summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-04-24 18:10:36 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-09 14:37:28 +0100
commit6b9d2edd7d64c00584d1bade8bf8cbe0036053c4 (patch)
tree139d3982f55be36787ac60a50afacd1d117bcbd9 /meta/recipes-connectivity
parented3115be57558ce5fe0b42a6ce1b93565c70d05f (diff)
downloadpoky-6b9d2edd7d64c00584d1bade8bf8cbe0036053c4.tar.gz
bind: CVE-2016-1285 CVE-2016-1286
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=e7e15d1302b26a96fa0a5307d6f2cb0d8ad4ea63 CVE-2016-1286: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=499952eb459c9a41d2092f1d98899c131f9103b2 (From OE-Core rev: e8bc043f871e507542955ad28de74f67afa9bc36) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch138
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch79
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch318
-rw-r--r--meta/recipes-connectivity/bind/bind_9.10.2-P4.bb3
4 files changed, 538 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
new file mode 100644
index 0000000000..f73f6421c3
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
@@ -0,0 +1,138 @@
1From e7e15d1302b26a96fa0a5307d6f2cb0d8ad4ea63 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Thu, 18 Feb 2016 12:11:27 +1100
4Subject: [PATCH] 4318. [security] Malformed control messages can
5trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
6
7(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
8
9Hand applied Changelog changes.
10
11CVE: CVE-2016-1285
12Upstream-Status: Backport
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16diff -ruN a/bin/named/control.c b/bin/named/control.c
17--- a/bin/named/control.c 2015-08-15 02:28:49.000000000 +0200
18+++ b/bin/named/control.c 2016-04-11 09:38:20.940827528 +0200
19@@ -69,7 +69,7 @@
20 #endif
21
22 data = isccc_alist_lookup(message, "_data");
23- if (data == NULL) {
24+ if (!isccc_alist_alistp(data)) {
25 /*
26 * No data section.
27 */
28diff -ruN a/bin/named/controlconf.c b/bin/named/controlconf.c
29--- a/bin/named/controlconf.c 2015-08-15 02:28:49.000000000 +0200
30+++ b/bin/named/controlconf.c 2016-04-11 09:38:20.944827355 +0200
31@@ -402,7 +402,7 @@
32 * Limit exposure to replay attacks.
33 */
34 _ctrl = isccc_alist_lookup(request, "_ctrl");
35- if (_ctrl == NULL) {
36+ if (!isccc_alist_alistp(_ctrl)) {
37 log_invalid(&conn->ccmsg, ISC_R_FAILURE);
38 goto cleanup_request;
39 }
40diff -ruN a/bin/rndc/rndc.c b/bin/rndc/rndc.c
41--- a/bin/rndc/rndc.c 2015-08-15 02:28:49.000000000 +0200
42+++ b/bin/rndc/rndc.c 2016-04-11 09:38:20.944827355 +0200
43@@ -254,8 +254,8 @@
44 isccc_cc_fromwire(&source, &response, algorithm, &secret));
45
46 data = isccc_alist_lookup(response, "_data");
47- if (data == NULL)
48- fatal("no data section in response");
49+ if (!isccc_alist_alistp(data))
50+ fatal("bad or missing data section in response");
51 result = isccc_cc_lookupstring(data, "err", &errormsg);
52 if (result == ISC_R_SUCCESS) {
53 failed = ISC_TRUE;
54@@ -320,8 +320,8 @@
55 isccc_cc_fromwire(&source, &response, algorithm, &secret));
56
57 _ctrl = isccc_alist_lookup(response, "_ctrl");
58- if (_ctrl == NULL)
59- fatal("_ctrl section missing");
60+ if (!isccc_alist_alistp(_ctrl))
61+ fatal("bad or missing ctrl section in response");
62 nonce = 0;
63 if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
64 nonce = 0;
65diff -ruN a/CHANGES b/CHANGES
66--- a/CHANGES 2016-04-11 09:36:08.546578759 +0200
67+++ b/CHANGES 2016-04-11 09:39:59.356552273 +0200
68@@ -1,3 +1,6 @@
69+4318. [security] Malformed control messages can trigger assertions
70+ in named and rndc. (CVE-2016-1285) [RT #41666]
71+
72 4146. [bug] Address reference leak that could prevent a clean
73 shutdown. [RT #37125]
74
75diff -ruN a/lib/isccc/cc.c b/lib/isccc/cc.c
76--- a/lib/isccc/cc.c 2015-08-15 02:28:49.000000000 +0200
77+++ b/lib/isccc/cc.c 2016-04-11 09:38:20.944827355 +0200
78@@ -403,13 +403,13 @@
79 * Extract digest.
80 */
81 _auth = isccc_alist_lookup(alist, "_auth");
82- if (_auth == NULL)
83+ if (!isccc_alist_alistp(_auth))
84 return (ISC_R_FAILURE);
85 if (algorithm == ISCCC_ALG_HMACMD5)
86 hmac = isccc_alist_lookup(_auth, "hmd5");
87 else
88 hmac = isccc_alist_lookup(_auth, "hsha");
89- if (hmac == NULL)
90+ if (!isccc_sexpr_binaryp(hmac))
91 return (ISC_R_FAILURE);
92 /*
93 * Compute digest.
94@@ -728,7 +728,7 @@
95 REQUIRE(ackp != NULL && *ackp == NULL);
96
97 _ctrl = isccc_alist_lookup(message, "_ctrl");
98- if (_ctrl == NULL ||
99+ if (!isccc_alist_alistp(_ctrl) ||
100 isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
101 isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
102 return (ISC_R_FAILURE);
103@@ -773,7 +773,7 @@
104 isccc_sexpr_t *_ctrl;
105
106 _ctrl = isccc_alist_lookup(message, "_ctrl");
107- if (_ctrl == NULL)
108+ if (!isccc_alist_alistp(_ctrl))
109 return (ISC_FALSE);
110 if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
111 return (ISC_TRUE);
112@@ -786,7 +786,7 @@
113 isccc_sexpr_t *_ctrl;
114
115 _ctrl = isccc_alist_lookup(message, "_ctrl");
116- if (_ctrl == NULL)
117+ if (!isccc_alist_alistp(_ctrl))
118 return (ISC_FALSE);
119 if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
120 return (ISC_TRUE);
121@@ -806,7 +806,7 @@
122
123 _ctrl = isccc_alist_lookup(message, "_ctrl");
124 _data = isccc_alist_lookup(message, "_data");
125- if (_ctrl == NULL || _data == NULL ||
126+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
127 isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
128 isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
129 return (ISC_R_FAILURE);
130@@ -995,7 +995,7 @@
131 isccc_sexpr_t *_ctrl;
132
133 _ctrl = isccc_alist_lookup(message, "_ctrl");
134- if (_ctrl == NULL ||
135+ if (!isccc_alist_alistp(_ctrl) ||
136 isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
137 isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
138 return (ISC_R_FAILURE);
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
new file mode 100644
index 0000000000..5002147f1a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
@@ -0,0 +1,79 @@
1From 456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3 Mon Sep 17 00:00:00 2001
2From: Mukund Sivaraman <muks@isc.org>
3Date: Mon, 22 Feb 2016 12:22:43 +0530
4Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
5 (CVE-2016-1286) (#41753)
6
7(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
8
9Hand applied Changelog changes.
10
11CVE: CVE-2016-1286
12Upstream-Status: Backport
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16diff -ruN a/CHANGES b/CHANGES
17--- a/CHANGES 2016-04-11 09:46:42.075057394 +0200
18+++ b/CHANGES 2016-04-11 09:44:21.857148819 +0200
19@@ -1,3 +1,7 @@
20+4319. [security] Fix resolver assertion failure due to improper
21+ DNAME handling when parsing fetch reply messages.
22+ (CVE-2016-1286) [RT #41753]
23+
24 4318. [security] Malformed control messages can trigger assertions
25 in named and rndc. (CVE-2016-1285) [RT #41666]
26
27diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
28--- a/lib/dns/resolver.c 2016-04-11 09:36:08.550578585 +0200
29+++ b/lib/dns/resolver.c 2016-04-11 09:43:23.091701714 +0200
30@@ -6634,21 +6634,26 @@
31 isc_boolean_t found_dname = ISC_FALSE;
32 dns_name_t *dname_name;
33
34+ /*
35+ * Only pass DNAME or RRSIG(DNAME).
36+ */
37+ if (rdataset->type != dns_rdatatype_dname &&
38+ (rdataset->type != dns_rdatatype_rrsig ||
39+ rdataset->covers != dns_rdatatype_dname))
40+ continue;
41+
42+ /*
43+ * If we're not chaining, then the DNAME and
44+ * its signature should not be external.
45+ */
46+ if (!chaining && external) {
47+ log_formerr(fctx, "external DNAME");
48+ return (DNS_R_FORMERR);
49+ }
50+
51 found = ISC_FALSE;
52 aflag = 0;
53 if (rdataset->type == dns_rdatatype_dname) {
54- /*
55- * We're looking for something else,
56- * but we found a DNAME.
57- *
58- * If we're not chaining, then the
59- * DNAME should not be external.
60- */
61- if (!chaining && external) {
62- log_formerr(fctx,
63- "external DNAME");
64- return (DNS_R_FORMERR);
65- }
66 found = ISC_TRUE;
67 want_chaining = ISC_TRUE;
68 POST(want_chaining);
69@@ -6677,9 +6682,7 @@
70 &fctx->domain)) {
71 return (DNS_R_SERVFAIL);
72 }
73- } else if (rdataset->type == dns_rdatatype_rrsig
74- && rdataset->covers ==
75- dns_rdatatype_dname) {
76+ } else {
77 /*
78 * We've found a signature that
79 * covers the DNAME.
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
new file mode 100644
index 0000000000..3ca76b9977
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
@@ -0,0 +1,318 @@
1From 499952eb459c9a41d2092f1d98899c131f9103b2 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Mon, 29 Feb 2016 07:16:48 +1100
4Subject: [PATCH] Part 2 of: 4319.[security] Fix resolver assertion
5failure due to improper DNAME handling when parsing fetch reply messages.
6(CVE-2016-1286) [RT #41753]
7
8(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
9
10CVE: CVE-2016-1286 [part 2]
11Upstream-Status: Backport
12
13Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
14---
15 lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
16 1 file changed, 93 insertions(+), 99 deletions(-)
17
18diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
19index 23d636b..fbc0af0 100644
20--- a/lib/dns/resolver.c
21+++ b/lib/dns/resolver.c
22@@ -6088,14 +6088,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
23 }
24
25 static inline isc_result_t
26-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
27- dns_name_t *oname, dns_fixedname_t *fixeddname)
28+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
29+ unsigned int nlabels, dns_fixedname_t *fixeddname)
30 {
31 isc_result_t result;
32 dns_rdata_t rdata = DNS_RDATA_INIT;
33- unsigned int nlabels;
34- int order;
35- dns_namereln_t namereln;
36 dns_rdata_dname_t dname;
37 dns_fixedname_t prefix;
38
39@@ -6110,21 +6107,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
40 if (result != ISC_R_SUCCESS)
41 return (result);
42
43- /*
44- * Get the prefix of qname.
45- */
46- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
47- if (namereln != dns_namereln_subdomain) {
48- char qbuf[DNS_NAME_FORMATSIZE];
49- char obuf[DNS_NAME_FORMATSIZE];
50-
51- dns_rdata_freestruct(&dname);
52- dns_name_format(qname, qbuf, sizeof(qbuf));
53- dns_name_format(oname, obuf, sizeof(obuf));
54- log_formerr(fctx, "unrelated DNAME in answer: "
55- "%s is not in %s", qbuf, obuf);
56- return (DNS_R_FORMERR);
57- }
58 dns_fixedname_init(&prefix);
59 dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
60 dns_fixedname_init(fixeddname);
61@@ -6750,13 +6732,13 @@ static isc_result_t
62 answer_response(fetchctx_t *fctx) {
63 isc_result_t result;
64 dns_message_t *message;
65- dns_name_t *name, *qname, tname, *ns_name;
66+ dns_name_t *name, *dname, *qname, tname, *ns_name;
67 dns_rdataset_t *rdataset, *ns_rdataset;
68 isc_boolean_t done, external, chaining, aa, found, want_chaining;
69 isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
70 unsigned int aflag;
71 dns_rdatatype_t type;
72- dns_fixedname_t dname, fqname;
73+ dns_fixedname_t fdname, fqname;
74 dns_view_t *view;
75
76 FCTXTRACE("answer_response");
77@@ -6784,10 +6766,15 @@ answer_response(fetchctx_t *fctx) {
78 view = fctx->res->view;
79 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
80 while (!done && result == ISC_R_SUCCESS) {
81+ dns_namereln_t namereln;
82+ int order;
83+ unsigned int nlabels;
84+
85 name = NULL;
86 dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
87 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
88- if (dns_name_equal(name, qname)) {
89+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
90+ if (namereln == dns_namereln_equal) {
91 wanted_chaining = ISC_FALSE;
92 for (rdataset = ISC_LIST_HEAD(name->list);
93 rdataset != NULL;
94@@ -6912,10 +6899,11 @@ answer_response(fetchctx_t *fctx) {
95 */
96 INSIST(!external);
97 if (aflag ==
98- DNS_RDATASETATTR_ANSWER)
99+ DNS_RDATASETATTR_ANSWER) {
100 have_answer = ISC_TRUE;
101- name->attributes |=
102- DNS_NAMEATTR_ANSWER;
103+ name->attributes |=
104+ DNS_NAMEATTR_ANSWER;
105+ }
106 rdataset->attributes |= aflag;
107 if (aa)
108 rdataset->trust =
109@@ -6970,6 +6958,8 @@ answer_response(fetchctx_t *fctx) {
110 if (wanted_chaining)
111 chaining = ISC_TRUE;
112 } else {
113+ dns_rdataset_t *dnameset = NULL;
114+
115 /*
116 * Look for a DNAME (or its SIG). Anything else is
117 * ignored.
118@@ -6977,10 +6967,8 @@ answer_response(fetchctx_t *fctx) {
119 wanted_chaining = ISC_FALSE;
120 for (rdataset = ISC_LIST_HEAD(name->list);
121 rdataset != NULL;
122- rdataset = ISC_LIST_NEXT(rdataset, link)) {
123- isc_boolean_t found_dname = ISC_FALSE;
124- dns_name_t *dname_name;
125-
126+ rdataset = ISC_LIST_NEXT(rdataset, link))
127+ {
128 /*
129 * Only pass DNAME or RRSIG(DNAME).
130 */
131@@ -6994,20 +6982,41 @@ answer_response(fetchctx_t *fctx) {
132 * its signature should not be external.
133 */
134 if (!chaining && external) {
135- log_formerr(fctx, "external DNAME");
136+ char qbuf[DNS_NAME_FORMATSIZE];
137+ char obuf[DNS_NAME_FORMATSIZE];
138+
139+ dns_name_format(name, qbuf,
140+ sizeof(qbuf));
141+ dns_name_format(&fctx->domain, obuf,
142+ sizeof(obuf));
143+ log_formerr(fctx, "external DNAME or "
144+ "RRSIG covering DNAME "
145+ "in answer: %s is "
146+ "not in %s", qbuf, obuf);
147+ return (DNS_R_FORMERR);
148+ }
149+
150+ if (namereln != dns_namereln_subdomain) {
151+ char qbuf[DNS_NAME_FORMATSIZE];
152+ char obuf[DNS_NAME_FORMATSIZE];
153+
154+ dns_name_format(qname, qbuf,
155+ sizeof(qbuf));
156+ dns_name_format(name, obuf,
157+ sizeof(obuf));
158+ log_formerr(fctx, "unrelated DNAME "
159+ "in answer: %s is "
160+ "not in %s", qbuf, obuf);
161 return (DNS_R_FORMERR);
162 }
163
164- found = ISC_FALSE;
165 aflag = 0;
166 if (rdataset->type == dns_rdatatype_dname) {
167- found = ISC_TRUE;
168 want_chaining = ISC_TRUE;
169 POST(want_chaining);
170 aflag = DNS_RDATASETATTR_ANSWER;
171- result = dname_target(fctx, rdataset,
172- qname, name,
173- &dname);
174+ result = dname_target(rdataset, qname,
175+ nlabels, &fdname);
176 if (result == ISC_R_NOSPACE) {
177 /*
178 * We can't construct the
179@@ -7019,14 +7028,12 @@ answer_response(fetchctx_t *fctx) {
180 } else if (result != ISC_R_SUCCESS)
181 return (result);
182 else
183- found_dname = ISC_TRUE;
184+ dnameset = rdataset;
185
186- dname_name = dns_fixedname_name(&dname);
187+ dname = dns_fixedname_name(&fdname);
188 if (!is_answertarget_allowed(view,
189- qname,
190- rdataset->type,
191- dname_name,
192- &fctx->domain)) {
193+ qname, rdataset->type,
194+ dname, &fctx->domain)) {
195 return (DNS_R_SERVFAIL);
196 }
197 } else {
198@@ -7034,73 +7041,60 @@ answer_response(fetchctx_t *fctx) {
199 * We've found a signature that
200 * covers the DNAME.
201 */
202- found = ISC_TRUE;
203 aflag = DNS_RDATASETATTR_ANSWERSIG;
204 }
205
206- if (found) {
207+ /*
208+ * We've found an answer to our
209+ * question.
210+ */
211+ name->attributes |= DNS_NAMEATTR_CACHE;
212+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
213+ rdataset->trust = dns_trust_answer;
214+ if (!chaining) {
215 /*
216- * We've found an answer to our
217- * question.
218+ * This data is "the" answer to
219+ * our question only if we're
220+ * not chaining.
221 */
222- name->attributes |=
223- DNS_NAMEATTR_CACHE;
224- rdataset->attributes |=
225- DNS_RDATASETATTR_CACHE;
226- rdataset->trust = dns_trust_answer;
227- if (!chaining) {
228- /*
229- * This data is "the" answer
230- * to our question only if
231- * we're not chaining.
232- */
233- INSIST(!external);
234- if (aflag ==
235- DNS_RDATASETATTR_ANSWER)
236- have_answer = ISC_TRUE;
237+ INSIST(!external);
238+ if (aflag == DNS_RDATASETATTR_ANSWER) {
239+ have_answer = ISC_TRUE;
240 name->attributes |=
241 DNS_NAMEATTR_ANSWER;
242- rdataset->attributes |= aflag;
243- if (aa)
244- rdataset->trust =
245- dns_trust_authanswer;
246- } else if (external) {
247- rdataset->attributes |=
248- DNS_RDATASETATTR_EXTERNAL;
249- }
250-
251- /*
252- * DNAME chaining.
253- */
254- if (found_dname) {
255- /*
256- * Copy the dname into the
257- * qname fixed name.
258- *
259- * Although we check for
260- * failure of the copy
261- * operation, in practice it
262- * should never fail since
263- * we already know that the
264- * result fits in a fixedname.
265- */
266- dns_fixedname_init(&fqname);
267- result = dns_name_copy(
268- dns_fixedname_name(&dname),
269- dns_fixedname_name(&fqname),
270- NULL);
271- if (result != ISC_R_SUCCESS)
272- return (result);
273- wanted_chaining = ISC_TRUE;
274- name->attributes |=
275- DNS_NAMEATTR_CHAINING;
276- rdataset->attributes |=
277- DNS_RDATASETATTR_CHAINING;
278- qname = dns_fixedname_name(
279- &fqname);
280 }
281+ rdataset->attributes |= aflag;
282+ if (aa)
283+ rdataset->trust =
284+ dns_trust_authanswer;
285+ } else if (external) {
286+ rdataset->attributes |=
287+ DNS_RDATASETATTR_EXTERNAL;
288 }
289 }
290+
291+ /*
292+ * DNAME chaining.
293+ */
294+ if (dnameset != NULL) {
295+ /*
296+ * Copy the dname into the qname fixed name.
297+ *
298+ * Although we check for failure of the copy
299+ * operation, in practice it should never fail
300+ * since we already know that the result fits
301+ * in a fixedname.
302+ */
303+ dns_fixedname_init(&fqname);
304+ qname = dns_fixedname_name(&fqname);
305+ result = dns_name_copy(dname, qname, NULL);
306+ if (result != ISC_R_SUCCESS)
307+ return (result);
308+ wanted_chaining = ISC_TRUE;
309+ name->attributes |= DNS_NAMEATTR_CHAINING;
310+ dnameset->attributes |=
311+ DNS_RDATASETATTR_CHAINING;
312+ }
313 if (wanted_chaining)
314 chaining = ISC_TRUE;
315 }
316--
3171.9.1
318
diff --git a/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb b/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
index 19f87d7934..f1951a0a57 100644
--- a/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
@@ -25,6 +25,9 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
25 file://CVE-2015-8705.patch \ 25 file://CVE-2015-8705.patch \
26 file://CVE-2015-8000.patch \ 26 file://CVE-2015-8000.patch \
27 file://CVE-2015-8461.patch \ 27 file://CVE-2015-8461.patch \
28 file://CVE-2016-1285.patch \
29 file://CVE-2016-1286_1.patch \
30 file://CVE-2016-1286_2.patch \
28 " 31 "
29 32
30SRC_URI[md5sum] = "8b1f5064837756c938eadc1537dec5c7" 33SRC_URI[md5sum] = "8b1f5064837756c938eadc1537dec5c7"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 22:10:33 +0000