CVE: CVE-2015-8705
+[The patch is taken from BIND 9.10.3:
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8705]
+Signed-off-by: Derek Straka <derek@asterius.io>
+diff --git a/lib/dns/message.c b/lib/dns/message.c
+index ea7b93a..810c58e 100644
+--- a/lib/dns/message.c
+++ b/lib/dns/message.c
+@@ -3310,9 +3310,19 @@
+                        } else if (optcode == DNS_OPT_SIT) {
+                                ADD_STRING(target, "; SIT");
+                        } else if (optcode == DNS_OPT_CLIENT_SUBNET) {
+                               isc_buffer_t ecsbuf;
+                                ADD_STRING(target, "; CLIENT-SUBNET: ");
+-                               render_ecs(&optbuf, target);
+-                               ADD_STRING(target, "\n");
+                               isc_buffer_init(&ecsbuf,
+                                                       isc_buffer_current(&optbuf),
+                                                       optlen);
+                               isc_buffer_add(&ecsbuf, optlen);
+                               result = render_ecs(&ecsbuf, target);
+                               if (result == ISC_R_NOSPACE)
+                                       return (result);
+                               if (result == ISC_R_SUCCESS) {
+                                       isc_buffer_forward(&optbuf, optlen);
+                                        ADD_STRING(target, "\n");
+                }
+                                continue;
+                        } else if (optcode == DNS_OPT_EXPIRE) {
+                                if (optlen == 4) {

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch new file mode 100644 index 0000000000..c4a052d7b6 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch
@@ -0,0 +1,44 @@
	1	a crash or assertion failure can during format processing
	2
	3	[security]
	4	The following flaw in BIND was reported by ISC:
	5
	6	In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the issue may result in a REQUIRE assertion failure in buffer.c.
	7
	8	This issue can affect both authoritative and recursive servers if they are performing debug logging. (It may also crash related tools which use the same code, such as dig or delv.)
	9
	10	A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.
	11
	12	Upstream-Status: Backport
	13	CVE: CVE-2015-8705
	14
	15	[The patch is taken from BIND 9.10.3:
	16	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8705]
	17
	18	Signed-off-by: Derek Straka <derek@asterius.io>
	19	diff --git a/lib/dns/message.c b/lib/dns/message.c
	20	index ea7b93a..810c58e 100644
	21	--- a/lib/dns/message.c
	22	+++ b/lib/dns/message.c
	23	@@ -3310,9 +3310,19 @@
	24	} else if (optcode == DNS_OPT_SIT) {
	25	ADD_STRING(target, "; SIT");
	26	} else if (optcode == DNS_OPT_CLIENT_SUBNET) {
	27	+ isc_buffer_t ecsbuf;
	28	ADD_STRING(target, "; CLIENT-SUBNET: ");
	29	- render_ecs(&optbuf, target);
	30	- ADD_STRING(target, "\n");
	31	+ isc_buffer_init(&ecsbuf,
	32	+ isc_buffer_current(&optbuf),
	33	+ optlen);
	34	+ isc_buffer_add(&ecsbuf, optlen);
	35	+ result = render_ecs(&ecsbuf, target);
	36	+ if (result == ISC_R_NOSPACE)
	37	+ return (result);
	38	+ if (result == ISC_R_SUCCESS) {
	39	+ isc_buffer_forward(&optbuf, optlen);
	40	+ ADD_STRING(target, "\n");
	41	+ }
	42	continue;
	43	} else if (optcode == DNS_OPT_EXPIRE) {
	44	if (optlen == 4) {