diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | 48 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000000..d3b89884b5 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | commit ea75187b4a656477f1f50ecc407e3352614a06f8 | ||
2 | Author: Mark Andrews <marka@isc.org> | ||
3 | Date: Thu Dec 31 13:43:21 2015 +1100 | ||
4 | |||
5 | 4285. [security] Specific APL data could trigger a INSIST. | ||
6 | (CVE-2015-8704) [RT #41396] | ||
7 | |||
8 | (cherry picked from commit 1b3d21180244529f0099894fe9d29beb3f11efb3) | ||
9 | |||
10 | Fixes: CVE-2015-8704 | ||
11 | Upstream Status: Backport from bind 9.9.8: | ||
12 | [ea75187b4a656477f1f50ecc407e3352614a06f8] | ||
13 | |||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | --- | ||
16 | diff -ruN a/CHANGES b/CHANGES | ||
17 | --- a/CHANGES 2016-01-20 08:25:33.023218819 +0100 | ||
18 | +++ b/CHANGES 2016-01-20 08:38:22.270736131 +0100 | ||
19 | @@ -1,5 +1,8 @@ | ||
20 | --- 9.9.6-P2 released --- | ||
21 | |||
22 | +4285. [security] Specific APL data could trigger a INSIST. | ||
23 | + (CVE-2015-8704) [RT #41396] | ||
24 | + | ||
25 | 4053. [security] Revoking a managed trust anchor and supplying | ||
26 | an untrusted replacement could cause named | ||
27 | to crash with an assertion failure. | ||
28 | diff -ruN a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c | ||
29 | --- a/lib/dns/rdata/in_1/apl_42.c 2016-01-20 08:36:01.580676442 +0100 | ||
30 | +++ b/lib/dns/rdata/in_1/apl_42.c 2016-01-20 08:37:18.149443474 +0100 | ||
31 | @@ -116,7 +116,7 @@ | ||
32 | isc_uint8_t len; | ||
33 | isc_boolean_t neg; | ||
34 | unsigned char buf[16]; | ||
35 | - char txt[sizeof(" !64000")]; | ||
36 | + char txt[sizeof(" !64000:")]; | ||
37 | const char *sep = ""; | ||
38 | int n; | ||
39 | |||
40 | @@ -140,7 +140,7 @@ | ||
41 | isc_region_consume(&sr, 1); | ||
42 | INSIST(len <= sr.length); | ||
43 | n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, | ||
44 | - neg ? "!": "", afi); | ||
45 | + neg ? "!" : "", afi); | ||
46 | INSIST(n < (int)sizeof(txt)); | ||
47 | RETERR(str_totext(txt, target)); | ||
48 | switch (afi) { | ||
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index d416a3ec0e..53954c40ee 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb | |||
@@ -19,6 +19,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ | |||
19 | file://CVE-2015-4620.patch \ | 19 | file://CVE-2015-4620.patch \ |
20 | file://CVE-2015-5722.patch \ | 20 | file://CVE-2015-5722.patch \ |
21 | file://CVE-2015-8000.patch \ | 21 | file://CVE-2015-8000.patch \ |
22 | file://CVE-2015-8704.patch \ | ||
22 | " | 23 | " |
23 | 24 | ||
24 | SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" | 25 | SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" |