From 05956671a250e7664593e136d1d60cc2df36e245 Mon Sep 17 00:00:00 2001 From: Roy Li Date: Mon, 4 May 2015 16:43:39 +0800 Subject: bind: upgrade to 9.10.2 1. Remove two unneeded CVE patches, 9.10.2 fixed the CVE-2015-1349 also 2. Remove bind-subdirs-run-serially.patch and cross-build-fix.patch, similar fixes are merged into 9.10.2 3. update the dont-test-on-host.patch 4. update the Copyright file checksum, since the date in it has been changed. 5. replace the hardcode lib dir with $base_libdir in bind-add-crosscripts*.patch (From OE-Core rev: 41d53f0139a9cb29679dbcaaab8311a1364c65f4) Signed-off-by: Roy Li Signed-off-by: Richard Purdie --- .../bind/bind/bind-CVE-2012-3817.patch | 40 ---------------------- 1 file changed, 40 deletions(-) delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch') diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch deleted file mode 100644 index 1e159bd2f8..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch +++ /dev/null @@ -1,40 +0,0 @@ -bind: fix for CVE-2012-3817 - -Upstream-Status: Backport - -ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; -9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation -is enabled, does not properly initialize the failing-query cache, which allows -remote attackers to cause a denial of service (assertion failure and daemon exit) -by sending many queries. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 - -This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package. - -Signed-off-by: Ming Liu ---- - resolver.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t - goto cleanup; - bad->type = type; - bad->hashval = hashval; -+ bad->expire = *expire; - isc_buffer_init(&buffer, bad + 1, name->length); - dns_name_init(&bad->name, NULL); - dns_name_copy(name, &bad->name, &buffer); -@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t - if (resolver->badcount < resolver->badhash * 2 && - resolver->badhash > DNS_BADCACHE_SIZE) - resizehash(resolver, &now, ISC_FALSE); -- } -- bad->expire = *expire; -+ } else -+ bad->expire = *expire; - cleanup: - UNLOCK(&resolver->lock); - } -- cgit v1.2.3-54-g00ecf