From 39bd94a290365468b98d4bd811a85871ae1f4b08 Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Mon, 27 Apr 2015 20:43:24 -0700 Subject: bind: remove 5 backport patches They are backport patches, and verified that the patches are in the source. (From OE-Core rev: 6e4a10ab030c192e2437592538e4713b1ee2032b) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- .../bind/bind/bind-CVE-2011-4313.patch | 89 ---------------------- 1 file changed, 89 deletions(-) delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch') diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch deleted file mode 100644 index 19d8df1c2d..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch +++ /dev/null @@ -1,89 +0,0 @@ -The patch to fix CVE-2011-4313 - -Upstream-Status: Backport - -Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html - -query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV -through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 -through 9.9.0b1 allows remote attackers to cause a denial of service -(assertion failure and named exit) via unknown vectors related to recursive DNS -queries, error logging, and the caching of an invalid record by the resolver. - -Signed-off-by Ming Liu ---- - bin/named/query.c | 19 ++++++++----------- - lib/dns/rbtdb.c | 4 ++-- - 2 files changed, 10 insertions(+), 13 deletions(-) - ---- a/bin/named/query.c -+++ b/bin/named/query.c -@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ - goto addname; - if (result == DNS_R_NCACHENXRRSET) { - dns_rdataset_disassociate(rdataset); -- /* -- * Negative cache entries don't have sigrdatasets. -- */ -- INSIST(sigrdataset == NULL || -- ! dns_rdataset_isassociated(sigrdataset)); -+ if (sigrdataset != NULL && -+ dns_rdataset_isassociated(sigrdataset)) -+ dns_rdataset_disassociate(sigrdataset); - } - if (result == ISC_R_SUCCESS) { - mname = NULL; -@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ - goto addname; - if (result == DNS_R_NCACHENXRRSET) { - dns_rdataset_disassociate(rdataset); -- INSIST(sigrdataset == NULL || -- ! dns_rdataset_isassociated(sigrdataset)); -+ if (sigrdataset != NULL && -+ dns_rdataset_isassociated(sigrdataset)) -+ dns_rdataset_disassociate(sigrdataset); - } - if (result == ISC_R_SUCCESS) { - mname = NULL; -@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name - goto setcache; - if (result == DNS_R_NCACHENXRRSET) { - dns_rdataset_disassociate(rdataset); -- /* -- * Negative cache entries don't have sigrdatasets. -- */ -- INSIST(! dns_rdataset_isassociated(sigrdataset)); -+ if (dns_rdataset_isassociated(sigrdataset)) -+ dns_rdataset_disassociate(sigrdataset); - } - if (result == ISC_R_SUCCESS) { - /* Remember the result as a cache */ ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam - rdataset); - if (need_headerupdate(found, search.now)) - update = found; -- if (foundsig != NULL) { -+ if (!NEGATIVE(found) && foundsig != NULL) { - bind_rdataset(search.rbtdb, node, foundsig, search.now, - sigrdataset); - if (need_headerupdate(foundsig, search.now)) -@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno - } - if (found != NULL) { - bind_rdataset(rbtdb, rbtnode, found, now, rdataset); -- if (foundsig != NULL) -+ if (!NEGATIVE(found) && foundsig != NULL) - bind_rdataset(rbtdb, rbtnode, foundsig, now, - sigrdataset); - } -@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn - } - if (found != NULL) { - bind_rdataset(rbtdb, rbtnode, found, now, rdataset); -- if (foundsig != NULL) -+ if (!NEGATIVE(found) && foundsig != NULL) - bind_rdataset(rbtdb, rbtnode, foundsig, now, - sigrdataset); - } -- cgit v1.2.3-54-g00ecf