5 files changed, 0 insertions, 482 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
deleted file mode 100644
index 0abb475adc..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-bind_Fix_for_CVE-2012-5166
-Upstream-Status: Backport
-Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
-ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
-9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
-remote attackers to cause a denial of service (named daemon hang)
-via unspecified combinations of resource records.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-diff -urpN a/bin/named/query.c b/bin/named/query.c
--- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800
-+++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800
-@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
-                mname = NULL;
-        }
- 
-       /*
-        * If the dns_name_t we're looking up is already in the message,
-        * we don't want to trigger the caller's name replacement logic.
-        */
-       if (name == mname)
-               mname = NULL;
-
-        *mnamep = mname;
- 
-        CTRACE("query_isduplicate: false: done");
-@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
-        if (dns_rdataset_isassociated(rdataset) &&
-            !query_isduplicate(client, fname, type, &mname)) {
-                if (mname != NULL) {
-+                       INSIST(mname != fname);
-                        query_releasename(client, &fname);
-                        fname = mname;
-                } else
-@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
-                        mname = NULL;
-                        if (!query_isduplicate(client, fname,
-                                               dns_rdatatype_a, &mname)) {
-                               if (mname != NULL) {
-                                       query_releasename(client, &fname);
-                                       fname = mname;
-                               } else
-                                       need_addname = ISC_TRUE;
-+                               if (mname != fname) {
-+                                       if (mname != NULL) {
-+                                               query_releasename(client, &fname);
-+                                               fname = mname;
-+                                       } else
-+                                               need_addname = ISC_TRUE;
-+                               }
-                                ISC_LIST_APPEND(fname->list, rdataset, link);
-                                added_something = ISC_TRUE;
-                                if (sigrdataset != NULL &&
-@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
-                        mname = NULL;
-                        if (!query_isduplicate(client, fname,
-                                               dns_rdatatype_aaaa, &mname)) {
-                               if (mname != NULL) {
-                                       query_releasename(client, &fname);
-                                       fname = mname;
-                               } else
-                                       need_addname = ISC_TRUE;
-+                               if (mname != fname) {
-+                                       if (mname != NULL) {
-+                                               query_releasename(client, &fname);
-+                                               fname = mname;
-+                                       } else
-+                                               need_addname = ISC_TRUE;
-+                               }
-                                ISC_LIST_APPEND(fname->list, rdataset, link);
-                                added_something = ISC_TRUE;
-                                if (sigrdataset != NULL &&
-@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
-                    crdataset->type == dns_rdatatype_aaaa) {
-                        if (!query_isduplicate(client, fname, crdataset->type,
-                                               &mname)) {
-                               if (mname != NULL) {
-                                       /*
-                                        * A different type of this name is
-                                        * already stored in the additional
-                                        * section.  We'll reuse the name.
-                                        * Note that this should happen at most
-                                        * once.  Otherwise, fname->link could
-                                        * leak below.
-                                        */
-                                       INSIST(mname0 == NULL);
-
-                                       query_releasename(client, &fname);
-                                       fname = mname;
-                                       mname0 = mname;
-                               } else
-                                       need_addname = ISC_TRUE;
-+                               if (mname != fname) {
-+                                       if (mname != NULL) {
-+                                               /*
-+                                                * A different type of this name is
-+                                                * already stored in the additional
-+                                                * section.  We'll reuse the name.
-+                                                * Note that this should happen at most
-+                                                * once.  Otherwise, fname->link could
-+                                                * leak below.
-+                                                */
-+                                               INSIST(mname0 == NULL);
-+
-+                                               query_releasename(client, &fname);
-+                                               fname = mname;
-+                                               mname0 = mname;
-+                                       } else
-+                                               need_addname = ISC_TRUE;
-+                               }
-                                ISC_LIST_UNLINK(cfname.list, crdataset, link);
-                                ISC_LIST_APPEND(fname->list, crdataset, link);
-                                added_something = ISC_TRUE;
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
deleted file mode 100644
index 19d8df1c2d..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-The patch to fix CVE-2011-4313
-Upstream-Status: Backport
-Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
-query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
-through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
-through 9.9.0b1 allows remote attackers to cause a denial of service
-(assertion failure and named exit) via unknown vectors related to recursive DNS
-queries, error logging, and the caching of an invalid record by the resolver.
-Signed-off-by Ming Liu <ming.liu@windriver.com>
---
- bin/named/query.c |   19 ++++++++-----------
- lib/dns/rbtdb.c   |    4 ++--
- 2 files changed, 10 insertions(+), 13 deletions(-)
--- a/bin/named/query.c
-+++ b/bin/named/query.c
-@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
-                        goto addname;
-                if (result == DNS_R_NCACHENXRRSET) {
-                        dns_rdataset_disassociate(rdataset);
-                       /*
-                        * Negative cache entries don't have sigrdatasets.
-                        */
-                       INSIST(sigrdataset == NULL ||
-                              ! dns_rdataset_isassociated(sigrdataset));
-+                       if (sigrdataset != NULL &&
-+                           dns_rdataset_isassociated(sigrdataset))
-+                               dns_rdataset_disassociate(sigrdataset);
-                }
-                if (result == ISC_R_SUCCESS) {
-                        mname = NULL;
-@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
-                        goto addname;
-                if (result == DNS_R_NCACHENXRRSET) {
-                        dns_rdataset_disassociate(rdataset);
-                       INSIST(sigrdataset == NULL ||
-                              ! dns_rdataset_isassociated(sigrdataset));
-+                       if (sigrdataset != NULL &&
-+                           dns_rdataset_isassociated(sigrdataset))
-+                               dns_rdataset_disassociate(sigrdataset);
-                }
-                if (result == ISC_R_SUCCESS) {
-                        mname = NULL;
-@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
-                goto setcache;
-        if (result == DNS_R_NCACHENXRRSET) {
-                dns_rdataset_disassociate(rdataset);
-               /*
-                * Negative cache entries don't have sigrdatasets.
-                */
-               INSIST(! dns_rdataset_isassociated(sigrdataset));
-+               if (dns_rdataset_isassociated(sigrdataset))
-+                       dns_rdataset_disassociate(sigrdataset);
-        }
-        if (result == ISC_R_SUCCESS) {
-                /* Remember the result as a cache */
--- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
-                              rdataset);
-                if (need_headerupdate(found, search.now))
-                        update = found;
-               if (foundsig != NULL) {
-+               if (!NEGATIVE(found) && foundsig != NULL) {
-                        bind_rdataset(search.rbtdb, node, foundsig, search.now,
-                                      sigrdataset);
-                        if (need_headerupdate(foundsig, search.now))
-@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
-        }
-        if (found != NULL) {
-                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-               if (foundsig != NULL)
-+               if (!NEGATIVE(found) && foundsig != NULL)
-                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
-                                      sigrdataset);
-        }
-@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
-        }
-        if (found != NULL) {
-                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-               if (foundsig != NULL)
-+               if (!NEGATIVE(found) && foundsig != NULL)
-                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
-                                      sigrdataset);
-        }
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
deleted file mode 100644
index c441eab65d..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-bind CVE-2012-1667
-Upstream-Status: Backport
-ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
-and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
-records with a zero-length RDATA section, which allows remote DNS servers to
-cause a denial of service (daemon crash or data corruption) or obtain
-sensitive information from process memory via a crafted record.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
-The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
-Signed-off-by: Li Wang <li.wang@windriver.com>
---
- lib/dns/rdata.c     |    8 ++++----
- lib/dns/rdataslab.c |   11 ++++++++---
- 2 files changed, 12 insertions(+), 7 deletions(-)
-diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
-index 063b1f6..9337a80 100644
--- a/lib/dns/rdata.c
-+++ b/lib/dns/rdata.c
-@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
- 
-        REQUIRE(rdata1 != NULL);
-        REQUIRE(rdata2 != NULL);
-       REQUIRE(rdata1->data != NULL);
-       REQUIRE(rdata2->data != NULL);
-+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
-+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
-        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
-        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
- 
-@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
- 
-        REQUIRE(rdata1 != NULL);
-        REQUIRE(rdata2 != NULL);
-       REQUIRE(rdata1->data != NULL);
-       REQUIRE(rdata2->data != NULL);
-+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
-+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
-        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
-        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
- 
-diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
-index a41f16f..ed13b30 100644
--- a/lib/dns/rdataslab.c
-+++ b/lib/dns/rdataslab.c
-@@ -125,6 +125,11 @@ isc_result_t
- dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
-                           isc_region_t *region, unsigned int reservelen)
- {
-+       /*
-+        * Use &removed as a sentinal pointer for duplicate
-+        * rdata as rdata.data == NULL is valid.
-+        */
-+       static unsigned char removed;
-        struct xrdata  *x;
-        unsigned char  *rawbuf;
- #if DNS_RDATASET_FIXED
-@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
-                INSIST(result == ISC_R_SUCCESS);
-                dns_rdata_init(&x[i].rdata);
-                dns_rdataset_current(rdataset, &x[i].rdata);
-+               INSIST(x[i].rdata.data != &removed);
- #if DNS_RDATASET_FIXED
-                x[i].order = i;
- #endif
-@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
-         */
-        for (i = 1; i < nalloc; i++) {
-                if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
-                       x[i-1].rdata.data = NULL;
-                       x[i-1].rdata.length = 0;
-+                       x[i-1].rdata.data = &removed;
- #if DNS_RDATASET_FIXED
-                        /*
-                         * Preserve the least order so A, B, A -> A, B
-@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- #endif
- 
-        for (i = 0; i < nalloc; i++) {
-               if (x[i].rdata.data == NULL)
-+               if (x[i].rdata.data == &removed)
-                        continue;
- #if DNS_RDATASET_FIXED
-                offsettable[x[i].order] = rawbuf - offsetbase;
-- 
-1.7.0.5
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
deleted file mode 100644
index 7ec6deb714..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-bind: fix for CVE-2013-2266
-Upstream-Status: Backport
-libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
-9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
-remote attackers to cause a denial of service (memory consumption) via a
-crafted regular expression, as demonstrated by a memory-exhaustion attack
-against a machine running a named process.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
-Signed-off-by Ming Liu <ming.liu@windriver.com>
---
- config.h.in  |    3 ---
- configure.in |    2 +-
- 2 files changed, 1 insertion(+), 4 deletions(-)
--- a/config.h.in
-+++ b/config.h.in
-@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
- /* Define if your OpenSSL version supports GOST. */
- #undef HAVE_OPENSSL_GOST
- 
-/* Define to 1 if you have the <regex.h> header file. */
-#undef HAVE_REGEX_H
-
- /* Define to 1 if you have the `setegid' function. */
- #undef HAVE_SETEGID
- 
--- a/configure.in
-+++ b/configure.in
-@@ -279,7 +279,7 @@ esac
- 
- AC_HEADER_STDC
- 
-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
-+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
- [$ac_includes_default
- #ifdef HAVE_SYS_PARAM_H
- # include <sys/param.h>
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
deleted file mode 100644
index 5dd6f69e45..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-bind_Fix_for_CVE-2012-4244
-Upstream-Status: Backport
-Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
-ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
- and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
-cause a denial of service (assertion failure and named daemon exit) via
-a query for a long resource record.
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
--- a/lib/dns/include/dns/rdata.h       2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/include/dns/rdata.h       2012-10-08 11:26:43.000000000 +0800
-@@ -147,6 +147,17 @@ struct dns_rdata {
-        (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
- 
- /*
-+ * The maximum length of a RDATA that can be sent on the wire.
-+ * Max packet size (65535) less header (12), less name (1), type (2),
-+ * class (2), ttl(4), length (2).
-+ *
-+ * None of the defined types that support name compression can exceed
-+ * this and all new types are to be sent uncompressed.
-+ */
-+
-+#define DNS_RDATA_MAXLENGTH    65512U
-+
-+/*
-  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
-  * are used by masterfile-level formatting and defined elsewhere.
-  * See additional comments at dns_rdata_tofmttext().
-diff -urpN a/lib/dns/master.c b/lib/dns/master.c
--- a/lib/dns/master.c  2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/master.c  2012-10-08 11:27:06.000000000 +0800
-@@ -75,7 +75,7 @@
- /*%
-  * max message size - header - root - type - class - ttl - rdlen
-  */
-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
-+#define MINTSIZ DNS_RDATA_MAXLENGTH 
- /*%
-  * Size for tokens in the presentation format,
-  * The largest tokens are the base64 blocks in KEY and CERT records,
-diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
--- a/lib/dns/rdata.c   2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/rdata.c   2012-10-08 11:27:27.000000000 +0800
-@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
-        isc_buffer_t st;
-        isc_boolean_t use_default = ISC_FALSE;
-        isc_uint32_t activelength;
-+       size_t length;
- 
-        REQUIRE(dctx != NULL);
-        if (rdata != NULL) {
-@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
-        }
- 
-        /*
-+        * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
-+        * as we cannot transmit it.
-+        */
-+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+               result = DNS_R_FORMERR;
-+
-+       /*
-         * We should have consumed all of our buffer.
-         */
-        if (result == ISC_R_SUCCESS && !buffer_empty(source))
-@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 
-        if (rdata != NULL && result == ISC_R_SUCCESS) {
-                region.base = isc_buffer_used(&st);
-               region.length = isc_buffer_usedlength(target) -
-                               isc_buffer_usedlength(&st);
-+               region.length = length;
-                dns_rdata_fromregion(rdata, rdclass, type, &region);
-        }
- 
-@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
-        unsigned long line;
-        void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
-        isc_result_t tresult;
-+       size_t length;
- 
-        REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
-        if (rdata != NULL) {
-@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
-                }
-        } while (1);
- 
-+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+               result = ISC_R_NOSPACE;
-+
-        if (rdata != NULL && result == ISC_R_SUCCESS) {
-                region.base = isc_buffer_used(&st);
-               region.length = isc_buffer_usedlength(target) -
-                               isc_buffer_usedlength(&st);
-+               region.length = length;
-                dns_rdata_fromregion(rdata, rdclass, type, &region);
-        }
-        if (result != ISC_R_SUCCESS) {
-@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
-        isc_buffer_t st;
-        isc_region_t region;
-        isc_boolean_t use_default = ISC_FALSE;
-+       size_t length;
- 
-        REQUIRE(source != NULL);
-        if (rdata != NULL) {
-@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
-        if (use_default)
-                (void)NULL;
- 
-+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+               result = ISC_R_NOSPACE;
-+
-        if (rdata != NULL && result == ISC_R_SUCCESS) {
-                region.base = isc_buffer_used(&st);
-               region.length = isc_buffer_usedlength(target) -
-                               isc_buffer_usedlength(&st);
-+               region.length = length;
-                dns_rdata_fromregion(rdata, rdclass, type, &region);
-        }
-        if (result != ISC_R_SUCCESS)
-diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
--- a/lib/dns/rdataslab.c       2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/rdataslab.c       2012-10-08 11:27:54.000000000 +0800
-@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
-                length = x[i].rdata.length;
-                if (rdataset->type == dns_rdatatype_rrsig)
-                        length++;
-+               INSIST(length <= 0xffff);
-                *rawbuf++ = (length & 0xff00) >> 8;
-                *rawbuf++ = (length & 0x00ff);
- #if DNS_RDATASET_FIXED

diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch deleted file mode 100644 index 0abb475adc..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch +++ /dev/null
@@ -1,119 +0,0 @@
1	bind_Fix_for_CVE-2012-5166
2
3	Upstream-Status: Backport
4
5	Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
6	-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
7
8	ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
9	9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
10	remote attackers to cause a denial of service (named daemon hang)
11	via unspecified combinations of resource records.
12
13	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
14
15	Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
16	diff -urpN a/bin/named/query.c b/bin/named/query.c
17	--- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800
18	+++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800
19	@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
20	mname = NULL;
21	}
22
23	- /*
24	- * If the dns_name_t we're looking up is already in the message,
25	- * we don't want to trigger the caller's name replacement logic.
26	- */
27	- if (name == mname)
28	- mname = NULL;
29	-
30	*mnamep = mname;
31
32	CTRACE("query_isduplicate: false: done");
33	@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
34	if (dns_rdataset_isassociated(rdataset) &&
35	!query_isduplicate(client, fname, type, &mname)) {
36	if (mname != NULL) {
37	+ INSIST(mname != fname);
38	query_releasename(client, &fname);
39	fname = mname;
40	} else
41	@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
42	mname = NULL;
43	if (!query_isduplicate(client, fname,
44	dns_rdatatype_a, &mname)) {
45	- if (mname != NULL) {
46	- query_releasename(client, &fname);
47	- fname = mname;
48	- } else
49	- need_addname = ISC_TRUE;
50	+ if (mname != fname) {
51	+ if (mname != NULL) {
52	+ query_releasename(client, &fname);
53	+ fname = mname;
54	+ } else
55	+ need_addname = ISC_TRUE;
56	+ }
57	ISC_LIST_APPEND(fname->list, rdataset, link);
58	added_something = ISC_TRUE;
59	if (sigrdataset != NULL &&
60	@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
61	mname = NULL;
62	if (!query_isduplicate(client, fname,
63	dns_rdatatype_aaaa, &mname)) {
64	- if (mname != NULL) {
65	- query_releasename(client, &fname);
66	- fname = mname;
67	- } else
68	- need_addname = ISC_TRUE;
69	+ if (mname != fname) {
70	+ if (mname != NULL) {
71	+ query_releasename(client, &fname);
72	+ fname = mname;
73	+ } else
74	+ need_addname = ISC_TRUE;
75	+ }
76	ISC_LIST_APPEND(fname->list, rdataset, link);
77	added_something = ISC_TRUE;
78	if (sigrdataset != NULL &&
79	@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
80	crdataset->type == dns_rdatatype_aaaa) {
81	if (!query_isduplicate(client, fname, crdataset->type,
82	&mname)) {
83	- if (mname != NULL) {
84	- /*
85	- * A different type of this name is
86	- * already stored in the additional
87	- * section. We'll reuse the name.
88	- * Note that this should happen at most
89	- * once. Otherwise, fname->link could
90	- * leak below.
91	- */
92	- INSIST(mname0 == NULL);
93	-
94	- query_releasename(client, &fname);
95	- fname = mname;
96	- mname0 = mname;
97	- } else
98	- need_addname = ISC_TRUE;
99	+ if (mname != fname) {
100	+ if (mname != NULL) {
101	+ /*
102	+ * A different type of this name is
103	+ * already stored in the additional
104	+ * section. We'll reuse the name.
105	+ * Note that this should happen at most
106	+ * once. Otherwise, fname->link could
107	+ * leak below.
108	+ */
109	+ INSIST(mname0 == NULL);
110	+
111	+ query_releasename(client, &fname);
112	+ fname = mname;
113	+ mname0 = mname;
114	+ } else
115	+ need_addname = ISC_TRUE;
116	+ }
117	ISC_LIST_UNLINK(cfname.list, crdataset, link);
118	ISC_LIST_APPEND(fname->list, crdataset, link);
119	added_something = ISC_TRUE;


diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch deleted file mode 100644 index 19d8df1c2d..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch +++ /dev/null
@@ -1,89 +0,0 @@
1	The patch to fix CVE-2011-4313
2
3	Upstream-Status: Backport
4
5	Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
6
7	query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
8	through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
9	through 9.9.0b1 allows remote attackers to cause a denial of service
10	(assertion failure and named exit) via unknown vectors related to recursive DNS
11	queries, error logging, and the caching of an invalid record by the resolver.
12
13	Signed-off-by Ming Liu <ming.liu@windriver.com>
14	---
15	bin/named/query.c \| 19 ++++++++-----------
16	lib/dns/rbtdb.c \| 4 ++--
17	2 files changed, 10 insertions(+), 13 deletions(-)
18
19	--- a/bin/named/query.c
20	+++ b/bin/named/query.c
21	@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
22	goto addname;
23	if (result == DNS_R_NCACHENXRRSET) {
24	dns_rdataset_disassociate(rdataset);
25	- /*
26	- * Negative cache entries don't have sigrdatasets.
27	- */
28	- INSIST(sigrdataset == NULL \|\|
29	- ! dns_rdataset_isassociated(sigrdataset));
30	+ if (sigrdataset != NULL &&
31	+ dns_rdataset_isassociated(sigrdataset))
32	+ dns_rdataset_disassociate(sigrdataset);
33	}
34	if (result == ISC_R_SUCCESS) {
35	mname = NULL;
36	@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
37	goto addname;
38	if (result == DNS_R_NCACHENXRRSET) {
39	dns_rdataset_disassociate(rdataset);
40	- INSIST(sigrdataset == NULL \|\|
41	- ! dns_rdataset_isassociated(sigrdataset));
42	+ if (sigrdataset != NULL &&
43	+ dns_rdataset_isassociated(sigrdataset))
44	+ dns_rdataset_disassociate(sigrdataset);
45	}
46	if (result == ISC_R_SUCCESS) {
47	mname = NULL;
48	@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
49	goto setcache;
50	if (result == DNS_R_NCACHENXRRSET) {
51	dns_rdataset_disassociate(rdataset);
52	- /*
53	- * Negative cache entries don't have sigrdatasets.
54	- */
55	- INSIST(! dns_rdataset_isassociated(sigrdataset));
56	+ if (dns_rdataset_isassociated(sigrdataset))
57	+ dns_rdataset_disassociate(sigrdataset);
58	}
59	if (result == ISC_R_SUCCESS) {
60	/* Remember the result as a cache */
61	--- a/lib/dns/rbtdb.c
62	+++ b/lib/dns/rbtdb.c
63	@@ -5053,7 +5053,7 @@ cache_find(dns_db_t db, dns_name_t nam
64	rdataset);
65	if (need_headerupdate(found, search.now))
66	update = found;
67	- if (foundsig != NULL) {
68	+ if (!NEGATIVE(found) && foundsig != NULL) {
69	bind_rdataset(search.rbtdb, node, foundsig, search.now,
70	sigrdataset);
71	if (need_headerupdate(foundsig, search.now))
72	@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
73	}
74	if (found != NULL) {
75	bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
76	- if (foundsig != NULL)
77	+ if (!NEGATIVE(found) && foundsig != NULL)
78	bind_rdataset(rbtdb, rbtnode, foundsig, now,
79	sigrdataset);
80	}
81	@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
82	}
83	if (found != NULL) {
84	bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
85	- if (foundsig != NULL)
86	+ if (!NEGATIVE(found) && foundsig != NULL)
87	bind_rdataset(rbtdb, rbtnode, foundsig, now,
88	sigrdataset);
89	}


diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch deleted file mode 100644 index c441eab65d..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch +++ /dev/null
@@ -1,92 +0,0 @@
1	bind CVE-2012-1667
2
3	Upstream-Status: Backport
4
5	ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
6	and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
7	records with a zero-length RDATA section, which allows remote DNS servers to
8	cause a denial of service (daemon crash or data corruption) or obtain
9	sensitive information from process memory via a crafted record.
10
11	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
12
13	The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
14
15	Signed-off-by: Li Wang <li.wang@windriver.com>
16	---
17	lib/dns/rdata.c \| 8 ++++----
18	lib/dns/rdataslab.c \| 11 ++++++++---
19	2 files changed, 12 insertions(+), 7 deletions(-)
20
21	diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
22	index 063b1f6..9337a80 100644
23	--- a/lib/dns/rdata.c
24	+++ b/lib/dns/rdata.c
25	@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t rdata1, const dns_rdata_t rdata2) {
26
27	REQUIRE(rdata1 != NULL);
28	REQUIRE(rdata2 != NULL);
29	- REQUIRE(rdata1->data != NULL);
30	- REQUIRE(rdata2->data != NULL);
31	+ REQUIRE(rdata1->length == 0 \|\| rdata1->data != NULL);
32	+ REQUIRE(rdata2->length == 0 \|\| rdata2->data != NULL);
33	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
34	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
35
36	@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t rdata1, const dns_rdata_t rdata2) {
37
38	REQUIRE(rdata1 != NULL);
39	REQUIRE(rdata2 != NULL);
40	- REQUIRE(rdata1->data != NULL);
41	- REQUIRE(rdata2->data != NULL);
42	+ REQUIRE(rdata1->length == 0 \|\| rdata1->data != NULL);
43	+ REQUIRE(rdata2->length == 0 \|\| rdata2->data != NULL);
44	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
45	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
46
47	diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
48	index a41f16f..ed13b30 100644
49	--- a/lib/dns/rdataslab.c
50	+++ b/lib/dns/rdataslab.c
51	@@ -125,6 +125,11 @@ isc_result_t
52	dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
53	isc_region_t *region, unsigned int reservelen)
54	{
55	+ /*
56	+ * Use &removed as a sentinal pointer for duplicate
57	+ * rdata as rdata.data == NULL is valid.
58	+ */
59	+ static unsigned char removed;
60	struct xrdata *x;
61	unsigned char *rawbuf;
62	#if DNS_RDATASET_FIXED
63	@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
64	INSIST(result == ISC_R_SUCCESS);
65	dns_rdata_init(&x[i].rdata);
66	dns_rdataset_current(rdataset, &x[i].rdata);
67	+ INSIST(x[i].rdata.data != &removed);
68	#if DNS_RDATASET_FIXED
69	x[i].order = i;
70	#endif
71	@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
72	*/
73	for (i = 1; i < nalloc; i++) {
74	if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
75	- x[i-1].rdata.data = NULL;
76	- x[i-1].rdata.length = 0;
77	+ x[i-1].rdata.data = &removed;
78	#if DNS_RDATASET_FIXED
79	/*
80	* Preserve the least order so A, B, A -> A, B
81	@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
82	#endif
83
84	for (i = 0; i < nalloc; i++) {
85	- if (x[i].rdata.data == NULL)
86	+ if (x[i].rdata.data == &removed)
87	continue;
88	#if DNS_RDATASET_FIXED
89	offsettable[x[i].order] = rawbuf - offsetbase;
90	--
91	1.7.0.5
92


diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch deleted file mode 100644 index 7ec6deb714..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch +++ /dev/null
@@ -1,41 +0,0 @@
1	bind: fix for CVE-2013-2266
2
3	Upstream-Status: Backport
4
5	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
6	9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
7	remote attackers to cause a denial of service (memory consumption) via a
8	crafted regular expression, as demonstrated by a memory-exhaustion attack
9	against a machine running a named process.
10
11	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
12
13	Signed-off-by Ming Liu <ming.liu@windriver.com>
14	---
15	config.h.in \| 3 ---
16	configure.in \| 2 +-
17	2 files changed, 1 insertion(+), 4 deletions(-)
18
19	--- a/config.h.in
20	+++ b/config.h.in
21	@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
22	/* Define if your OpenSSL version supports GOST. */
23	#undef HAVE_OPENSSL_GOST
24
25	-/* Define to 1 if you have the <regex.h> header file. */
26	-#undef HAVE_REGEX_H
27	-
28	/* Define to 1 if you have the `setegid' function. */
29	#undef HAVE_SETEGID
30
31	--- a/configure.in
32	+++ b/configure.in
33	@@ -279,7 +279,7 @@ esac
34
35	AC_HEADER_STDC
36
37	-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
38	+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
39	[$ac_includes_default
40	#ifdef HAVE_SYS_PARAM_H
41	# include <sys/param.h>


diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch deleted file mode 100644 index 5dd6f69e45..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch +++ /dev/null
@@ -1,141 +0,0 @@
1	bind_Fix_for_CVE-2012-4244
2
3	Upstream-Status: Backport
4
5	Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
6
7	ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
8	and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
9	cause a denial of service (assertion failure and named daemon exit) via
10	a query for a long resource record.
11
12	Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
13
14	diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
15	--- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800
16	+++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800
17	@@ -147,6 +147,17 @@ struct dns_rdata {
18	(((rdata)->flags & ~(DNS_RDATA_UPDATE\|DNS_RDATA_OFFLINE)) == 0)
19
20	/*
21	+ * The maximum length of a RDATA that can be sent on the wire.
22	+ * Max packet size (65535) less header (12), less name (1), type (2),
23	+ * class (2), ttl(4), length (2).
24	+ *
25	+ * None of the defined types that support name compression can exceed
26	+ * this and all new types are to be sent uncompressed.
27	+ */
28	+
29	+#define DNS_RDATA_MAXLENGTH 65512U
30	+
31	+/*
32	* Flags affecting rdata formatting style. Flags 0xFFFF0000
33	* are used by masterfile-level formatting and defined elsewhere.
34	* See additional comments at dns_rdata_tofmttext().
35	diff -urpN a/lib/dns/master.c b/lib/dns/master.c
36	--- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800
37	+++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800
38	@@ -75,7 +75,7 @@
39	/*%
40	* max message size - header - root - type - class - ttl - rdlen
41	*/
42	-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
43	+#define MINTSIZ DNS_RDATA_MAXLENGTH
44	/*%
45	* Size for tokens in the presentation format,
46	* The largest tokens are the base64 blocks in KEY and CERT records,
47	diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
48	--- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800
49	+++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800
50	@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
51	isc_buffer_t st;
52	isc_boolean_t use_default = ISC_FALSE;
53	isc_uint32_t activelength;
54	+ size_t length;
55
56	REQUIRE(dctx != NULL);
57	if (rdata != NULL) {
58	@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
59	}
60
61	/*
62	+ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
63	+ * as we cannot transmit it.
64	+ */
65	+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
66	+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
67	+ result = DNS_R_FORMERR;
68	+
69	+ /*
70	* We should have consumed all of our buffer.
71	*/
72	if (result == ISC_R_SUCCESS && !buffer_empty(source))
73	@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
74
75	if (rdata != NULL && result == ISC_R_SUCCESS) {
76	region.base = isc_buffer_used(&st);
77	- region.length = isc_buffer_usedlength(target) -
78	- isc_buffer_usedlength(&st);
79	+ region.length = length;
80	dns_rdata_fromregion(rdata, rdclass, type, &region);
81	}
82
83	@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
84	unsigned long line;
85	void (callback)(dns_rdatacallbacks_t , const char *, ...);
86	isc_result_t tresult;
87	+ size_t length;
88
89	REQUIRE(origin == NULL \|\| dns_name_isabsolute(origin) == ISC_TRUE);
90	if (rdata != NULL) {
91	@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
92	}
93	} while (1);
94
95	+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
96	+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
97	+ result = ISC_R_NOSPACE;
98	+
99	if (rdata != NULL && result == ISC_R_SUCCESS) {
100	region.base = isc_buffer_used(&st);
101	- region.length = isc_buffer_usedlength(target) -
102	- isc_buffer_usedlength(&st);
103	+ region.length = length;
104	dns_rdata_fromregion(rdata, rdclass, type, &region);
105	}
106	if (result != ISC_R_SUCCESS) {
107	@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
108	isc_buffer_t st;
109	isc_region_t region;
110	isc_boolean_t use_default = ISC_FALSE;
111	+ size_t length;
112
113	REQUIRE(source != NULL);
114	if (rdata != NULL) {
115	@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
116	if (use_default)
117	(void)NULL;
118
119	+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
120	+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
121	+ result = ISC_R_NOSPACE;
122	+
123	if (rdata != NULL && result == ISC_R_SUCCESS) {
124	region.base = isc_buffer_used(&st);
125	- region.length = isc_buffer_usedlength(target) -
126	- isc_buffer_usedlength(&st);
127	+ region.length = length;
128	dns_rdata_fromregion(rdata, rdclass, type, &region);
129	}
130	if (result != ISC_R_SUCCESS)
131	diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
132	--- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800
133	+++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800
134	@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
135	length = x[i].rdata.length;
136	if (rdataset->type == dns_rdatatype_rrsig)
137	length++;
138	+ INSIST(length <= 0xffff);
139	*rawbuf++ = (length & 0xff00) >> 8;
140	*rawbuf++ = (length & 0x00ff);
141	#if DNS_RDATASET_FIXED